Home News Sophisticated State-Actor Behind Sustained Cyberattacks: Australian PM

Sophisticated State-Actor Behind Sustained Cyberattacks: Australian PM

SHARE
Telstra service provider cyberattack,Accellion hack affects Australia, Australia cybersecurity, Australia National Freight Data Hub, ACSC Annual Cyber Threat Report, emotet malware campaign - Australia, Oxfam Australia data breach

Australian Prime Minister Scott Morrison, in an urgent press conference held in Canberra, briefed about sustained cyberattacks carried out by a sophisticated state-sponsored actor. These cyberattacks are not only targeted toward government organizations but also toward known corporate entities in the country.

The Australian government is not making any public attribution in regards of the state-actor involved, but investigations confirm that there are not a very large number of state-based actors that can engage in this type of activity.

What the PM Says…

After a detailed briefing received from the Australian Cyber Security Center (ACSC), Prime Minister Morrison told the media, “Australian organizations are currently being targeted by a sophisticated state-based cyber actor. Organizations across a range of sectors, including all levels of government, industry, political organizations, education, health, central service providers, and operators of other critical infrastructure, are all being targeted.”

When quizzed about China’s involvement in this series of sustained cyberattacks, Morrison quickly retorted, “The Australian government is not making any public attribution on these matters. What I simply can confirm is there are not a very large number of state-based actors that can engage in this type of activity and it is clearly based on the advice that we have received (from ACSC) that this has been done by a state-based actor with very significant capabilities.”

Australian Cyber Security Center Findings

Based on the intensive investigation carried out by the ACSC, an advisory has been released by them for all businesses and organizations in Australia against the ongoing campaign. The Advisory 2020-008  titled “Copy-paste compromises” derives its name from the state actor’s heavy use of proof-of-concept (POC) exploit code, web shells, and other tools copied from the open-source.

A few of the logged vulnerabilities exploited by the state-actor are:

  • Vulnerabilities in the unpatched versions of Telerik UI
  • Deserialization vulnerability in Microsoft Internet Information Services (IIS)
  • A 2019 SharePoint vulnerability
  • The 2019 Citrix vulnerability

Advise Given

Although there are no specifically applicable mitigation measures to these sustained cyberattacks, yet, ACSC suggested these two key steps for reducing the risk of compromise:

  1. Immediately apply the latest updates and patches available to all software, operating systems, and devices connected to the internet.
  2. Employ multi-factor (MFA) authentication for all services accessed remotely (like web and cloud-based email, collaboration platforms, VPN connections, RDP services).