Unknown individuals stole sensitive information pertaining to Australia’s defense programs by hacking a government contractor.
News first broke of the hack on 11 October when the Australian Cyber Security Centre (ACSC) published its 2017 Threat Report. The report doesn’t provide many details on what happened. It lists the event as a case study under the title “Compromise of an Australian company with national security links.”
Here’s what it says:
“In November 2016, the ACSC became aware that a malicious cyber adversary had successfully compromised the network of a small Australian company with contracting links to national security projects. ACSC analysis confirmed that the adversary had sustained access to the network for an extended period of time and had stolen a signifi cant amount of data. The adversary remained active on the network at the time.
“Analysis showed that the adversary gained access to the victim network by exploiting an internet-facing server, then using administrative credentials to move laterally within the network, where they were able to install multiple webshells – a script that can be uploaded to a webserver to enable remote administration of the machine – throughout the network to gain and maintain further access.”
Additional details followed on Wednesday when Mitchell Clarke, the Australian Signals Directorate (ASD) incident response manager, told a conference in Sydney that the incident involved a government contractor. As part of the attack, hackers made off with 30 gigabytes of sensitive data pertaining to the Joint Strike Fighter warplane, the P-8 Poseidon surveillance plane, and other Australian defense programs.
Defence Industry Minister Christopher Pyne says he has no idea who perpetrated the breach. As quoted by BBC News:
“It could be one of a number of different actors. It could be a state actor, [or] a non-state actor. It could be someone who was working for another company.”
The ASD didn’t learn about the incident until November 2016 when a partner agency notified it, reports Bleeping Computer.
It’s currently not clear what exactly happened in the breach. ZDNet reports that Alf gained access by exploiting a 12-month-old vulnerability in the company’s IT helpdesk. They then could have moved laterally to other parts of the company’s network by brute forcing the weak passwords found to be protecting other systems.
At the time of the incident, the defense contractor had hired just one IT staffer to secure its network.
For companies hoping to secure lucrative government contracts out there, they had better review their security defenses and make sure they’re staying on top of all known software vulnerabilities. Failure to do so could at best lose them valuable business and at worst land them in hot water with the federal government.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.