- UK and US release technical alert warning of attacks since 2015.
- ‘Russian government-sponsored actors’ accessing passwords, information through routers.
- Australian government claims ‘no indication’ sensitive data was captured.
The Australian government has confirmed a series of cyberattacks on Australian organisations revealed in August last year were carried out by Russian state-sponsored hackers.
Law enforcement and cyber security minister Angus Taylor said a “significant” number of organisations were targeted in the wide-ranging attack reported by the Australian Cyber Security Centre (ACSC).
At the time, the ACSC reported that “cyber adversaries are extracting configuration files from the routers and switches of a number of Australian organisations”.
Commercially available routers were used as a point of entry, the ACSC said:
“Extracted configuration files may contain sensitive information, such as device administrative credentials, and could be used to compromise the router/switch and enable targeting of other devices on the network.
“Access to the device may facilitate malicious cyber adversaries gaining access to the information that flows through the device.”
On Monday, the US Department of Homeland Security, the FBI and the UK’s National Cyber Security Center jointly issued a technical alert.
Officials warned that “Russian government-sponsored actors” were using the devices to “extract passwords, intellectual property, and other sensitive information and to lay the groundwork for potential intrusions in the future”.
The technical alert said the US government had been receiving information that the cyber actors had been exploiting switches — named by the ACSC as “switches with Cisco Smart Install accessible from the internet, and routers or switches with Simple Network Management Protocol (SNMP) enabled and exposed to the internet” — since 2015.
Just two months after the ACSC discovered the breach, its 2017 Threat Report revealed a hacker named “Alf” had stolen 30GB of sensitive data about military planes and ships, including commercially sensitive data on the F-35 Joint Strike Fighter.
Taylor said while the devices could have been used to access sensitive data, there was “no indication” Australian information had been compromised.
“This attempt by Russia is a sharp reminder that Australian businesses and individuals are constantly targeted by malicious state and non-state actors, and we must maintain rigorous cyber security practices,” Taylor said.