The Australian Cyber Security Centre (ACSC) sounded the alarm on March 3, urging organisations to follow tech giant Microsoft’s instructions to patch vulnerable systems which came under threat by a state-sponsored Chinese cyber attacker.
This comes after Microsoft announced on March 2 that a cyber actor based in China, which they called “Hafnium,” hacked its email server software, Microsoft Exchange.
The extent of Hafnium’s operations in the United States included the targeting of a multitude of sectors for the purposes of exfiltrating important information.
These sectors included infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks, and NGOs.
On March 9, ACSC’s further analysis identified ongoing extensive targeting and compromises, the ramifications of which involve private data and emails falling into the hands of the Chinese Communist Party (CCP).
ACSC released the update detailing that a large number of Australian organisations have yet to update their systems, leaving them openly exposed to compromise.
The Australian Department of Defence issued a severe warning on March 10, with Assistant Minister for Defence Andrew Hastie expressing concern over organisations’ handling of the issue.
“Australian organisations cannot be complacent when it comes to cybersecurity, which is why all users of Microsoft Exchange are being urged to patch their vulnerable systems,” Hastie said.
Microsoft, though quickly deploying an update for the security exploits, warned that “many nation-state actors and criminal groups will move quickly to take advantage of any unpatched systems.”
Matthew Warren, director of the RMIT Centre of Cyber Security Research and Innovation, has provided insight into how and why the attack occurred, as well as what it means for Australia’s future in the sphere of cybersecurity.
“The issue is that Chinese hackers gained access to organisations’ Microsoft email accounts through vulnerabilities in Microsoft Exchange Server email software,” Warren told The Epoch Times in an email.
This means the attackers were able to remotely download emails and attachments, Warren said.
Warren further reiterated the importance of organisations taking heed to ACSC’s advice, without which the organisations face a greater risk of a breach in their email data.
He also noted that once Microsoft’s vulnerabilities became public, systems around the world came under attack via the same exploit.
But to Warren, the attack comes as no surprise.
“It’s how the Chinese operate from a cyber espionage perspective, they look at opportunities to steal vast amounts of data,” he said.
Once the data is stolen, it can be analysed to determine confidential information, Warren added. It can even be used to work out the relationships of people within governments and corporations.
However, this attack is by no means the last of its kind.
Warren pointed out that Australia, like every other country in the developed world, is dependent on systems and software.
All these systems and software contain “a whole range of vulnerabilities that can be exploited by threat actors, whether state based or criminal groups.”
Fortunately, Australian organisations using cloud-based Microsoft Exchange were not impacted by the attack, and Warren said that in the future more companies will move to cloud-based systems.
According to Microsoft’s announcement, this is the eighth time in the past 12 months that Microsoft has publicly disclosed nation-state groups targeting institutions critical to civil society.
Other targeted activity includes healthcare organizations fighting the CCP virus, commonly known as the novel coronavirus, as well as political campaigns and those involved in the 2020 elections.