Foreign spies installed malware on an Australian government computer system, an official report has found. Investigators stopped short of naming the country suspected.
The Australian Cyber Security Centre (ACSC) reports that a foreign intelligence service initiated a 2015 malware attack that originated at the Bureau of Meteorology and might have spread to other government networks - including the Defence Department's. Initial media reports linked the cyberattack to China, which the United States has also accused of hacking government and corporate websites.
The ACSC's report attributed "the primary compromise to a foreign intelligence service" but did not name which country it suspected. "We don't narrow it down to specific countries, and we do that deliberately," Dan Tehan, who assists Prime Minister Malcolm Turnbull, told the Australian Broadcasting Corporation on Wednesday. "But what we have indicated is that cyberespionage is alive and well," he added.
The Australian Signals Directorate (ASD) cybersecurity agency identified a remote administrative tool (RAT) and other malware on the weather bureau's system in 2015. The report found that the attackers had likely succeeded at stealing information and that the bureau had instituted insufficient security controls.
"The RAT had also been used to compromise other Australian government networks," the report found. "ASD identified evidence of the adversary searching for and copying an unknown quantity of documents from the bureau's network. "
In 2013, Australia accused Chinese hackers of stealing blueprints for the national intelligence agency's headquarters. In June, US officials blamed Chinese hackers for compromising the records of up to 4 million current and former government employees. Chinese officials called the accusations irresponsible, but President Barack Obama vowed that the United States would aggressively bolster its cyberdefenses.
Other governments remain the biggest threats to Australia's cybersecurity, the ACSC found; though growing, the risk from nonstate actors remains insignificant. Such groups currently pose "a low cyberthreat," despite demonstrating a savvy understanding of social media and exploiting the internet for propaganda purposes, the report found.
The ACSC considers such groups' cybercapabilities "rudimentary," but the report warns that they show signs of improving in the near future. "It is unlikely terrorists will be able to compromise a secure network and generate a significant disruptive or destructive effect for at least two or three years," the ACSC announced.
Tehan said the possibility of such attacks by nonstate actors remained "real." "We have to understand that when it comes to cyberterrorism, there is a growing threat," he said.
The ACSC found 1,095 serious cybersecurity incidents over 18 months through June.
mkg/kl (Reuters, AFP, AP)