AUSTRALIA has blamed Russia for a series of cyber attacks that targeted Australian businesses, with the government warning it might not be the last.
A “significant number” of Australian organisations have been affected by the attack, Minister for Law Enforcement and Cyber Security, Angus Taylor, confirmed.
Australia joined the United States and Britain in alleging Russia was the culprit and “expressed concern at the malicious cyber activity”.
“This attempt by Russia is a sharp reminder that Australian businesses and individuals are constantly targeted by malicious state and non-state actors, and we must maintain rigorous cyber security practices,” Mr Taylor said.
It comes after a joint alert on the attacks from the US Department of Homeland Security, Federal Bureau of Investigation and the United Kingdom’s National Cyber Security Centre (NCSC) warning small-office and home-office customers were among the impacted.
“Russian state-sponsored actors are using compromised routers to conduct spoofing ‘man-in-the-middle’ attacks to support espionage, extract intellectual property, maintain persistent access to victim networks, and potentially lay a foundation for future offensive operations,” the joint statement read.
The allies allege Russian “state-sponsored” hackers accessed and infected commercially available routers around the world in a targeted campaign that focused on government agencies, infrastructure and businesses.
“The activity highlighted today is part of a repeated pattern of disruptive and harmful malicious cyber action carried out by the Russian government,” Howard Marshall, FBI Deputy Assistant Director alleged.
“We do not make this attribution lightly and will hold steadfast with our partners.”
Government and private-sector organisations, critical infrastructure providers, and the internet service providers (ISPs) supporting these sectors were the primary targets.
“Commercially available routers were used as a point of entry, demonstrating that every connected device is vulnerable to malicious activity,” Mr Taylor said.
The Australian Cyber Security Centre said it has engaged relevant Australian organisations, including through their internet service providers, to provide mitigation advice for those affected.
Despite the fact there was no indication Australian information has been successfully compromised, Mr Taylor warned it didn’t mean Australians weren’t vulnerable.
“These cyber exploits are directed at network infrastructure devices worldwide such as routers, switches, firewalls, and the Network Intrusion Detection System (NIDS),” he said.
“Network device vendors, ISPs, public sector organisations, private sector corporations and small-office/home-office customers should read the alert (TA18-106A) and act on the recommended mitigation strategies.”
The alert said the “cyber actors” used weaknesses to identify vulnerable devices, extract device configurations, map internal network architectures, harvest login credentials and masquerade as privileged users.
“A malicious actor with presence on an organisation’s internal routing and switching infrastructure can monitor, modify, and deny traffic to and from key hosts inside the network and leverage trust relationships to conduct lateral movement to other hosts,” the alert said.
Ciaran Martin, CEO of the National Cyber Security Centre, said the allied announcement was a first in tackling Russian espionage, and won’t be the last.
“This is the first time that in attributing a cyber attack to Russia the US and the UK have, at the same time, issued joint advice to industry about how to manage the risks from the attack,” he said. “It marks an important step in our fight back against state-sponsored aggression in cyberspace.
— Should any evidence of this activity be identified, organisations are urged to report the incident via the ACSC website.