Australia has been under cyber attack for months

Intrusion into critical infrastructure and citizens' services. China is under accusation: relations between Canberra and Beijing are in free fall Australian Prime Minister Scott Morrison (Photo by Sam Mooy / Getty Images) Australia has been the victim of a sophisticated cyber attack for several months which has repeatedly affected government IT systems, critical infrastructure and essential services. At a press conference, Prime Minister Scott Morrison said that the multiple attacks that began months ago and have been increasing in recent years have led to severe violations that have compromised citizens' personal data.

The Morrison attacks would all be part of a single campaign financed by a single foreign state. Although not openly mentioned, many experts suspect that behind the attacks there may be China with which Australia has recently been at loggerheads.

"On the basis of our experience, we know that cyber- Foreign-sponsored threat directly replicates geo-political tensions, ”said Tim Wellsmore, of FireEye, a US cybersecurity company. This would explain why Australia has chosen a time when its relations with China are at an all-time low, to publicly announce that they are victims of a cyber attack related to Beijing.

Without going specifically, the Australian premier explained that the attacks targeted "government, industry, political organizations, education, health, essential service providers and operators of other critical infrastructures".

“We are facing a campaign that has the typical traits of a sophisticated attack and coordinated with the aim to penetrate the critical infrastructure government,” explains Mariana Pereira, director Email Security Products at Darktrace, the company of cybersecurity: “it Is of attempts made on a continuous basis during an extended period of time, with the aim to exploit both the vulnerabilities of the system and the human via spear-phishing. “

To enter more in detail on the mode of attack was then the Australian Cyber Security Centre. Experts in cybersecurity have renamed the attack Copy-paste compromises because of the use of a series of other instruments which have been copied and pasted directly from an open source code . The authors of the attack have taken advantage of initially, the use of four vulnerabilities of some software used by government networks to gain access to the computer systems taking advantage of exploits to run code from the remote.

When these resources failed, they switched to the technique of phishing, taking advantage of websites that bait to the collection of the credentials, the email with the link or file harmful, and other systems to get as much data as possible directly from the australian.

Though the actors were in possession of several credentials to access and compromise as many personal data of the citizens, the team of cyber experts has not identified any intention of carrying out destructive activities in the systems affected.

Australia could therefore have been chosen as the victim of the attack cyberspionaggio because of its participation in the alliance Five Eyes , a multilateral agreement with the United States, the United Kingdom, New Zealand and Canada with the aim of countering cyber espionage.