[BreachExchange] Malware drive-by attack triggered Australia's first cyber emergency

Fri Nov 15 09:43:30 EST 2019

https://www.itnews.com.au/news/malware-drive-by-attack-triggered-australias-first-cyber-emergency-534028

First details of Parliament hack emerge.

Cyber security experts took more than a week to eject the
state-sponsored attacker from Parliament’s computing network after it
was compromised by malware earlier this year, Senate President Scott
Ryan has revealed.

In answers to questions on notice to budget estimates hearings
released on Thursday, Ryan said the malware infection occurred when a
small number of the network’s 4000 users visited an unnamed website
that itself had been compromised.

“A small number of users visited a website that was outside of
parliamentary management and that website had been compromised causing
malware to be injected into the parliamentary computing network,” he
said.

Ryan said the cyber attack, which has since been labelled “Australia’s
first national cyber crisis” by the Australian Signals Directorate
(ASD), took a total of nine days before the infiltration was stamped
out after it was first discovered on 31 January.

This was more than a full week before the Department of Parliamentary
Services (DPS) reset all network, users, administrator and system
level passwords in a bid to protect parliamentarians and their staff,
as well as staff from the department.

“DPS became aware of the incident on the 31 January 2019. DPS and the
ASD acted immediately to monitor and plan effective remediation,” he
said.

“Removal of the attacker occurred on the 8 February.”

While ASD had previously confirmed a limited amount of data deemed
non-sensitive was stolen by the attacker, new details on the type of
data taken has now been disclosed.

“The small amount of non-sensitive data refers to DPS corporate data
and data related to a small number of parliamentarians,” Ryan said.

He said that any impact on the email accounts of parliamentarians
either had or would be discussed with those parliamentarians directly.

“Two Senators were contacted. I will not address matters related to
members of the House of Representatives; they should be addressed to
the Speaker,” Ryan said.

The new information is likely to be the some of the only details
released about the attack, with the federal government unlikely to
release even a redacted version of the final report.

This is at odds with other organisations like the Australian National
University, which was praised for its transparency over its recent
cyber attack.

A state-sponsored actor is still widely believed to have been
responsible for the attack, which was also later found to have
extended to the networks of the Liberal, Labor and National Parties,
though the federal government is yet to make any attribution claims.

Reuters reported in September that multiple sources had claimed ASD
had concluded the attack was conducted by China.

Ryan also confirmed on Thursday that there was no evidence of “insider
involvement or assistance in the compromise”.