Chinese hackers have been spying on Australia for a decade
A hacking group with ties to China has been caught spying on government, education and telecom organisations across Australia and Southeast Asia. The Aoqin Dragon group has been operating since at least 2013 in a way that “closely aligns with the Chinese government’s political interests”.
The group has used political and pornography-themed content to encourage users to open malicious Microsoft Word documents. More recently, shortcuts apparently leading to removable devices have been used to deliver DLL hijacking attacks. Backdoors exfiltrate data from compromised devices. “Considering this long-term effort and continuous targeted attacks for the past few years,” said threat intelligence researcher Joey Chen, “we assess the threat actor’s motives are espionage-oriented.” China has been linked with a number of incidents affecting Australian institutions in recent years. Diplomatic moves to improve relations between the two countries may lower the threat level, but as state-linked attacks rise, organisations across Australia should be on their guard.
Pension fund phishing attack hits 50,000 people
Australian pension fund Spirit Super has suffered a breach after “unauthorised access to a mailbox containing personal data”. Around 50,000 individuals were affected, with data including names, addresses, ages, telephone numbers and account numbers and balances exposed.
Tasmania-based Spirit Super, which manages $26 billion worth of funds for 325,000 Australians, underlined that no birth dates or bank account details were affected by the breach. The organisation believes that rather than falling to a targeted attack, an employee fell victim to a widespread phishing campaign. The attack succeeded despite the presence of Multi-Factor Authentication (MFA), offering a crucial reminder that MFA is not enough on its own to halt phishing attacks. Awareness training, zero-trust frameworks and biometric checks are all vital tools as companies fight back against the scammers.
Disability body data exposed in “very large” data breach
Hackers claim to have stolen and published data stolen from Australia’s National Disability Insurance Scheme (NDIS). The criminals gained access via its client management software, which is run by third-party CTARS, and have published part of what they say is a “very large” batch of records on the deep web.
The breach, which is understood to include Medicare and Tax File Numbers, has only affected NDIS participants whose providers use CTARS, and victims are being notified. “Breaches happen alarmingly often,” Samantha Floreani, a program lead at Digital Rights Watch Australia, told VICE. “But when it happens, there is currently very little legal recourse available for people who have been affected. We need a statutory tort for serious breach of privacy so that people have the ability to exercise their rights and hold entities accountable.” The government is currently reviewing the Privacy Act, with organisations including the Law Council supporting a statutory tort.
New text message scam tells recipients they need a COVID test
Services Australia has issued a warning about text messages that direct victims to a spoofed Medicare site. The message instructs potential victims “You have been in close contact with someone who has contracted Omicron” and contains a malicious link that claims to offer free PCR tests.
The scam aims to capture users’ bank details and other information. Services Australia advises that people shouldn’t click on the link, and should get in touch via their helpdesk if they have supplied any personal details.
The pandemic has proved to be a big opportunity for scammers with the Australian Cyber Security Centre (ACSC) noting that “more than 75% of pandemic-related cybercrime reports involved Australians losing money or personal information”. Increased government communications and a rise in remote work means organisations and individuals must be on their guard on email, phone and text.
Russian hackers target Ukrainian phones as cyberwar spreads
Ukrainian officials’ phones have been targeted by Russian hackers, according to a senior cybersecurity official. “We see a lot of attempts to hack Ukrainian officials' phones, mainly with the spreading of malware,” said Victor Zhora, the deputy head of Ukraine's State Special Communications Service. Zhora said that he believed the attacks had so far been unsuccessful.
Conflict on the ground has been mirrored by cyber warfare since the start of the Russian invasion of Ukraine, and it’s no surprise to see Russian-linked groups seeking to compromise personal devices. Indeed, state-sponsored hackers are an increasing threat across the world, via both direct attacks on governments and critical infrastructure, and collateral damage caused when global software or infrastructure is hit. Businesses across Australia and New Zealand should constantly reassess their security posture in the face of the threats.
Email blunder sends NSW workers’ data to the wrong addresses
New South Wales insurer icare accidentally shared the details of almost 200,000 people after reports were sent to the wrong email addresses. The company, which provides workplace injury insurance to NSW workers, suffered the breach in early May.
The data, which included policy numbers and the cost of claims, was sent out in 587 separate reports containing a total of 193,000 records. A spokesperson said the incorrect reports were sent out in a “human error related to manual processing”, and noted that “no personal bank details or other financial information that could potentially lead to fraud or theft was included”. The announcement comes months after NSW’s Department of Customer Service accidentally shared QR code data. Simple human error is the most common cause of cybersecurity incidents, and can by its very nature be hard to predict, but balancing the core principles of privacy, integrity and accessibility can help CISOs better manage risk.