Australian Government attribution of cyber incident to Russia
The Australian Government has joined the governments of the United States and United Kingdom in expressing concern at the malicious cyber activity targeting commercially available routers around the world.
Based on advice from Australian intelligence agencies, and in consultation with our allies, the Australian Government has determined that Russian state-sponsored actors are responsible for this activity, which occurred in 2017.
While a significant number of Australian organisations have been affected by this activity, there is no indication Australian information has been successfully compromised. The Australian Cyber Security Centre has engaged relevant Australian organisations, including through their internet service providers, to provide mitigation advice.
Minister for Law Enforcement and Cyber Security Angus Taylor said these incidents are unacceptable and the Australian Government calls on all countries, including Russia, not to take actions that could lead to damage of critical infrastructure that provide services to the public.
"Commercially available routers were used as a point of entry, demonstrating that every connected device is vulnerable to malicious activity," Mr Taylor said.
"This attempt by Russia is a sharp reminder that Australian businesses and individuals are constantly targeted by malicious state and non-state actors, and we must maintain rigorous cyber security practices."
Minister Taylor is currently in the United States meeting with US Government counterparts, including Secretary of Homeland Security Kirstjen Nielsen, along with senior officials in the Department of Justice and the Federal Bureau of Investigation to discuss cyber security and law enforcement priorities, including responses to cyber threats.
"A strong alliance between Australia and the United States is crucial if we are to prevent and develop strong defences to state-sponsored cyber incidents," Mr Taylor said.
"The Turnbull Government, through its 2016 Cyber Security Strategy and the establishment of the Home Affairs portfolio, is committed to ensuring the Australian public sector, businesses and the community are safe from malicious cyber activity."
Furthermore, the 2017 International Cyber Engagement Strategy commits Australia to deter and respond to malevolent behaviour in cyberspace.
The ACSC has issued advice on how to strengthen vulnerable devices and prevent malicious cyber activity, and all Australian organisations are strongly encouraged to review that advice on ACSC's website at https://acsc.gov.au/news.html.