Sensitive documents were stolen from the Australian government by foreign spies using malware to hack systems and cover their digital tracks.
The security breaches were discovered during an investigation into the digital break-in of the Bureau of Meteorology’s computer system last year.
The Australian Signals Directorate (ADS), an intelligence agency with the defence department, detected suspicious activity from two computers on the bureau’s network.
“On investigation, ASD identified the presence of particular Remote Access Tool (RAT) malware popular with state-sponsored cyber adversaries, amongst other malware associated with cybercrime,” says the Australian Cyber Security Centre in its 2016 Threat Report.
“The RAT had also been used to compromise other Australian government networks.”
The Australian Cyber Security Centre attributed the hacking to a foreign intelligence service.
The bureau, with one of Australia’s largest supercomputers, holds significant national intellectual property and provides high level information to many government agencies.
It is understood that the Defence Department is one of those agencies with direct links to the bureau.
The hackers left a trail which showed they had been searching for and copying documents from the bureau’s network. It’s not known how many files were copied.
Evidence was found suggesting the use of network scanning and time stamp modification tools used to analyse the network and help to hide the hacking activity.
“CryptoLocker ransomware found on the network represented the most significant threat to the bureau’s data retention and continuity of operations,” says the Australian Cyber Security Centre.
No-one -has been blamed for the attack but last year China was reported by the ABC to be behind for the cyber attack which could take years and cost hundreds of millions of dollars to fix.
The Australian Cyber Security Centre is working with the Bureau of Meteorology to mitigate future compromise.
The centre says Australian government networks are regularly targeted.
In the six months to June this year, the Australian Signals Directorate responded to 1095 cyber security incidents on government systems.
The centre says the number of incidents requiring an operational response has decreased with a rise in cyber security awareness with government agencies improving their ability to respond to their own low level security incidents.
“While foreign states represent the greatest level of threat, cyber criminals pose a threat to government-held information and provision of services through both targeted and inadvertent compromises of government networks with ransomware,” the centre says.
It says hacktivists will continue to use low sophistication cyber capabilities, including website defacement, the hack and release of personal or embarrassing information, DDoS (denial of servcie) activities and the hijacking of social media accounts, to generate attention and support for their cause.
“As such, issue motivated groups pose only a limited threat to government networks, with
possible effects including availability issues and embarrassment.
“However, some hacktivists intend to cause more serious disruption and may be able to exploit poor security to have a greater impact.”
Business Insider Emails & Alerts
Site highlights each day to your inbox.