ACSC and ASD Know Who Is Responsible for the APH Email System Attack but They Won’t Disclose It
Attribution Is a Matter for Government, and Is Made Only When in the National Interest, They Said.
Australian Signals Directorate (ASD), a government agency responsible among others for information security, and the Australian Cyber Security Centre (ACSC), the Australian government lead agency for cybersecurity discovered who was behind the Australian Parliament House email system attack.
Even if they have this information, the agencies stated it’s not their place to disclose it.
Attribution is a matter for government, and is made only when in the national interest.
This week, the Department of Parliamentary Service (DPS) has disclosed that following the email system attack, its mobile device management (MDM) has been destroyed and changed.
The attack did not cause an outage of the DPS systems. DPS shut down the MDM system. This action was taken to protect system security while investigation and remediation were undertaken.
To restore services, DPS brought forward the rollout of an advanced mobile services solution that replaced the legacy MDM. The new solution provides greater security and functionality for mobile devices. This rollout was a complex activity and extended the outage experienced by users.
ASD concurred the threat actor was rudimentary and the Australian Cyber Security Centre helped to look for any possible insertions in the Australian Parliament House Microsoft Exchange server.
An unsophisticated attack would have had a higher than expected possibility to triumph, thanks to the lack of two-factor authentication (2FA).
Senator Kimberley Kitching said:
Before users came back on line after this incident, they were asked to implement new security controls to access APH emails via mobile handsets — namely multi-factor authentication.
The ASD declared that during the action of providing cybersecurity guidance and support to the Department of Parliamentary Service (DPS) after the attack, the ACSC provided broad guidance in security controls.
According to DPS, there is no proof that any email accounts have been affected following the attack.
ASD also declared no code review has been finalized on the systems of the Australian Electoral Commission, but it has “conducted a vulnerability assessment and partnered with the AEC to conduct multiple uplift activities on the AEC network.”
Heimdal® Email Security
- Completely secure your infrastructure against email-delivered threats;
- Deep content scanning for malicious attachments and links;
- Block Phishing and man-in-the-email attacks;
- Complete email-based reporting for compliance & auditing requirements;