A foreign power managed to install malicious software — known as malware — on the Australian Bureau of Meteorology’s computer system to steal sensitive documents and compromise other government networks, an official cyber security report has revealed.
The 2016 Australian Cyber Security Centre Threat report, to be released today, provides new details on last year’s attack on the bureau, which also breached sensitive systems across the Federal Government.
It is not known what the motivation for the attack was, but experts have suggested it could be commercial, strategic or both.
The bureau is considered a critical national resource, and another state would place a high value on its intellectual property and scientific research.
According to the Australian Cyber Security Centre (ACSC) report, the Australian Signals Directorate (ASD) last year detected suspicious activity from two computers on the bureau’s network.
“On investigation, ASD identified the presence of particular Remote Access Tool (RAT) malware popular with state-sponsored cyber adversaries, amongst other malware associated with cybercrime,” the report stated.
“The RAT had also been used to compromise other Australian government networks.
“In this instance, ACSC attributed the primary compromise to a foreign intelligence service, however, security controls in place were insufficient to protect the network from more common threats associated with cybercrime.
“CryptoLocker ransomware found on the network represented the most significant threat to the bureau’s data retention and continuity of operations.
“ASD identified evidence of the adversary searching for and copying an unknown quantity of documents from the bureau’s network.
“This information is likely to have been stolen by the adversary,” the ACSC report concludes.
‘Espionage is alive and well’
The ABC has previously been told China was behind the breach, but the Minister Assisting the Prime Minister for Cyber Security, Dan Tehan, would not be drawn on which foreign state was believed to be responsible.
“We don’t narrow it down to specific countries, and we do that deliberately, but what we have indicated is that cyber espionage is alive and well and that’s why we want to be transparent in this report about the incident,” Mr Tehan said.
In December, the ABC was told it would cost millions of dollars to plug the security breach.
The ACSC said between January 1, 2015 and June 30, 2016, ASD responded to 1095 cyber security incidents on government systems which were considered “serious enough to warrant operational responses”.
“Cyber security is something that we as a nation have to take very seriously; as a government, as business and as individuals,” Mr Tehan said.
“And what we want to do is continue to be more transparent about what is going on in this area and that’s what this report is about.”