Defence industry minister Christopher Pyne says 30GB of data exfiltrated from an Adelaide-based Defence subcontractor was “commercial” in nature and “not classified”.
Speaking to ABC Radio National Breakfast, Pyne also confirmed that the Australian Signals Directorate (ASD) and CERT Australia had been tipped off to the breach “by a prime” contractor to Defence.
The breach was first revealed on Tuesday but the ASD yesterday provided a significantly detailed post-mortem of the attack and their forensic investigation over the past year.
“Fortunately the data that has been taken is commercial data, not military data,” Pyne said.
“It’s not classified information. But it’s still very serious and we will get to the bottom of it.”
Pyne said that while the government’s public line is they know little about the alleged attacker - whom the ASD has dubbed APT Alf - they may have developed an understanding of who was behind the breach.
“The information we collect through the ASD is very highly classified, secret, confidential information,” he said.
“We don’t necessarily let the public, hackers, and criminal actors know what we know about what they’re doing. We’re unlikely to talk about [what we know].”
Since the breach was first revealed on Tuesday, speculation has been that a nation-state attacker was involved.
Pyne said that the breach did not poorly reflect on the government or on standards it imposed on suppliers to defence contracts.
The ASD revealed yesterday that the victim contractor was four steps removed from the primary contractor, meaning its only relationship with the government was through a chain of subcontracted works.
Pyne said there were “upwards of 4000” businesses in Australia that worked in various defence industries.
He said that the breach was a “salutary reminder to everyone that when the government says that businesses need to take their cybersecurity very seriously we aren’t joking”.
“It’s a very significant part of the defence of these major projects,” he said.