Cyber attack on Australia: The Army's information has been stolen

The data extracted included details about new fighter planes and navy vessels.

"A significant amount of data was stolen from them, and most of the data was defence related", he told the Australian Information Security Association.

The report mentions that the Australian Signals Directorate (ASD) had named the advanced persistent threat (APT) as "Alf".

"While presenting at a conference in Sydney, an ASD official (who works for the ACSC) disclosed information about the theft of data from an Australian company", the statement said.

"It could be one of a number of different actors", Christopher Pyne, the defence industry minister, said. It could be a state actor or a non-state actor.

While talking to the Australian Broadcasting Corp, Mr. Pyne said that he had been assured the stolen information was not a risk to national security. In 2011 for example, a major Japanese defence contractor was hacked.

An ASD intelligence agency official Mitchell Clarke described the compromise as "extensive and extreme" in an audio recording of a conference presentation in Sydney made by a ZDNet journalist and broadcast by the ABC Radio. The time period between July and November when the contractor was unaware of the hack is being called "Alf's Mystery Happy Fun Time".

In a statement sent to Defence Connect, a spokesperson from the ACSC said the information stolen by an unknown cyber thief was commercially sensitive but not classified.

The admin password, to enter the company's web portal, was "admin" and the guest password was "guest".

"Even in highly regulated environments, we still find default credentials and a lack of patching being one of the top root causes for system insecurity", says incident response expert David Stubley, who heads cybersecurity consultancy 7 Elements in Edinburgh, Scotland.

"Su Bin admitted to playing an important role in a conspiracy, originating in China, to illegally access sensitive military data, including data relating to military aircraft that are indispensable in keeping our military personnel safe", John P. Carlin, then the USA assistant attorney general for national security, said at the time. "Which means that, in the inevitability of a breach occurring, the data to which hackers can gain access is constrained".

"We need to decouple security from infrastructure and adopt a zero trust security model: to achieve access, a user needs to both see an application and be permitted to use it", he said.

The Women in IT Awards is the technology world's most prominent and influential diversity program.

Related news

[an error occurred while processing the directive]