‘I’ve never seen anything like it’: Tens of thousands of Australians could have has information stolen by Chinese hackers, cybersecurity boss warns
- China accused of cyber theft of potentially thousands of Australian companies
- Australian arm of multi-national construction company confirmed to be hacked
- ‘The biggest and most audacious hack I’ve ever seen,’ cybersecurity boss said
China has been accused of hacking and cyber-theft against potentially thousands of Australian companies by the federal government.
‘It’s the biggest and most audacious hack I’ve ever seen. The global scale of this. It’s breathtaking,’ the head of the Australian Cyber Security Centre, Alastair MacGibbon, told Sky News.
Mr MacGibbon described the hack as a ‘campaign to steal commercial secrets, and that translates to stealing food from the tables of Australian families.’
The startling revelations began with two Chinese nationals charged in the US on Thursday over their alleged membership to a hacking group operating in China
The startling revelations began with two Chinese nationals charged in the US on Thursday over their alleged membership to a hacking group operating in China known as APT10, which stands for Advanced Persistent Threat 10.
The group allegedly targeted companies and government agencies in at least a dozen countries and gave China’s intelligence service access to intellectual property and other sensitive business information.
A joint statement from Foreign Affairs Minister Marise Payne and Home Affairs Minister Peter Dutton said APT10 was acting on behalf of the Chinese Ministry of State Security and the group’s ‘sustained cyber intrusions’ were significant.
The group focused on large-scale managed service providers, known as MSPs, that manage IT services and infrastructure for medium-to-large businesses and organisations.
‘It’s the biggest and most audacious hack I’ve ever seen. The global scale of this. It’s breathtaking,’ the head of the Australian Cyber Security Centre, Alastair MacGibbon said
FBI Director (pictured) confirmed that banking, mining, and telecommunications companies were focused on by the alleged hackers, as was NASA and the US Department of Energy
Examples of MSPs allegedly targeted in the attacks include IBM, Hewlett Packard, and SAP.
Through hacking these MSPs, the group was able to gain access to information of potentially thousands of their clients, though the exact number is not known.
Among the businesses confirmed to be compromised is the Australian arm of a multi-national construction company.
Banking, mining, and telecommunications companies were focused on by the alleged hackers, as was NASA and the US Department of Energy.
The alleged hacking was uncovered by security experts from Price Waterhouse Coopers UK and BAE Systems under the name Operation Cloud Hopper in 2017.
China has denied the claims, saying the allegations of economic espionage were ‘slanderous.’
‘Australia calls on all countries – including China – to uphold commitments to refrain from cyber-enabled theft of intellectual property, trade secrets and confidential business information with the intent of obtaining a competitive advantage,’ the Ministers said in the statement, issued early on Friday.
The statement added that the security compromise was a reminder to all organisations to be vigilant, and directed Australian organisations to the government’s cyber security information website www.cyber.gov.au for advice.
The alleged hacking was uncovered by security experts from Price Waterhouse Coopers UK and BAE Systems under the name Operation Cloud Hopper in 2017
HOW THE CHINESE HACKED AN AUSTRALIAN COMPANY
In March 2017 the Australian Cyber Security Centre received a report that the Australian arm of a multinational construction services company was hit with malware known to be used by Chinese hackers working for the APT10 group.
The malware was a version of the well-known ‘PlugX’ remote access tool (RAT). The hackers used a legitimate administrator account.
The hackers then accessed sensitive data and commercial secrets.
The first hack attempt on the company occurred in September 2016, installed under the innocent-sounding name ‘Corel Writing Tools Utility’.
Over the next two months more PlugX malware was installed, using the name ‘Quick CreateInstall Installer’.
Data then began to be gathered by the hackers and stored in text files.
Three weeks after the ACSC report, a new piece of malware called RedLeaves was installed, experts believe as a response to the hacking being reported.
In May 2017, the hackers deleted evidence from the initial host computer.
The affected company was advised to take a range of security steps.