It has been announced that the Australian Government is responding to a sustained targeting of the Australian public and private sector by a sophisticated state-based actor. The Australian Cyber Security Centre (ACSC) has issued a warning to Australian organisations, to both be aware of this threat and take immediate steps to enhance the resilience of their networks.
We set out below a summary of the notice and what organisations need to do in response to this government issued public warning. Given the highly public nature of this warning (coming from the Prime Minister's Office and Minister for Defence) we recommend that all organisations pass this warning to their IT team or managed service provider for actioning.
The Australian Government has explained that it is currently aware of, and responding to, a sustained targeting of Australian governments and companies by a sophisticated state-based actor.
The ACSC's investigations have labelled this cyber campaign as "copy-paste compromises". The threat actor is understood to be utilising tools copied from open source, to leverage a number of initial access vectors.
The threat actor has been observed to be targeting public-facing infrastructure, particularly through vulnerabilities in unpatched versions of Telerik UI, Microsoft Internet Information Services, 2019 SharePoint and 2019 Citrix.
There is also evidence that the threat actor is utilising 'spearphishing' techniques, including:
Consistent with its mission of supporting the private sector enhance its resilience against cyber risk, the ACSC has provided the community with a list of indicators of compromise detailing the tactics, techniques and procedures identified. This is so that steps can be taken to prevent against identified cyber risk, which we set out below.
We also recommend that any active cyber incident investigations have regard to this public issued warning to identify whether activity can be linked to this notice, and ensure appropriate action is taken. This may include contacting the ACSC for further assistance, through the online reporting portal: https://www.cyber.gov.au/report.
The ACSC has recommended the following two key risk mitigation steps which organisations should implement now to reduce the risk of compromise:
Beyond this, the ACSC strongly recommends:
More information is available here:
Clyde & Co has the largest dedicated and rapidly expanding cyber incident response practice in Australia and New Zealand. Our experienced team have dealt with over 700 data breach and technology related disputes in recent times, including a number of the largest and most complex incidents in Asia Pacific to date.
From pre-incident readiness, breach response, through to defence of regulatory investigations and proceedings, as well as recovery actions against wrongdoers, we assist clients in Asia Pacific across the full cyber lifecycle. Our team is also highly regarded for their expertise and experience in managing all forms of disputes across sectors including advising on some of the most newsworthy class actions commenced in Australia.
Our 24 hour cyber incident response hotline or email allows you to access our team directly around the clock. For more information, contact us on:
Thanks to Emily Wood for her contributions to this article.