The government has revealed a “small” Australian firm contracting to Defence had its IT systems infiltrated and a "significant" amount of data stolen.
The breach came to light as part of the Australian Cyber Security Centre (ACSC) annual threat report, which was launched by Dan Tehan, the minister assisting the Prime Minister for cyber security.
Tehan said that the ACSC became aware of the attack in November 2016.
The firm involved had "contracting links to national security projects", Tehan said.
"ACSC analysis confirmed that the adversary had sustained access to the network for an extended period of time and had stolen a significant amount of data," Tehan said.
"The adversary remained active on the network at the time of the ACSC investigation."
Tehan said the attack had targeted an "internet- or public-facing server", for which the unknown attacker had managed to gain administrative credentials.
"Once in the door the adversary was able to establish access to other private servers on the network," Tehan said.
The ACSC's threat report said the attackers "were able to install multiple webshells – a script that can be uploaded to a webserver to enable remote administration of the machine – throughout the network to gain and maintain further access."
Tehan said that the ACSC "worked with the affected company to remediate the compromise, remove the malicious actor and provide tailored advice on how to prevent this happening in the future."
It was unclear how long hackers had access to the company’s systems or what data they had accessed or exfiltrated.
Tehan told ABC’s AM program earlier today that the government “don’t know and we cannot confirm exactly who the actor was” that was behind the attack, though early suspicion centred on unknown state-based actors.
Tehan said generally that “cyber espionage is alive and well and it's something that we need to be conscious about”.
“There are state actors out there who are using malicious activity to try and get access to state secrets or other types of information,” he said.
“It's why the government is taking the actions it is to do everything we can to… protect government systems."
Cyber incidents continue to rise
Tehan told the launch of the report that there were 47,000 cyber incidents reported in Australia in the past year, a 15 percent increase on the numbers reported a year ago.
About half of these were classified as "online scams or fraud", Tehan said.
"Only one instance of cyber crime has fallen - the prevalance of illegal or prohibited material," he said.
Tehan said that there had been 7,283 "cyber incidents" that affected major businesses in Australia. Of those, 734 incidents saw direct remediation involvement by the ACSC.
"Most concerning is these attacks more elaborate than what we've seen in previous years," Tehan said.
However, he warned there was likely an even higher instance of cybercrime in Australia because some attacks were still going unreported.
"If you're hit by cybercrime, dont regret it - report it," Tehan urged.
