State sponsored cyberattacks are happening right now
No one is saying it’s China, but everyone believes it’s China
As if battling the coronavirus and the massive economic downturn that will result from the spread of the virus worldwide wasn’t enough, countries now have to consider another issue: the threat of state-sponsored cyberattacks.
Australia has become the latest victim of a sophisticated attack against its national IT infrastructure, coming under a “sustained” cyberattack on June 18 that targeted not just government computer systems and networks, but also those of the country’s biggest businesses.
“The Australian Government is currently aware of, and responding to, a sustained targeting of Australian governments and companies by a sophisticated state-based actor,” the government said in a statement published in response to the attack.
Cybersecurity experts dubbed the attack “copy-paste compromises,” after the vector of attack. The attackers relied heavily on open source code out there that has already been proven to work in exploiting networks, using web shells, and a range of other tools.
There appears to be little new in the attacks, but rather a mixture of different pre-existing, known vulnerabilities put together to allow access to most networks.
According to the Australian government, the attackers leverage a number of holes in systems, usually through unpatched vulnerabilities in Telerik UI. They’ve also said that the attackers are gaining access to systems via exploitation of a deserialization vulnerability in Microsoft Internet Information Services (IIS), a 2019 SharePoint vulnerability and the 2019 Citrix vulnerability.
All of those are coupled with spear phishing attempts through links to websites that harvest credentials, emails sending links to malicious sites or attachments, and other ways. More worrying still, “the actor was identified making use of compromised legitimate Australian web sites as command and control servers.”
Fingers pointed at China
Australian prime minister Scott Morrison told the nation the attack was from a “sophisticated state-based actor,” with most experts pointing the finger squarely at one country: China. The experts came to that conclusion by looking at the scale and sophistication of the attack, and the kinds of targets that were focused on during the attack.
“This activity is targeting organisations across a range of sectors, including all levels of government, industry, political organisations, education, health, essential service providers and operators of other critical infrastructure,” said Morrison on the day the attack was noticed.
Huawei and Covid-19 could be to blame
The hack hasn’t just attempted to take systems offline, but has also been aimed at universities and businesses, aiming to steal secrets and research that could theoretically be used to advance China’s aims. It’s also believed to tie into a larger geopolitical issue, focused on the risk around using Huawei systems for 5G networks, and giving access to potentially restricted data flows.
The amount of effort put into the attack would indicate that China is only one of a handful of states able to pull off the attack, and the compounding factors around not only the debate as to what extent Huawei should be allowed to provide hardware support for critical national infrastructure, but other geopolitical factors are at play.
Australia has rankled China recently by calling for an investigation into how exactly Covid-19 came to spread around the world, and whether the Communist state was slow to publicly admit the extent to which the virus was affecting its population. That has caused a decline in relations between China and Australia, and rationale to launch an attack.
What is interesting, as was pointed out by Tom Uren, the Australian Strategic Policy Institute’s cyber security analyst, was Australia’s response. By going public, it has called China’s bluff. “We are getting tired of this and it's escalated to the highest levels,” he tweeted, taking the stance of Australia’s government in hypothetical negotiations with China. “Final warning or we'll be much more public.”
What China does next, nobody knows.