Australia blames Russia over hacking of 400 companies in 2017

By @chelean on
Cyber-Attack
A magnifying glass is held in front of a computer screen in this picture illustration taken in Berlin May 21, 2013. Reuters/Pawel Kopczynski

Russia was behind the series of cyber attacks on up to 400 businesses in 2017, Australia has claimed. The attack also affected millions of machines worldwide, including the United Kingdom and the United States.

Australia, along with the US and Britain, has alleged that the hackers were backed by the Russian government. Defence Minister Marise Payne said the hackers infected computer routers around the world. She said there were potentially about 400 private Australian companies affected. The government’s cybersecurity office has contacted the said businesses to alert them.

Treasurer Scott Morrison told SBS News that the victims were private companies, adding that there were “no Australian departments or agencies” were affected. Fergus Hanson, head of cyber security at the Australian Strategic Policy, said Russia could be trying to access control on networks for future attacks.

“It is not necessarily the case that you are trying to steal data all the time, conduct espionage, there are reasons you might want to be inside a network and it could be to conduct an offensive operation at a time of your choosing,” he said. He added that Russian cyber actors used commercially available routers as a point of entry. The affected routers were old models that are being phased out and had not been patched with the latest software.

US and UK have released a joint alert on the attacks, saying that the targets of the attacks were primarily government and private-sector organisations, critical infrastructure providers and Internet service providers supporting these sectors.

“Russian state-sponsored actors are using compromised routers to conduct spoofing ‘man-in-the-middle’ attacks to support espionage, extract intellectual property, maintain persistent access to victim networks, and potentially lay a foundation for future offensive operations,” the notice reads. “Multiple sources, including private and public-sector cyber security research organisations and allies, have reported this activity to the US and UK governments.”

They recommend reading about the malicious activity described in TA18-106A to know more about the affected routers and solutions.

The hack occurred in 2017, but it is believed that the Russians were about to utilise the exploits they set up last year. Hanson added that Australia, US and the UK may have known about Russia’s connection, but they sat quietly on the intelligence in a bid to understand Russia’s methods.