A "sophisticated state-based actor" has been attempting to hack a wide range of Australian organisations for months and had stepped up its efforts recently, Prime Minister Scott Morrison said on Friday.
The attacks have targeted all levels of the government, political organisations, essential service providers and operators of other critical infrastructure, Morrison said in a media briefing in Canberra.
"We know it is a sophisticated state-based cyber actor because of the scale and nature of the targeting," he said.
Morrison said there were not a lot of state actors that could launch this sort of attack, but Australia will not identify which country was responsible.
Australia's Defence Minister Linda Reynolds said advice showed no large-scale personal data breaches from the attack.
According to the Federal Government’s Australian Signals Directorate’s Australian Cyber Security Centre (ACSC), the actor is utilising “heavy use of proof-of-concept exploit code, web shells and other tools copied almost identically from open source” in its attacks, as well as spearphishing exploits.
The most common of these attacks have been found in the exploitation of public-facing infrastructure, primarily through a vulnerability in unpatched versions of Telerik UI.
Other exploits in public-facing infrastructure include a deserialisation vulnerability in Microsoft Internet Information Services (IIS), a 2019 SharePoint vulnerability and a 2019 Citrix vulnerability.
The existence of the actor was found through its use of compromised legimiate Australian websites as command and control servers, the ACSC claimed.
“Primarily, the command and control was conducted using web shells and HTTP/HTTPS traffic. This technique rendered geo-blocking ineffective and added legitimacy to malicious network traffic during investigations,” a statement from the centre read.
The revelation comes after Reuters reported Canberra had determined in March last year that China was responsible for a hacking attack on Australia's parliament. Australia never publicly identified that source of the attack and China denied it was responsible.
A U.S. security ally, Australia strained ties with its largest trading partner, China, by pushing for an international inquiry into the source and spread of COVID-19 that first emerged in the central Chinese city of Wuhan late last year.
(Reporting by Renju Jose; Editing by Tom Hogue and Lincoln Feast with ARN staff.)