Attackers gained access to some systems, but did not carry out any destructive actions.
Australian Prime Minister Scott Morrison called an emergency press conference and announced a cyber attack targeting government agencies and private sector enterprises. As reported by the Reuters news agency, although the attackers gained access to some systems, they did not carry out any destructive actions.
Morrison did not report whether the Australian defense authorities identified the source of the attack, and there is currently insufficient evidence to identify the perpetrators of the cyber attack with confidence. The criminals targeted ministries, headquarters of industrial companies, political organizations, educational institutions, medical departments, suppliers of water, heat and electricity, as well as bodies responsible for the security of the country's infrastructure. According to Morrison, the cyber attack was allegedly organized with the support of another state, since only the state can have such capabilities and capabilities to carry out computer hacking.
As reportedexperts of the Australian Cyber Security Center (ACSC), the agency did not reveal the intention of cybercriminals to commit any destructive actions in the environment of the victim. The attack was carried out by exploiting the remote code execution vulnerability in unpatched versions of Telerik UI software, as well as deserialization vulnerabilities in proprietary software Microsoft Internet Information Services (IIS), SharePoint 2019 software and Citrix 2019 virtualization software solutions.
According to experts, attacks on a public infrastructure were unsuccessful, therefore, attackers switched to spear-phishing attacks and gained access to some systems. Criminals used compromised legitimate Australian websites as C&C servers. First of all, management and control were carried out using web shells and HTTP / HTTPS traffic. This method made geoblocking ineffective and allowed masking malicious network traffic as legitimate.
__________________
Australian Prime Minister Scott Morrison called an emergency press conference and announced a cyber attack targeting government agencies and private sector enterprises. As reported by the Reuters news agency, although the attackers gained access to some systems, they did not carry out any destructive actions.
Morrison did not report whether the Australian defense authorities identified the source of the attack, and there is currently insufficient evidence to identify the perpetrators of the cyber attack with confidence. The criminals targeted ministries, headquarters of industrial companies, political organizations, educational institutions, medical departments, suppliers of water, heat and electricity, as well as bodies responsible for the security of the country's infrastructure. According to Morrison, the cyber attack was allegedly organized with the support of another state, since only the state can have such capabilities and capabilities to carry out computer hacking.
As reportedexperts of the Australian Cyber Security Center (ACSC), the agency did not reveal the intention of cybercriminals to commit any destructive actions in the environment of the victim. The attack was carried out by exploiting the remote code execution vulnerability in unpatched versions of Telerik UI software, as well as deserialization vulnerabilities in proprietary software Microsoft Internet Information Services (IIS), SharePoint 2019 software and Citrix 2019 virtualization software solutions.
According to experts, attacks on a public infrastructure were unsuccessful, therefore, attackers switched to spear-phishing attacks and gained access to some systems. Criminals used compromised legitimate Australian websites as C&C servers. First of all, management and control were carried out using web shells and HTTP / HTTPS traffic. This method made geoblocking ineffective and allowed masking malicious network traffic as legitimate.
__________________