Unacceptable Malicious Cyber Activity

DFAT/ACSC Joint Statement: Unacceptable Malicious Cyber Activity

Joint Statement

Australian Department of Foreign Affairs and Trade Australian Cyber Security Centre

As Australians and the international community band together to respond to COVID-19, the Australian Government is concerned that malicious cyber actors are seeking to exploit the pandemic for their own gain.

Of particular concern are reports that malicious cyber actors are seeking to damage or impair the operation of hospitals, medical services and facilities, and crisis response organisations outside of Australia.

“Countries have agreed at the United Nations that existing international law applies in cyberspace. Countries have also agreed that it is contrary to norms of responsible state behaviour to use cyber tools to intentionally damage or impair critical infrastructure providing services to the public,” said Australia's Ambassador for Cyber Affairs, Dr Tobias Feakin.  

“Countries have also agreed to cooperate to address cybercrime and not to knowingly allow their territory to be used for internationally wrongful acts.

“The Australian Government calls on all countries to cease immediately any cyber activity – or support for such activity – inconsistent with these commitments. We also urge all countries to exercise increased vigilance and take all reasonable measures to ensure malicious cyber activity is not emanating from their territory,” said Ambassador Feakin.

Australia's Ambassador for Cyber Affairs is engaging international counterparts. Australia has registered our concern about this international activity at the United NationsAustralia's Cyber Cooperation Program is assisting countries in our region to strengthen their cyber resilience.

The ACSC continues to collaborate with industry, law enforcement and government partners to identify and disrupt malicious cyber criminals offshore. The Australian Federal Police is working closely with State and Territory Police and international policing agencies in the fight against all types of cybercrime. Australia's eSafety Commissioner provides valuable tips for staying safe online during the COVID-19 pandemic, tailored for parents and carers, educators, women, seniors and frontline workers.

The Australian Cyber Security Centre (ACSC) has today published a technical advisory outlining the most common tactics, techniques and procedures used by criminal and state-based malicious cyber actors to target Australian networks over the last 18 months.

This advisory follows advice published by the ACSC on 8 May, which details the targeting of Australian health sector organisations and COVID-19 essential services by Advanced Persistent Threat (APT) actors.

The Head of the ACSC, Ms Abigail Bradshaw CSC, said this latest advisory will help organisations identify and mitigate some of the most common techniques used to compromise Australian systems.

“The ACSC is on the front line of our defence against malicious cyber activity, and this advisory is informed by a range of incidents we have observed and responded to. The tradecraft used by malicious adversaries ranges from the simple to the very sophisticated,” said Ms Bradshaw.

“Organisations are encouraged to review their networks in line with this advisory and inform the ACSC via asd.assist@defence.gov.au if compromise is found.”

Further cyber security advice, including recent advice relating to COVID-19, is available at www.cyber.gov.au.

The Australian Government is committed to responding to the COVID-19 pandemic consistent with long-term interests of stability, prosperity and resilience of Australia and our region.