The Queensland Department of Premier and Cabinet has fallen victim to a suspected email spoofing scam that has seen bogus messages sent out purportedly from Annastacia Palaszczuk’s top bureaucrat.
iTnews understands the spam emails appear to come from the address of director general David Stewart, but could be a case of email spoofing, where a spammer fakes the true origin of outgoing mail in order to more effectively enact a phishing attack.
A spokesman for the state government said the matter had been reported to police and the Australian Cyber Security Centre, who were working with the office of the Queensland government CIO to get to the bottom of what happened.
He declined to provide detail, citing fears of compromising the investigation.
“Protective measures have been further strengthened within the Queensland government to ensure the highest security protocols exist,” the spokesperson said.
“Government is not immune to this activity. Cyber security internationally is an ongoing concern for all government jurisdictions, private organisations and the cyber industry.”
It appears Stewart fell victim by chance, rather than being targeted directly like his peer and NSW Education director general Michele Bruniges, whose departmental account was breached and used to send angry messages to staff in 2012.
Those emails attacked government plans to cut the state’s education budget and urged staff to fight the policy.
However, Queensland's CIO Andrew Mills and the rest of the state's infosec professionals are not unfamiliar with handling this sort of high-profile attack on government systems.
Just last year the websites of the Department of Education and Queensland TAFE were breached when hackers gained access to years’ worth of feedback and complaints, including reports of alleged sexual assaults