A major, sophisticated, state-based cyber attack has targeted key Australian organisations across industry, government and essential services.
Prime Minister Scott Morrison refused to say who was behind the attack on Friday morning but said there are few countries capable of such sophisticated activity.
“Based on advice provided to me by our cyber experts, Australian organisations are currently being targeted by a sophisticated state-based cyber actor,” Mr Morrison said.
“This act is targeting Australian organisations across a range of sectors including all levels of government, industry, political organisations, education, health, essential service providers and operators of other critical infrastructure.”
“We know it is a sophisticated state-based cyber actor because of the scale and nature of the targeting and the trade-craft used,” he added.
“This activity is not new. Frequency has been increasing.”
The Australian Signals Directorate said it was aware of the “sustained targeting of Australian governments and companies by a sophisticated state-based actor.”
“The actor has been identified leveraging a number of initial access vectors, with the most prevalent being the exploitation of public-facing infrastructure,” the intelligence organisation said.
It said links to fake websites designed to steal users’ details, links to malicious files, use of email tracking services to identify when users were opening emails were being used by the sophisticated actor.
The Australian Cyber Security Centre was working with the organisations subject to the malicious cyber attack.
Opposition Leader Anthony Albanese was offered a security briefing last night, as were the premiers and chief ministers.
Federal Parliament revealed in February last year that malware had made its way into the parliamentary computer network via several politicians’ computers.
Sources last year said Chinese spies were the prime suspects in the unprecedented hack that may have exposed information about voters and private data of MPs ahead of the federal election.
Defence Minister Linda Reynolds urged the private sector to patch internet-facing devices immediately and use multi-factor authentication to improve security.
Mr Morrison said the recent cyber attacks on Australia-based beverage giant Lion were not related to the malicious activity announced this morning.
Sydney Morning Herald