state-based cyber actor – РИСК-АКАДЕМИЯ – АНО ДПО ИСАР

State-Sponsored Cyber Attacks Threaten Australian Critical Infrastructure

riskacademy — Thu, 02 Jul 2020 08:04:39 +0000

The discussion around state-sponsored cyber attacks on Australia has once again launched to the fore in the country following comments by the Prime Minister Scott Morrison on June 19. According to the new remarks, Australian institutions of all kinds have fallen victim to cyber attacks from a sophisticated state based cyber-actor over at least the course of the last several months, raising alarm about the vulnerability of the country’s critical infrastructure.

The attacks are taking place against all levels of governments as well as services and businesses in Australia, according to Morrison, with their frequency having increased “over many months”.

“I’m here today to advise you that, based on advice provided to me by our cyber-experts, Australian organisations are currently being targeted by a sophisticated state-based cyber-actor,” Morrison said at a press conference. He added that such attacks have been targeting organizations “across a range of sectors, including all levels of government, industry, political organisations, education, health, essential service providers and operators of other critical infrastructure”.

Although identified as being…

Australia says it’s under massive nation-state cyberattack (& hints at China). Lazarus Group may be prepping COVID-19 phishing.

riskacademy — Sat, 20 Jun 2020 04:57:45 +0000

Australia’s Prime Minister Morrison says that Australia is under massive and sustained cyberattack. “We know it is a sophisticated state-based cyber actor because of the scale and nature of the targeting and the tradecraft used,” the Wall Street Journal quotes the Prime Minister as saying. He added that all levels of government and most economic sectors are among the targets.

The actor may be sophisticated, but most observers aren’t moving from that to a conclusion that the attacks themselves are advanced or complicated. (The Guardian’s discussion is representative.) To judge from yesterday’s Australian Signals Directorate advisory, the attacks for the most part hit known vulnerabilities with “copy-and-paste” open-source exploit code. When that approach fails, the attackers resort to familiar spearphishing.

The Prime Minister refused to be drawn on attribution, but he’s generally believed to be describing a Chinese government campaign. ZDNet quotes sources to the effect that this particular “frog has been boiling for years,” which raises the question of why the Prime Minister would choose to issue his warning now. ABC says the campaign may represent payback…