Australia is on red alert. Prime Minister Scott Morrison has confirmed that the country is currently the target of a campaign of virulent cyber attacks carried out by a “state actor” and targeting all levels of government, as well as the private sector.
“According to the advice given to me by our cyber attack experts, Australian organizations are currently the target of a sophisticated state cyber actor,” explains the director, before becoming more specific. “This activity targets Australian organizations across a range of sectors, including all levels of government, industry, political organizations, education, health, central service providers and operators of other critical infrastructure . “
For Australia, the responsibility for this cyberattack campaign is attributable to an actor linked to a foreign state, “because of the scale and nature of the targeting and the techniques used”. However, the Australian Prime Minister could not say who is exactly targeted, or what this targeting looks like, and refused to attribute the attacks, preferring to adopt a more cautious stance.
“Australia does not lightly engage in public attributions, and when and if we choose to do so, it is always in the context of what we believe is best suited to serve our strategic national interest “, did he declare.
All eyes are on Beijing
“What I can simply confirm is that there are not a large number of state actors who can engage in this type of activity and it is clear from the opinions that we have received, that it was done by a state actor endowed with very important capacities “, he indicated however, while many doubts point out China as suspect number one of this campaign of cyberattacks.
“We are convinced that these actions are the act of a state actor, we have not gone further than that, I cannot control the speculations that others could make … I simply stated the facts as we know them, “said Scott Morrison simply when questions concerning Beijing were addressed to him.
“We are raising this issue today, not to develop concerns in the minds of the public, but to raise awareness,” said the Australian Prime Minister, for whom this announcement mainly aims to raise awareness of the war that is played in the cyber space. “We know what’s going on, we’re on the job,” he added before closing the press conference.
Following this press conference, the Australian Cybersecurity Center (ACSC) published a notice giving details of this so-called “copy and paste” attack. “Compromised Copy-paste” is derived from “the assailant’s intensive use of proof of concept exploitation code, web shells and other tools copied almost identically from open source Says the CCAA.
“The attacker was identified using a number of initial access vectors, the most common being the exploitation of public infrastructure – primarily through the use of the remote code execution vulnerability in versions unpatched from the Telerik user interface, ”explains the agency.
“Other vulnerabilities of the public infrastructure exploited by the actor include the exploitation of a deserialization vulnerability in Microsoft Internet Information Services (IIS), a vulnerability of SharePoint in 2019 and the vulnerability of Citrix of 2019 “
An unknown mobile
The motive for this attack is still unknown at this point. The CCAA explained that it saw no intention on the part of the attackers to “carry out disruptive or destructive activities in the environments of the victims.” All the exploits used by the actor during this campaign were known to the public and had correctives or mitigations “, specifies the agency.
As a reminder, the Australian Parliament is known to have suffered two serious cybersecurity incidents in the past decade. In 2011, hackers hacked into the email accounts of the Prime Minister at the time, Julia Gillard, and at least two other high-ranking ministers. These hackers, who were already suspected of belonging to the Chinese military, had had access to thousands of emails for a month.
In February 2019, a seemingly more complete hack into the Australian Parliament network – as well as political party networks – was also revealed. According to Scott Morrison, he was again a “sophisticated state actor”, when all suspicion was once again turned to China. The attack forced a password reset for all users of the Australian Parliament network, including politicians and all their employees.