Iranian and Chinese hackers target Australian universities and NGOs

Cyber activity in China is increasing big time, despite cyber non-aggression treaties, and Iran is on the cyber search for intellectual property.

Australian universities have been targeted by hackers with connections to Iran in recent months, and “a number of investigations” are in progress, according to cybersecurity firm CrowdStrike.

“There are a lot of things that are happening geopolitically that are driving a lot of attacks,” the company’s vice president for technology strategy Michael Sentonas told journalists in Sydney earlier this month. “There are things happening in China, in Russia, in Iran, there are things happening in North Korea, that [are] directly having an impact to all of us on the internet.”

CrowdStrike has called out this blurring of cyber tradecraft with what they’re calling “cyber statecraft” in their 2018 Global Threat Report, released on Monday.

“Obviously Iran has a specific interest in Saudi Arabia. There’s a number of diplomatic disputes. Iran, heavily embargoed, want access to a lot of intellectual property they may not necessarily be able to get. There are groups that are linked [to Iran] and are seeking for a lot of that intel,” Sentonas stated.

“There’s been quite a number of universities in Australia, over the last several months, that have been targeted, with adversaries looking to get intellectual property that would be of benefit to certain groups and government departments in Iran. We’ve been directly impacted by that, and there’s a number of investigations going on across the country.”

CrowdStrike has also seen an increase in cyber activity originating from the Chinese republic, even though Australia and some other western nations had signed what were essupposedly cyber non-aggression treaties with China in 2015 and 2016.

“In 2017, we saw a lot of action again, activity targeted at what I would call a soft target. An NGO. A think tank,” Sentonas said.

“They’re great people to target, because you have people that were once in government. You have academics. You have people researching economic policy. They’re working on defence projects. They are in technology and medical advancement. That would be interesting to a particular group or country that maybe doesn’t want to do that research. Or if you’re a think tank that is working on, for example, Chinese economic policy, what if you want to know what that think tank is researching?”

The Russian cyber actor Fancy Bear, which was active in the lead-up to the US election in 2016, has also been busy.

“That group is continuing to be very, very active, and they are looking at essentially destabilising our democratic institutional legitimacy. They are trying to do misdirection etc,” Sentonas said.

The rise of such cyber disinformation was predicted by David Irvine, former director-general of the Australian Security Intelligence Organisation (ASIO), and former head of the Australian Secret Intelligence Service (ASIS), in later half of 2016.

CrowdStrike reports that ransomware will continue to be a major trend for nation-state and criminal actors. They also point to a cyber trickle-down effect.

“These techniques are recycled. Once they’ve been used once, they do get used again, and they get shared, and it adds complexity to the average organisations around the world,” Sentonas said.

Flinders University Australia

Related Coverage

Australian Home Affairs thinks its IT is safe because it has a cybermoat

For a department that is focused on protecting borders, it seems virtual border protection is missing in action.

Australian decryption legislation will not undermine ‘legitimate encryption’: Home Affairs

Calling government proposals to seek decryption of communications a “backdoor” is a cartoon-like assumption, according to Secretary of the Department of Home Affairs Michael Pezzullo.

ASD gives Dimension Data protected-level cloud certification

The multinational is the first overseas player awarded the certification from the agency responsible for foreign signals intelligence and information security in Australia.

US-CERT recently issued a major cybersecurity warning for the Olympic Games (TechRepublic)

Hackers may capitalize on the Olympics to spread messages and steal personally identifiable information. Fans and athletes must remember that they are responsible for their own cybersecurity.

Unsecured Amazon S3 buckets are prime cloud target for ransomware attacks (TechRepublic)

Thousands of S3 buckets are incorrectly configured as being publicly writable, making them a cinch to exploit.

Henry Sapiecha

Leave a Reply

Your email address will not be published. Required fields are marked *