- Prime Minister Scott Morrison has held a snap media conference to brief the nation on a large-scale cyber attack on the country.
- The sophisticated attack targeted the business sector as well as the government, including critical health infrastructure.
- While Morrison declined to name the country behind it, the ABC has reported that government sources believe it was China, amid rising tensions with the superpower.
- Visit Business Insider Australia’s homepage for more stories.
The Prime Minister has revealed that Australia has been the target of a large-scale cyber attack.
Briefing media on Friday morning, Scott Morrison said attacks had comprehensive in scope, aimed at the government, education, health, and business sectors.
“We know it is a sophisticated state-based cyber actor because of the scale and nature of the targeting and the tradecraft used.” Mr Morrison told reporters at an impromptu media conference held at Parliament House.
Morrison said cyberattacks on Australia had been increasing over recent months. While he did not name the country behind the attack, given rising political tensions, China was immediately at the fore of speculation.
“What I can confirm, with confidence, based on the advice, the technical advice that we have received, is that this is the action of a state-based actor with significant capabilities,” he said. “There aren’t too many state-based actors who have those capabilities.”
After the press conference concluded, ABC reported that government officials believe the state actor behind the attack was China. Business Insider Australia, however, has not been able to confirm this independently.
JUST IN: Federal government agencies believe that China is the nation behind ongoing cyber attacks on Australian institutions in recent months via @abcnews #cybersecurity #CyberAttack #auspol #coronavirus
— David Taylor (@DaveTaylorNews) June 19, 2020
The “malicious cyber activity” appears to have been aimed at critical health infrastructure, as well as other government services and the business community.
Appearing alongside Morrison, Defence Minister Linda Reynolds said businesses were being briefed and instructed to upgrade their security measures, add multi-factor authentication, patch their online systems and request government assistance if required.
Underlining the seriousness of the situation, Morrison revealed he had spoken with British Prime Minister Boris Johnson about the attack. The government has also briefed the federal opposition on the matter.
The Australian Cyber Security Centre (ACSC) has published more details on exactly how the attack worked. It revealed that the actor tried to “leverage public exploit proof-of-concepts” to target government infrastructure and when that method failed, turned to spearphishing, using emails to target victims.
According to the ACSC, this included links to credential harvesting websites, emails with links to malicious files, or with the malicious file directly attached, links prompting users to grant Office 365 OAuth tokens to the actor, use of email tracking services to identify the email opening and lure click-through events.
Curiously, while the attackers were trying to gain access, it’s not clear what they intended to do once they had it.
“During its investigations, the ACSC identified no intent by the actor to carry out any disruptive or destructive activities within victim environments,” the ACSC said in a statement.
More to come.