Australian Government Warns of Nation-State Actors' Plans to Weaponize Malware
The Australian government is alerting critical infrastructure providers that state-sponsored cyber actors are positioning malware in their networks that can be weaponized to disrupt national security during major crises or a military conflict.
See Also: VMware Carbon Black App Control
"Foreign powers and their proxies are demonstrating a high level of skill in deploying cyber capabilities to compromise and hold at risk critical infrastructure systems and assets with limited inherent espionage value, to support broader strategic objectives," the Ministry of Home Affairs' Cyber and Infrastructure Security Center said this week.
CISC cited a report by the Five Eyes cybersecurity and intelligence agencies that warned in February that Volt Typhoon, a cyberespionage cluster sponsored by China, sought to pre-position itself on IT networks "for disruptive or destructive cyberattacks against U.S. critical infrastructure in the event of a major crisis or conflict with the United States."
In the U.S., Volt Typhoon compromised the IT environments of organizations in multiple critical infrastructure sectors, including water, energy, telecommunications and transportation, potentially providing a launching pad for disruptive attacks.
"One of the actor's primary tactics, techniques and procedures is living off the land, which uses built-in network administration tools to perform their objectives," the Australian Cyber Security Center said. "This TTP allows the actor to evade detection by blending in with normal Windows system and network activities, avoid endpoint detection and response products that would alert on the introduction of third-party applications to the host, and limit the amount of activity that is captured in default logging configurations."
China reportedly sponsors two other cyberespionage clusters, tracked as Flax Typhoon and Salt Typhoon by Microsoft, that regularly target and monitor critical infrastructure entities. U.S. agencies are investigating Salt Typhoon's eight-month cyberespionage operation targeting telecom providers Verizon, AT&T and Lumen Technologies, and others (see: Chinese Hackers Tied to US National Security Eavesdropping).
According to cybersecurity minister Tony Burke, cybersecurity incidents at critical infrastructure entities have caused long-term impact beyond the initial disruptions. "The incidents that have impacted Australia this year exemplify the vulnerabilities of interconnected networks and how cascading effects can flow through critical infrastructure dependencies, disrupting critical functions," he said.
The government has launched several cybersecurity initiatives aimed at improving sectoral collaboration and regulations .
Earlier in November, the government added 46 systems deployed by critical infrastructure entities to its list of "Systems of National Significance." The designation means the government can require critical infrastructure operators to develop incident response plans, perform cybersecurity exercises, identify and fix vulnerabilities, and provide systems information to cybersecurity agencies to develop and maintain a nearly real-time view of cyberthreats.
The government in October also introduced amendments to the Security of Critical Infrastructure Act 2018 to apply the law to additional data storage systems that process business-critical data and expand the government assistance framework to help critical infrastructure entities' respond to cybersecurity incidents.
The amendments also will empower the regulator to order organizations to remediate seriously deficient risk management programs and to consider harm-based assessments of "protected information."