Around 30GB of sensitive defense data of Australia stolen in an extensive cyber attack on a government contractor. It contained information about Australia's warplanes and navy ships.
Around 30GB of sensitive defense data of Australia stolen in an extensive cyber attack on a government contractor. It contained information about Australia's warplanes and navy ships. The stolen data included Australia's $17 billion Joint Strike Fighter program, and $4 billion P-8 surveillance plane project details. The hackers were also successful in getting information about the ageing Collins Class submarines and Australia's most significant warships HMAS Canberra and HMAS Adelaide. The breach potentially happened in July 2016, and Australian Signals Directorate (ASD) was not alerted until November that year. It was in December the ASD officials began the corrective actions. The hacker had access to the network for a long period and had stolen a significant amount of sensitive data. Defence Industry Minister Christopher Pyne said that the attack was not a threat to national security.
You may be interested in reading:10 Key Information Security Mistakes Organizations Make! How to Fix Them?ASD incident response manager Mitchell Clarke told in Sydney security conference on Wednesday that the hacker had exploited a weakness in software used by the government contractor, which kept unpatched for 12 months. Clarke also added that the aerospace engineering firm was even using default passwords. According to him, the attack was “extensive and extreme." The hackers seem to have used a tool called “China Chopper,” which, security experts say is widely used by Chinese hackers, and had obtained access through an Internet-facing server. A weakly configured IT HelpDesk portal with 12-month-old vulnerability allowed the hackers to enter into the network. In addition to this, company’s file server also mounted to the same server using the Domain Administrator account. Lateral movement using those same credentials ultimately helped the hacker to access the domain controller and the remote desktop server and to email and other sensitive data.
Read more on: Cyber Espionage and Network Infrastructure SecurityThe hackers had gained full access to the subcontractor’s systems, and so it was easy for them to infiltrate emails of the chief engineer, the finance officer, and a contracting engineer. The mystery hacker, nicknamed as"Alf," has not been identified yet.
Key Lessons Learned:
- As usual, patching was not up to date - More than 12-month-old vulnerability.
- Multiple Levels of Defense is Important
- Security Assessment and controls cannot be ignored for non-business critical systems also.
You may be interested in reading: Breach in Deloitte Exposes Clients Confidential Information