Federal Parliament Targeted by Brute Force Cyber ​​Attacks

The Australian Parliament was the target of a brute force cyber attack that lasted less than 24 hours in late March, resulting in the inability of Parliamentary Services (DPS) staff to access mobile phones and tablets for 10 days.

“On March 26, 2021, DPS was the subject of malicious cyber activity,” Senator Scott Ryan said in a hearing on Monday.

“A malicious attacker attempted to access a DPS network account via MobileIron. [managed] Devices that use unsophisticated brute force tradecraft. “

“Malicious activity lasted less than 24 hours. It failed and the DPS network was not compromised.”

The implemented network control succeeded in blocking the attack. However, when the account was locked down to prevent breach, it also affected legitimate users, and from March 27th to April 5th, department-issued phones and tablets were suspended.

“DPS continues to be an attractive target for malicious cyber activities that are becoming more frequent and sophisticated,” said the president.

Senate clerk Richard Pai said the commission’s report authors are incompatible with the newly updated Microsoft Office products used in Congress.

“The overall point of the new Microsoft suite adopted throughout the building is a bit frustrating because it makes it easier for people to share information and collaborate,” he said. “And for the past six months, I’ve had the opposite experience.”

Senator Ryan refused to speculate who was behind the attack.

“I’m not going into a backdoor debate about attribution,” he said.

Cyber ​​attacks targeting Australian facilities and organizations occurred frequently in the first half of 2021, targeting both the state legislature and the press.

On March 4, the Western Australian Parliament’s email network was attacked during a state election.Suspected Beijing-backed hackers behind the incident, This was part of a global cyberattack involving Microsoft software.

Prior to that, the Australian Cyber ​​Security Center (ACSC) warned organizations to follow Microsoft’s instructions to patch vulnerable systems hacked by China-based cyber attackers.

On March 28, Nine Network was attacked by a hacker, and the cybersecurity director of the Australian Strategic Policy Institute (ASPI) suggested that the attack could be a political motivation.

Posted on