Prime Minister Scott Morrison called an urgent press conference on Friday morning and said that Australia is currently facing large scale cyber-attacks by sophisticated state-based cyber actor across all levels of government and the private sector as well.
Morrison stated that the threat is targeting all Australian organizations ranging from all levels of government, industry, political organizations, education, health, central service providers, and operators of other critical infrastructure.
The government knows it is a sophisticated state-based cyber actor due to the scale and nature of the targeting and the trade-craft used.
He refused to attribute the attacks and is unknown at the moment as who exactly is targeted, or what that targeting looks like.
When asked about which nation was suspected behind the attack, Morrison said that the threshold for public attribution on a technical level is extremely high and that Australia doesn’t engage lightly in public attributions.
He could simply confirm that as there are not a large number of state-based actors that can engage in this type of activity, the evidence says that it has been done by a state-based actor with very significant capabilities.
The Australian Cyber Security Centre (ACSC) has been actively working with the private sector to prevent this activity. The ACSC has also been working with targeted organizations to make sure that they have the necessary technical mitigation in place and their defenses are appropriately raised.
Morrison said that his announcement is just to make the public aware of the issue. He also assured that so far there hasn’t been any large-scale breaches that has led to the compromise of personal details of any person.
Defense Minister Linda Reynolds stated that malicious cyber activity is increasing in frequency, scale, sophistication and in its impact. She urged all Australian organizations to take the following three steps to protect themselves.
Firstly, patch your internet-facing devices promptly and make sure that any web or email servers are fully updated with the latest software.
Secondly, make sure to use multi-factor authentication to secure your internet access, infrastructure and also your cloud-based platforms.
Thirdly, it’s important to become an ACSC partner to ensure you get the latest cyber threat advice to protect your organization online.
Later, ACSC released an advisory detailing the copy-paste compromises. The title ‘Copy-paste compromises’ is derived from the actor’s heavy use of proof-of-concept exploit code, web shells and other tools copied almost identically from open source.