China Suspected of Being Responsible for the West Australian Parliament Cyberattack

China is the main suspect of the West Australian Parliament cyberattack that took place during the state election campaign. On March 4^th, around 5.40 pm, they were notified that “some unusual activity was occurring on our outward-facing Microsoft Exchange Mail Server”, which is responsible for handling sensitive parliamentary emails.

Source

They immediately initiated a process of reinstalling a clean back of the Exchange mail server and installed all Microsoft patches. It took roughly 19 hours before it was complete and fully operational.

According to a Parliament spokesman, data files were provided to the Australian Cyber ​​Security Center (ACSC) for further investigation and no evidence of data leakage or impact on the Parliament’s network was found.

Microsoft has concluded that there was a ‘high probability’ that the Exchange attack originated from China; however, we have no information to confirm the source of the attack.

On March 9th, ACSC warned all organizations and businesses using Microsoft Exchange products to urgently fix their software after it was compromised by hackers. Thousands of Australian servers were reportedly affected by the hack, although the federal government has not publicly identified any of the organizations or companies affected.

While Prime Minister Scott Morrison has said he will not officially name the state suspected of the attacks, leading sources have confirmed that China is believed to be behind the West Australian Parliament cyberattack.

Email is the most common attack vector used as an entry point into an organization’s systems.

Heimdal® Email Security

Is the next-level email protection solution which secures all your incoming and outgoing comunications.

• Completely secure your infrastructure against email-delivered threats;
• Deep content scanning for malicious attachments and links;
• Block Phishing and man-in-the-email attacks;
• Complete email-based reporting for compliance & auditing requirements;

Try it for FREE today 30-day Free Trial. Offer valid only for companies.

In the past few months, Australia has increased its cybersecurity actions which included the release of a new cybersecurity strategy endorsed by a $1.67 billion investment, including the Critical Infrastructure Bill 2020. Prime Minister Scott Morrison said in a media release that

The 2020 Strategy means that cybersecurity is a fundamental part of everyday life, so Australians can reap the benefits of the internet and the digital economy safely, and with confidence. The digital economy is the future of Australia’s economy. We will protect our vital infrastructure and services from cyberattacks. We will support businesses to protect themselves so they can succeed in the digital economy.

The Microsoft Exchange Server contains millions of corporate email, calendars, and list products, and if hacked, entire mailboxes could be exfiltrated.

Back in 2016, a security breach devastated Western Australia’s communications networks and cramped several crucial operations. Austrade and the Defence Science Technology Group, both suffered significant cyber infiltrations by China-based hackers.

A foreign government has been suspected of launching a sophisticated cyberattack on the Federal MPs’ computer network in 2019, involving the installation of malware. What’s more, China has been behind several previous high-profile hacks on Australian government systems, including breaching Parliament’s computer network in 2011, which has provided Chinese spies with access to the emails of MPs and their staff for months.

The Chinese Embassy denied the allegations, saying this is not the first time Australian media publishes similar misinformation to denigrate China.