Foreign government behind a major Cyber attack on Australia.

Foreign government behind a major Cyber attack on Australia.

Prime Minister Scott Morrison has spoken about a massive cyber intrusion that hit the government and private sector in Australia

Prime Minister Scott Morrison says Australian organisations, including governments and businesses, are currently being targeted by a sophisticated foreign "state-based" hacker.

"This activity is targeting Australians organisations across a range of sectors, including all levels of government, industry, political organisations, education, health, essential service providers and operators of other critical infrastructure," Prime Minister Morrison told reporters Canberra

"We know it is a sophisticated state-based cyber actor because of the scale and nature of the targeting and the trade craft used. Regrettably, this activity is not new. Frequency has been increasing "

Mr Morrison said the Opposition had been notified last night, as had state and territory premiers and chief ministers.

“A number of them have already been involved working with our agencies on these issues,” he said.

Mr Morrison said the government was announcing the issue today “not to raise concerns in the public's mind but to raise awareness in the public's mind”.

He said so far there had been no large-scale data breaches of Australians’ personal information as a result of the attacks.

“What I can confirm is there are not a large number of state-based actors that can engage in this type of activity and it is clear, based on the advice that we have received, that this has been done by a state-based actor, with very significant capabilities.”

However Mr Morrison would not be drawn on whether China was behind the attack.

Foreign Minister Marise Payne said there was "no doubt that malicious cyber activity is increasing in frequency, scale, in sophistication and in its impact".

"This activity harms Australia's national security and also our economic interests," she said. "It's vital that all-Australian organisations are alert to this threat and take steps to protect their own networks."

She urged all Australian organisations to take three steps to protect themselves.

"Firstly, patch your internet-facing devices promptly, ensuring that any web or email servers are fully updated with the latest software," she said.

"Secondly, ensure you always use multi-factor authentication to secure your internet access, infrastructure and also your cloud-based platforms. Thirdly, it's important to become an ASSC partner to ensure you get the latest cyber threat advice to protect your organisation online."

The title ‘Copy-paste compromises’ is derived from the actor’s heavy use of proof-of-concept exploit code, web shells and other tools copied almost identically from open source.

The Australian Cyber Security Centre’s Advisory 2020-008 details the tactics, techniques and procedures (TTPs) identified during the ACSC investigation of a cyber campaign targeting Australian networks. These TTPs are captured in the frame of tactics and techniques outlined in the MITRE ATT&CK framework.