Australia is suffering from a rash of data breaches lately. This latest wave of cyber attacks started in July when hackers gained access to the central database at Deacon University in July 2022, and the University of Western Australia in August 2022, These two very similar attacks exposed the private information of thousands of students but the perpetrators did not lock up any systems or destroy anything. They seem to be stealing private data with the intention of selling it on the dark web. The hackers, assuming it’s the same group, also breached eight different arts and dance companies in Western Australia in July 2022. Again, they tried to sell the data back to their targets while shopping it around on the dark web.
The same holds true for a massive data breach against the Telecommunications company Optus in September 2022. Optus isn’t sharing any information about the attack but researches believe that one to two million customers are affected. This data includes addresses, emails, birthdates, and for some victims passport and drivers licenses numbers. The Sydney Morning Herald reports that this may be the largest cyber attack in Australian history. This devastating attack occurred five days before Optus planned to host a major party at Art Gallery of New South Wales to celebrate their success. They canceled the event. Optus is Australia’s second largest telecommunications company and is a subsidiary of the Singaporean based SingTel conglomerate. Two weeks later, hackers performed a similar attack against another SingTel subsidiary named Dialog.
Medibank suffered a similar fate in September 2022. Hackers exfiltrated two hundred gigabytes of private data hacker is threatening to sell or release this data unless the company pays a ransom. The Guardian reports that hackers stole credentials from a high level user and sold it on a Russian language cyber crime forum. Hackers used these credentials and created two backdoors for later access.
Hackers penetrated networks associated with the online wine retailer Vinomofo, Woolsworth’s online retail subsidiary My Deal, and Strata Management company SSKB in October 2022. Hackers also stole sensitive information from an Australian Defence Force communication platform called ForceNet. The Minister for Veteran’s Affairs assured reporters that there is no cause for alarm and compared ForceNet to a military social media network. This means that the data may not be classified but could still be used for social engineering and target development.
It’s hard to say who is responsible for these attacks. The pattern of these attacks seems to indicate that there are one or two groups responsible for these intrusions but it’s hard to tell with the limited information available. Assuming that the groups are related to each other, the scale and sophistication of this cyber campaign points to a state sponsored malicious cyber actor. It’s possible that the Russians are involved. Australia joined the United States in sanctioning Russia for invading Ukraine in February 2022, provided Ukraine with $225 million Australian Dollars of military aid between April and June 2022, and another 95 million in July.
North Korea is another possibility. They condemned the Australian and U.S. ‘AUKUS’ agreement in July 2021 and warned that the nuclear submarine deal would trigger an arms race in the Pacific. The cyber security company Crowdstrike uncovered a North Korean spear phishing campaign targeting individuals working on the submarine program in July 2022. These malicious cyber actors masqueraded as a Australian diplomat and emailed a malware laced resume to targets within the government. North Korean hackers are also infamous for their ransomware campaigns, and frequently target healthcare providers. Hospitals rely on numerous specialty medical systems and cannot patch their networks before verifying that these updates will not interfere with life support programs. This makes them vulnerable to intrusions. In July 2022, the FBI seized $500,000 in bitcoin from North Korean hackers who executed ransomware attacks against healthcare networks in Kansas and Colorado. Then again, the North Koreans are not the only malicious cyber actors targeting hospitals. The FBI accused Iranian hackers of an attempted cyber attack against Boston Children’s Hospital in June 2021 and identified six Iranian hacking groups targeting other hospitals that year. Russian hackers are likely responsible for numerous ransomware attacks against healthcare providers across the U.S. in 2022 as well. It’s hard to say for sure who is responsible for these attacks at this point but it seems unlikely they are finished with their ransomware attacks against Australia.
This site is free for everyone to learn about information warfare, connect with mentors, and seek the high ground! Unfortunately operating the site is not free and your donations are appreciated to keep KTC up and running. Even a five or ten dollar donation helps.
