You are using an older browser version. Please use a supported version for the best MSN experience.

AU News Top Stories

Russian hacking: Up to 400 Australian companies caught up in cyber attacks blamed on Moscow

ABC News logo ABC News 17/04/2018 Stephanie Borys, wires

Up to 400 Australian businesses may have been targeted by suspected Russian state-sponsored cyber attacks that have affected millions of machines worldwide, the Defence Minister Marise Payne has revealed.

The United States, Britain and Australia have alleged Russian Government-backed hackers have infected computer routers around the world in a cyber espionage campaign targeting government agencies, businesses and critical infrastructure operators.

In Australia, hundreds of businesses were affected in 2017, but Cyber Security Minister Angus Taylor said there was no indication their information had been compromised.

Ms Payne said the cyber attacks demonstrated the importance of being vigilant about cyber security.

"The Australian Cyber Security Centre ... believes that potentially 400 Australian companies were targeted, but don't believe there has been any exploitation of significance," she said.

Fergus Hanson from the International Cyber Policy Centre said Russia could be accessing the networks to launch future attacks.

"It is not necessarily the case that you are trying to steal data all the time, conduct espionage, there are other reasons you might want to be inside a network and it could be to conduct an offensive operation at a time of your choosing," he said.

Mr Taylor confirmed a "significant number" of Australian organisations had been affected.

"Commercially available routers were used as a point of entry, demonstrating that every connected device is vulnerable to malicious activity," he said.

"This attempt by Russia is a sharp reminder that Australian businesses and individuals are constantly targeted by malicious state and non-state actors, and we must maintain rigorous cyber security practices."

US and British officials have issued a joint alert on the attacks, which targeted routers that form a key part of the internet infrastructure in a cyber espionage campaign that could be leveraged in the future to launch offensive attacks.

The report says targets of the cyber activity were primarily government and private-sector organisations, critical infrastructure providers and the internet service providers supporting these sectors.

"Specifically, these cyber exploits are directed at network infrastructure devices worldwide such as routers, switches, firewalls, and the Network Intrusion Detection System (NIDS)," the statement said.

"Network device vendors, ISPs, public sector organisations, private sector corporations and small-office/home-office customers should read the alert (TA18-106A) and act on the recommended mitigation strategies."

The report blamed "Russian state-sponsored actors" for using compromised routers to support espionage, extract intellectual property, maintain persistent access to victim networks.

"Russian Government activities continue to threaten our respective safety, security, and the very integrity of our cyber ecosystem," said Jeanette Manfra from the National Protection and Programs Directorate.

"We condemn this latest activity in the strongest possible terms and we will not accept nor tolerate any malign foreign cyber operations, intrusions, or compromises — to include influence operations."

FBI deputy assistant director Howard Marshall said the attacks were part of a repeated pattern carried out by the Russian Government.

"As long as this type of activity continues, the FBI will be there to investigate, identify and unmask the perpetrators, in this case, the Russian Government," he said.

Meanwhile, White House cyber security coordinator Rob Joyce echoed the sentiment, saying: "When we see malicious cyber activity, whether it be from the Kremlin or other malicious nation-state actors, we are going to push back."

Authorities say they are still working out the full scope of the attack. © ABC News Authorities say they are still working out the full scope of the attack. AUTHORITIES WERE TRACKING CAMPAIGN FOR A YEAR

The US and British governments said they planned to provide technical details on the attacks so that organisations can determine whether they have been hacked and thwart similar future hacking attempts.

They asked victims to report any infections so they could better understand the impact of the campaign.

"They could be pre-positioning for use in times of tension," said Ciaran Martin, chief executive of the British Government's National Cyber Security Centre, who added that "millions of machines" were targeted.

The White House in February blamed Russia for the devastating "NotPetya" cyber attack in 2017, joining the British Government in condemning Russia for unleashing a virus that crippled parts of Ukraine's infrastructure and damaged computers across the globe.

US intelligence agencies also concluded that Moscow interfered in the 2016 presidential campaign and a federal prosecutor is investigating whether President Donald Trump's campaign colluded with Russians to sway the vote.

Both Moscow and Mr Trump have denied the allegations.

Mr Martin said authorities had been tracking the campaign for about a year and the tactics behind them for longer.

"We in the UK can independently corroborate all of the detection work in this report to validate the assessment of US colleagues," he said.

"And we can also confirm that all of the attacks mentioned in this report have directly affected the UK."

In August last year, the Australian Government issued a statement, saying it was "aware cyber adversaries are extracting configuration files from the routers and switches of a number of Australian organisations," but did not specify who was behind the attacks.

US and British officials said the infected routers could be used to launch future offensive cyber operations.

More From ABC News

image beaconimage beaconimage beacon