Australian Parliament Hacked

Uploaded on 2019-11-29 in TECHNOLOGY--Hackers, GOVERNMENT-National, FREE TO VIEW

Australian government authorities say that a simple click of a mouse was all it took to penetrate  in what should have been  one of the country's most secure IT systems at the Federal Parliament in Canberra which took place in January this year.. 

The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) is continuing to respond to the widespread malware campaign known as Emotet while also responding to reports that hackers are exploiting the BlueKeep vulnerability to mine cryptocurrency.

Cyber security experts say it took more than a week in January to eject the state-sponsored attacker from the Australian Parliament’s computing network after it was compromised by malware. In answers to questions on notice to budget estimates hearings, Senate President Scott Ryan said the malware infection occurred when a small number of the network’s 4000 users visited an unnamed website that itself had been compromised.

“A small number of users visited a website that was outside of parliamentary management and that website had been compromised causing malware to be injected into the parliamentary computing network,” he said. Ryan said the cyberattack took a total of nine days before the infiltration was stamped out after it was first discovered on 31 January.

Previous Cyber Attacks

In February 2010 there were a series of denial of service attacks conducted by the Anonymous online community against the Australian government in response to proposed web censorship regulations. Operation Titstorm was the name given to the cyberattacks by the perpetrators.

They resulted in lapses of access to government websites. This was accompanied by emails, faxes, and phone calls harassing government offices. The actual size of the attack and number of perpetrators involved is unknown but it was estimated that the number of systems involved ranged from the hundreds to the thousands. The amount of traffic caused disruption on multiple government websites.

Current Attack

While it was previously said only a small amount of data had been taken by the attacker new details on the type of data taken has now been disclosed. “The small amount of non-sensitive data refers to DPS corporate data and data related to a small number of parliamentarians..... I will not address matters related to members of the House of Representatives; they should be addressed to the Speaker,” Ryan said. Any impact on the email accounts of parliamentarians either had or would be discussed with those parliamentarians directly" he added.

The new information is likely to be the some of the only details released about the attack, with the federal government unlikely to release a report. This is at odds with other organisations like the Australian National University, which was credited for its openness regarding its recent cyber hacks. 

A state-sponsored actor is still widely believed to have been responsible for the attack, which was also later found to have hacked into the different National Parties networks/websites. 

Reuters reported in September that multiple sources claim that the attack came from China. Ryan also confirmed recently that there was no evidence of “insider involvement or assistance in the compromise”.

ITN News      ABC:     Gov,au        Wikipedia:  

You Might Also Read:

Cyber Security Experts Needed in Australia:

Parliament Wants A New Cyber Security Director:


 

 

« Tracking 5G Protocol Flaws
Internet of Things: Cyber Security Threats In 2020 »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Exatel

Exatel

Exatel is Poland’s leading provider of ICT security services.

Myra Security

Myra Security

The fully automated Myra DDoS Protection reliably protects web applications, websites, DNS servers, and IT infrastructures.

Araxxe

Araxxe

Araxxe delivers Revenue Assurance, End-to-End Billing Verification and Interconnect Fraud Detection solutions to communication companies worldwide.

PSYND

PSYND

PSYND is a Swiss consultancy company based in Geneva specialized in CyberSecurity and Identity & Access Management.

Incopro

Incopro

Incopro is an online IP and brand protection software provider that arms brand owners with actionable intelligence to combat online and offline intellectual property and copyright infringements.

Deepwatch

Deepwatch

deepwatch’s cloud SecOps platform and relentless customer focus are redefining the managed security services industry.

Qmulos

Qmulos

Qmulos’ real-time continuous monitoring risk management suite, Q-Compliance, provides a massively flexible and scalable solution to optimizing operational security.

Network Intelligence

Network Intelligence

Network Intelligence are a global cybersecurity provider offering services across 6 broad spectrums - Assessment, BCMS, GRC, Professional Services, MSSP & Training.

Cyber Dacians

Cyber Dacians

Cyber Dacians offers Information and Cyber Security Consulting Services. We help you to test the effectiveness of your security defenses and build a secure infrastructure.

Kiberna

Kiberna

Kiberna are a small but niche company specialising in data driven security to manage your cyber risks.

NGN International

NGN International

NGN International is a full-fledged systems integrator and managed security services provider established in 2015 in Bahrain.

CERT.JE

CERT.JE

CERT.JE is responsible for promoting and improving the cyber resilience across the critical national infrastructure, business communities and citizens in Jersey.

Wadilona Cyber Securities

Wadilona Cyber Securities

Wadilona Cyber Securities' sole aim is to bring and secure Information and Communications Technology (ICT) to and work for humans in its simplest terms.

Skyhawk Security

Skyhawk Security

Skyhawk Security is the originator of Cloud threat Detection and Response (CDR), helping hundreds of users map and remediate sophisticated threats to cloud infrastructure in minutes.

Positiwise Software Pvt Ltd

Positiwise Software Pvt Ltd

Positiwise Software offers end-to-end software development solutions to accelerate the digital growth of businesses.

L&T Technology Services (LTTS)

L&T Technology Services (LTTS)

L&T Technology Services Limited (LTTS) is a global leader in Engineering and R&D (ER&D) services.