Australian Parliament Hacked

Australian government authorities say that a simple click of a mouse was all it took to penetrate  in what should have been  one of the country's most secure IT systems at the Federal Parliament in Canberra which took place in January this year.. 

The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) is continuing to respond to the widespread malware campaign known as Emotet while also responding to reports that hackers are exploiting the BlueKeep vulnerability to mine cryptocurrency.

Cyber security experts say it took more than a week in January to eject the state-sponsored attacker from the Australian Parliament’s computing network after it was compromised by malware. In answers to questions on notice to budget estimates hearings, Senate President Scott Ryan said the malware infection occurred when a small number of the network’s 4000 users visited an unnamed website that itself had been compromised.

“A small number of users visited a website that was outside of parliamentary management and that website had been compromised causing malware to be injected into the parliamentary computing network,” he said. Ryan said the cyberattack took a total of nine days before the infiltration was stamped out after it was first discovered on 31 January.

Previous Cyber Attacks

In February 2010 there were a series of denial of service attacks conducted by the Anonymous online community against the Australian government in response to proposed web censorship regulations. Operation Titstorm was the name given to the cyberattacks by the perpetrators.

They resulted in lapses of access to government websites. This was accompanied by emails, faxes, and phone calls harassing government offices. The actual size of the attack and number of perpetrators involved is unknown but it was estimated that the number of systems involved ranged from the hundreds to the thousands. The amount of traffic caused disruption on multiple government websites.

Current Attack

While it was previously said only a small amount of data had been taken by the attacker new details on the type of data taken has now been disclosed. “The small amount of non-sensitive data refers to DPS corporate data and data related to a small number of parliamentarians..... I will not address matters related to members of the House of Representatives; they should be addressed to the Speaker,” Ryan said. Any impact on the email accounts of parliamentarians either had or would be discussed with those parliamentarians directly" he added.

The new information is likely to be the some of the only details released about the attack, with the federal government unlikely to release a report. This is at odds with other organisations like the Australian National University, which was credited for its openness regarding its recent cyber hacks. 

A state-sponsored actor is still widely believed to have been responsible for the attack, which was also later found to have hacked into the different National Parties networks/websites. 

Reuters reported in September that multiple sources claim that the attack came from China. Ryan also confirmed recently that there was no evidence of “insider involvement or assistance in the compromise”.

ITN News      ABC:     Gov,au        Wikipedia:  

You Might Also Read:

Cyber Security Experts Needed in Australia:

Parliament Wants A New Cyber Security Director:


 

 

« Tracking 5G Protocol Flaws
Internet of Things: Cyber Security Threats In 2020 »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Infosecurity Europe

Infosecurity Europe

Infosecurity Europe is Europe’s number one information security conference and exhibition.

JumpCloud

JumpCloud

JumpCloud's Directory-as-a-Service (DaaS) is the single point of authority to authenticate, authorize, and manage the identities of a business’s employees and the systems and IT resources they need.

ACI Solutions

ACI Solutions

ACI Solutions is a managed IT services and network security provider working with diverse global commercial, government and public sector clients.

Careers in Cyber Security (CiCS)

Careers in Cyber Security (CiCS)

CareersinCyberSecurity is a leading global job board and career resource for Cyber Security, IT Audit, Technology Risk and Data Protection professionals.

Phew

Phew

Phew are New Zealand cyber security specialists with expertise and experience forged in global financial markets, IT&T, management consulting and SME business management.

Cansure

Cansure

Cansure is a leading insurance provider in Canada offering a broad range of property & casualty insurance solutions including Cyber & Data Breach insurance.

Clari5

Clari5

Clari5 redefines real-time, cross channel banking Enterprise Fraud Management using a central nervous system approach to fight financial crime.

Intraprise Health

Intraprise Health

Intraprise Health is a Certified HITRUST Assessor and award-winning provider of health information security products and services.

Griffeshield

Griffeshield

Griffeshield is a company specialised in new information technologies used to protect Intellectual Property.

Trustify

Trustify

Trustify is a Managed Security Service Provider offering a suite of world-class Cyber Risk Management services.

Systems Assessment Bureau (SAB)

Systems Assessment Bureau (SAB)

Systems Assessment Bureau is an internationally recognized ISO Certification Body with a unique vision of “Excel together with global standards”.

Reliance Cyber

Reliance Cyber

Reliance Cyber (formerly Reliance ACSN) help to monitor and manage your organisation’s security infrastructure 24/7, so you can make sure all threats and issues are dealt with.

Netstar

Netstar

Netstar is an IT Support company based in Central London providing fully managed IT Support, Cyber Security and Technology Consulting services.

ClearHub

ClearHub

The aim of ClearHub is simple: to give businesses like yours access to the best talent, all screened and technically tested by Clearvision’s expert team.

Responsive Technology Partners

Responsive Technology Partners

Responsive Technology Partners provides superior IT support services including cybersecurity and compliance, telephony, cloud services, cabling, access control, and camera systems.

M7 Services

M7 Services

M7 Services are a comprehensive Managed Services Provider (MSP) with a focus on delivering cutting-edge information technology solutions and unparalleled customer service.