Australia’s Cyber Security Centre said it is “likely” foreign adversaries successfully made away with information stolen from the Bureau of Meteorology in a 2015 hack on the agency's networks.
The government’s security hub has released new details on the intrusion - which was made public by the ABC in December 2015 - in its second annual cyber threat report, to be published later today.
The Australian Signals Directorate was alerted to the intrusion when it uncovered a breed of RAT (remote accesss trojan) it described as being “popular with state-sponsored cyber adversaries” on the BoM network, following reports of suspicious activity from two agency computers.
The ASD said it was likely all passwords on the bureau’s network were compromised by the time it uncovered the breach, owing to a “password dumping utility” found on the network. It said at least one legitimate domain administrator account had been compromised by the intruder.
The intelligence agency's investigators found evidence of the hacker “searching for and copying an unknown quantity of documents from the bureau’s network,” the ACSC report revealed.
“This information is likely to have been stolen by the adversary," the report stated.
The intruder tried to break into at least six other points on the bureau’s network, including domain controllers and file servers.
They are thought to have covered their tracks with network scanning and time stamp modification tools.
The ACSC attributed the compromise to a “foreign intelligence service”. The Chinese government has already denied claims it had anything to do with the breach.
The ASD investigators said the presence of other unrelated malware on the network - such as Cryptolocker ransomware - pointed to serious failings in the BoM’s information protections, which would have made it an appealing target.
“Security controls in place were insufficient to protect the network from more common threats associated with cybercrime," the ACSC report stated.
The security hub said the BoM has since implemented the ASD’s set of cyber mitigation strategies, which will “significantly improve the security posture of the bureau’s corporate network”.
"The ACSC continues to work with the Bureau of Meteorology to implement a number of further, specific recommendations to mitigate future compromise," it said.