Australia’s federal parliament was the target of a brute force cyber-attack that lasted less than 24 hours in late March which resulted in the Department of Parliamentary Services (DPS) staff losing access to their phones and tablets for 10 days.
“On March 26, 2021, the DPS was the subject of malicious cyber activity,” Scott Ryan, president of the Senate, told an estimates hearing on Monday.
“A malicious actor sought to access the DPS network accounts through MobileIron [managed] devices using unsophisticated brute force tradecraft.”
“The malicious activity lasted just under 24 hours. It was unsuccessful, and DPS networks were not compromised.”
The network controls implemented were successful in blocking the attack. But they also affected legitimate users when accounts were locked down to prevent compromise, causing an outage to department-issued phones and tablets from March 27 to April 5.
“DPS has been and will remain an attractive target for malicious cyber activity, which is increasing in frequency and sophistication,” the president said.
Richard Pye, the clerk of the Senate, said the committee report builder is not compatible with the newly updated Microsoft Office products used at the parliament.
“It’s a little bit frustrating because the whole point of the new Microsoft suite that has been adopted throughout the building is to enable people to share information and collaborate more easily,” he said. “And we’ve had an experience over the last six months where the reverse has been the case.”
Senator Ryan refused to give conjecture of who was behind the attack.
“I’m not going to get into a backdoor discussion of attribution,” he said.
Cyber-attacks targeting Australian facilities and organisations have been a frequent occurrence during the first half of 2021, with both state parliament and news outlets being targeted.
On March 4, Western Australia’s parliamentary email network was attacked during the middle of a state election. It was suspected that Beijing-backed hackers were behind the incident, which was a part of a global cyber-attack involving Microsoft software.
Prior to that, the Australian Cyber Security Centre (ACSC) had warned organizations to follow Microsoft’s instructions to patch vulnerable systems, which were hacked by a cyber actor based in China.
On March 28, the Nine Network was attacked by hackers, with the cybersecurity director at the Australian Strategic Policy Institute (ASPI) suggesting that the attack could have been politically motivated.