Up to 400 Australian businesses may have been targeted by suspected Russian state-sponsored cyber attacks that have affected millions of machines worldwide, the Defence Minister Marise Payne has revealed.
- Authorities say infected routers could be used for future attacks
- No indication information in Australia was compromised, minister says
- US, UK call on victims to report any infections found
The United States, Britain and Australia allege Russian Government-backed hackers infected computer routers around the world in a cyber-espionage campaign targeting government agencies, businesses and critical infrastructure operators.
In Australia, hundreds of businesses were affected in 2017, but Cyber Security Minister Angus Taylor said there was no indication their information had been compromised.
Ms Payne said the cyber attacks demonstrated the importance of being vigilant about cyber security.
“The Australian Cyber Security Centre … believes that potentially 400 Australian companies were targeted, but don’t believe there has been any exploitation of significance,” she said.
Fergus Hanson from the International Cyber Policy Centre said Russia could be accessing the networks to launch future attacks.
Mr Taylor said it was important Russia took responsibility for its actions.
“We know that they were behind these attacks and that’s a very important escalation,” Mr Taylor told that ABC.
He would not be drawn on whether Australia would take further action against Russia over the attacks.
“The most important thing at this point is to attribute it. To say we know where this came from, we are working with our partners…and it’s unacceptable behaviour.”
Authorities say they are still working out the full scope of the attack. (Four Corners: Cyber War)
US and British officials have issued a joint alert on the attacks, which targeted the CISCO routers that form a key part of the internet infrastructure.
Experts believe the exploits could be leveraged in the future to launch cyber attacks.
The report says targets of the cyber activity were primarily government and private-sector organisations, critical infrastructure providers and the internet service providers supporting these sectors.
“Specifically, these cyber exploits are directed at network infrastructure devices worldwide such as routers, switches, firewalls, and the Network Intrusion Detection System (NIDS),” the statement said.
“Network device vendors, ISPs, public sector organisations, private sector corporations and small-office/home-office customers should read the alert (TA18-106A) and act on the recommended mitigation strategies.”
The report blamed “Russian state-sponsored actors” for using compromised routers to support espionage, extract intellectual property, maintain persistent access to victim networks.
“Russian Government activities continue to threaten our respective safety, security, and the very integrity of our cyber ecosystem,” said Jeanette Manfra from the National Protection and Programs Directorate.
“We condemn this latest activity in the strongest possible terms and we will not accept nor tolerate any malign foreign cyber operations, intrusions, or compromises — to include influence operations.”
FBI deputy assistant director Howard Marshall said the attacks were part of a repeated pattern carried out by the Russian Government.
“As long as this type of activity continues, the FBI will be there to investigate, identify and unmask the perpetrators, in this case, the Russian Government,” he said.
Meanwhile, White House cyber security coordinator Rob Joyce echoed the sentiment, saying: “When we see malicious cyber activity, whether it be from the Kremlin or other malicious nation-state actors, we are going to push back.”
Authorities were tracking campaign for a year
The US and British governments said they planned to provide technical details on the attacks so that organisations can determine whether they have been hacked and thwart similar future hacking attempts.
They asked victims to report any infections so they could better understand the impact of the campaign.
US and British officials said the infected routers could be used to launch future offensive cyber operations.
“They could be pre-positioning for use in times of tension,” said Ciaran Martin, chief executive of the British Government’s National Cyber Security Centre, who added that “millions of machines” were targeted.
The White House in February blamed Russia for the devastating “NotPetya” cyber attack in 2017, joining the British Government in condemning Russia for unleashing a virus that crippled parts of Ukraine’s infrastructure and damaged computers across the globe.
US intelligence agencies also concluded that Moscow interfered in the 2016 presidential campaign and a federal prosecutor is investigating whether President Donald Trump’s campaign colluded with Russians to sway the vote.
Both Moscow and Mr Trump have denied the allegations.
Mr Martin said authorities had been tracking the campaign for about a year and the tactics behind them for longer.
“We in the UK can independently corroborate all of the detection work in this report to validate the assessment of US colleagues,” he said.
“And we can also confirm that all of the attacks mentioned in this report have directly affected the UK.”
In August last year, the Australian Government issued a statement, saying it was “aware cyber adversaries are extracting configuration files from the routers and switches of a number of Australian organisations,” but did not specify who was behind the attacks.