Australia’s Prime Minister Morrison says that Australia is under massive and sustained cyberattack. “We know it is a sophisticated state-based cyber actor because of the scale and nature of the targeting and the tradecraft used,” the Wall Street Journal quotes the Prime Minister as saying. He added that all levels of government and most economic sectors are among the targets.
The actor may be sophisticated, but most observers aren’t moving from that to a conclusion that the attacks themselves are advanced or complicated. (The Guardian’s discussion is representative.) To judge from yesterday’s Australian Signals Directorate advisory, the attacks for the most part hit known vulnerabilities with “copy-and-paste” open-source exploit code. When that approach fails, the attackers resort to familiar spearphishing.
The Prime Minister refused to be drawn on attribution, but he’s generally believed to be describing a Chinese government campaign. ZDNet quotes sources to the effect that this particular “frog has been boiling for years,” which raises the question of why the Prime Minister would choose to issue his warning now. ABC says the campaign may represent payback for Australia’s hard line on Huawei.
North Korea’s Lazarus Group may be preparing a large-scale phishing campaign against targets in South Korea, Singapore, Japan, India, the United Kingdom, and the United States. The countries all have put large COVID-19 economic relief programs in place. ZDNet reports that Pyongyang’s COVID-19 phishbait is expected to serve financial fraud. ZDNet credits Cyfirma with the relevant threat research. SingCERT today posted a warning for Singapore businesses.