RAT malware used to compromise Bureau of Meteorology network
- 12 October, 2016 10:05
A new report from the government’s Australian Cyber Security Centre (ACSC) has offered details on the compromise of Bureau of Meteorology systems.
In April, Prime Minister Malcolm Turnbull confirmed that a “significant cyber intrusion” took place at the Bureau. The PM’s comments came during the launch of the government’s cyber security strategy.
In December it was reported that Bureau systems had been compromised by a “major cyber attack” originating in China. However, the organisation had refused to confirm whether its systems had been compromised.
In 2015, the Australian Signals Directorate “detected suspicious activity from two computers on the Bureau of Meteorology’s network,” the ACSC’s 2016 Threat Report states.
“On investigation, ASD identified the presence of particular Remote Access Tool (RAT) malware popular with state-sponsored cyber adversaries, amongst other malware associated with cybercrime. The RAT had also been used to compromise other Australian government networks.”
The ASD found evidence that of the intruder “searching for and copying an unknown quantity of documents from the Bureau’s network”.
At least one domain administrator account was compromised and the intruder attempted to access at least six additional systems on the Bureau’s network.
“The presence of password dumping utilities and complete access by the adversary to domain controllers suggested all passwords on the Bureau’s network were already compromised at the time of the investigation,” the report states.
The ACSC report attributes the “primary compromise” to a “foreign intelligence service” but adds: “security controls in place were insufficient to protect the network from more common threats associated with cybercrime”.
“CryptoLocker ransomware found on the network represented the most significant threat to the Bureau’s data retention and continuity of operations,” the report adds.
In February BoM chief Dr Rob Vertessy said his organisation would take advantage of an infrastructure rebuild, centred on its new supercomputer, to boost its security posture.