Australia’s cyber security minister Dan Tehan will today reveal details of an attack on an Australian company that has contracting links to national security projects.
In November last year, the Australian Cyber Security Centre became that “a malicious cyber actor” had compromised the network of the company, the minister assisting the prime minister for cyber security said in remarks prepared for a National Press Club address later today.
Analysis by the ACSC confirmed that the attacker successfully obtained “sustained access to the network for an extended period of time and had stolen a significant amount of data”.
“The adversary remained active on the network at the time of the ACSC investigation,” Tehan said in remarks prepared for his NPC address, which he will use to launch the ACSC’s 2017 Threat Report.
“Analysis showed that the malicious actor gained access to the victim’s network by exploiting an Internet or public-facing server, which they accessed using administrative credentials,” Tehan said.
“Once in the door, the adversary was able to establish access to other private servers on the network.”
The minister that the ACSC worked with the company to remediate the compromise and prevent similar attacks in the future.
A report in The Australian states that the attacker is believed to be based in China.
A China-based actor was previously blamed for a “significant cyber intrusion” of the Bureau of Meteorology in 2015. Although he steered clear of attribution for the attack, Prime Minister Malcolm Turnbull detailed the attack last year at the launch of the government’s National Cyber Security Strategy.
Earlier this year the ACSC issued a warning to Australian enterprises that they may be exposed to security threats through their relationships with managed service providers.
The centre warned of a “sustained malicious cyber campaign targeting major international Managed Service Providers” being waged by the group dubbed APT10 (also known as CVNX, Red Apollo, Stone Panda, menuPass Team, and POTASSIUM).
“The espionage campaign has targeted managed IT service providers (MSPs), allowing the APT10 group unprecedented potential access to the intellectual property and sensitive data of those MSPs and their clients globally,” PwC research on the group stated.
APT10’s known working hours align to Chinese Standard Time (CST) and its targeting corresponds to that of other known China-based threat actors, according to a report released by the report released by PwC and BAE Systems.