Latest State-Based Cyber-Attack on Australian Organisations

James Dance  |  Paralegal Intern at WiseLaw

19 June 2020

In the 21st century, cyber-attacks are part and parcel of life. However, Australian private and public sectors have today been subject to another cyber-attack, the latest in a string of attacks that have become increasingly frequent over the course of the last few months. Given the scale and sophistication of the attack, it is most likely coordinated by a state actor.

The latest cyber-attack has not resulted in access to citizens’ data as was the case in the May phishing attack on Service NSW. However, Prime Minister Scott Morrison has indicated that this attack is being treated as “malicious”.   

The purpose of the Government’s announcement is to “raise awareness of this important issue,” Morrison said. In other words, the frequency and severity of state-based cyber-attacks on the various levels of government and business in Australia are expected only to rise. Whether the attacks are politically motivated is inconsequential to many businesses as it does not alter the fact that the attacks are occurring.   

In response, the Australian Cyber Security Centre (ACSC) has released an advisory based on its investigation of the attack. The attack has been deemed a ‘copy-paste compromise’ because the tools used are copied from open source software. According to the ACSC, this has involved use of proof-of-concept exploit code and web shells. The former is performed merely for the purpose of proving that it can be done, the latter is a piece of code that is used to gain remote access, control and administration of servers. 

The ACSC indicates that the actor has demonstrated an ability to “quickly leverage public exploit proof-of-concepts to target networks of interest and regularly conducts reconnaissance of target networks looking for vulnerable services.” 

The actor, in the event of the exploitation of public-facing infrastructure failing, resorted to spear phishing methods. This involves sending emails to specific individuals within an organisation whilst impersonating a trusted sender. The ACSC identified the particular forms this took in the case of the attack in question: links to credential harvesting websites, emails containing links to malicious files and links encouraging users to grant Office 365 OAuth tokens. 

According to the advisory, detection and mitigation are the best defences against such an attack. The exploits utilised by the actor in this attack were publicly known and had patches available. That is, the providers of the internet-facing software, operating systems and devices were aware of these security vulnerabilities and had consequently issues patches to their users in the form of (downloadable) updates. To ensure adequate mitigation, users must ensure to regularly update their software, operating systems and devices to ensure the latest patches (bug fixes) are in place. 

"The exploits utilised by the actor in this attack were publicly known and had patches available."

As well as continually updating software, operating systems and devices, the ACSC also recommends the implementation of multi-factor authentication for all remote access services. This includes web and cloud-based email, collaboration platforms, virtual private network connections and remote desktop services.

To ensure your business is doing everything it can to effectively mitigate and defend against such an attack, WiseLaw provides in-depth and holistic cyber audits. This is particularly important given the interconnectedness of organisations; another organisation’s vulnerability may also have an impact on yours. 

James Dance is studying a Bachelor of Laws/Bachelor of Arts at Deakin University. In addition to interning at WiseLaw, he is an Army Reservist and is a Communications Officer with the Deakin Law Students' Society.



Subscribe to WISE Insights to stay up to date


6/8 Bromham Place
Richmond VIC 3121

ABN 262 5717 4774

Liability limited by a scheme approved under the Professional Standards Legislation

Created with Mobirise - Click here