Add Your VPN Review

Disclosure: Privacy Australia is community-supported. We may earn a commission when you buy a VPN through one of our links. Learn more.

Real Threat of Russia-Australia Hacking? Australian PM warns…

By Will Ellis
Last Updated on April 5, 2022
Real Threat of Russia-Australia Hacking? Australian PM warns…

Australia wants its citizens to head to the Australian Signals Directorate website and ensure that they are up to date with the best practices for cyber security — in fears of a Russian-Australian cyberwar.

Australian PM Scott Morrison and Russian PM Vladimir Putin, among others, have been bickering over tensions in Ukraine; Russian military involvement and Australia’s sanctions in response.

Russia claims Australia is supporting (xenophobic bullies) in Ukraine, describing it as the “radical nationalistic regimen in Ukraine”. This statement came from the Russian embassy in Australia.

The Australian PM responded by calling the Russian government “bullies”. The Australian PM Scott Morrison added that Australia was “ready” for Russian cyber warfare in response to its actions, after recording a flurry of attacks overnight (in Ukraine) causing a state of emergency.

On this, the PM said on the Today show, “Cyber attacks are a real threat and they’re a present threat and that is the most likely response from Russia in terms of what we’ve done.” This warning applies to every level of the website, from small businesses to enterprises.

“That’s why already for some time now we’ve been working, privately, with many of our big companies looking at our critical infrastructure to ensure that we can have them as best stepped up in their defenses as you can.”

What is MuddyWater Iran Hacking & Espionage Group?

MuddyWater is a cybersecurity espionage apparatus that is allegedly sponsored by the Iranian government. For instance, they’re thought to have been behind long-term efforts to invade government networks in Jordan, Turkey, and Iraq in 2019, as well as North American breaches.

The Islamic Republic of Iran refutes all allegations of sponsoring the group, calling these propagandistic claims. US security agencies claim that these espionage attacks are prolific, ranging from attacks on telecom firms, Middle-Eastern organisations, to targeted malicious code on North American systems (detailed information on the latter is not publicly available).

Iranian Cyber Security Threat to Australia

During the furore, state-funded Iranian hackers are allegedly carrying out international cyber-espionage campaigns focused on North America, Europe, and Australia.

A joint release from the US and UK security agencies (a rare occurrence) warns that the group MuddyWater is targeting numerous industries, government organisations, and SME businesses. Some of the sectors included are healthcare, transportation, and critical infrastructure.

Nothing to mirror those in Ukraine have been seen yet, whose internet systems, financial networks, energy providers, and military communication have been heavily bombarded.

According to the US Cybersecurity Infrastructure Security Agency (CISA) MuddyWater malware group is now under the leadership of the Iranian Ministry of Intelligence and Security. They are supposedly overseeing the theft of PII and other valuable data such as account passwords, for dissemination to the Iranian government and its allies.

Iranian-Russian Alliance Under-the-Table

Russia and Iran have traditionally been strong allies. Western tensions over Iranian nuclear programs have made Iran more reliant on Russian support, as leverage on a global scale.

Iran’s official position is opposing the Ukrainian War. However, it has “sided” with China by not agreeing to a United Nations vote for sanctioning Russia for its invasion. Its supreme leader, instead, has blamed the “mafia regime” of North America and Western policies.

So despite its remoteness from the regional conflicts, Australia is possibly a cyber security target. 2021, the Australian Cyber Security Centre (ACSE”) issued a warning that the Iranian state-funded hackers MuddyWater were trying to breach different global systems, by exploiting Microsoft exchange weaknesses.

Fortinet Microsoft Exchange Vulnerabilities

Concerns about MuddyWater espionage on government agencies and businesses across the US have been a matter of public concern since at least 2021. Fortinet published a press release in March 2021, denouncing “aggressive hacking campaigns” focused on weaknesses in some versions of the Microsoft Exchange server.

Some experts claimed back then that “hundreds of thousands” Of exchange server breaches had already occurred globally. However, these were laid down to the efforts of cyber espionage organisation HAFNIUM, running out of mainland China.

While the Microsoft exchange server service remained operational, patches were needed nor in order to fixup exploits that targeted the following vulnerabilities:

  • ☑️ CVE-2021-26855
  • ☑️ CVE-2021-26857
  • ☑️ CVE-2021-26858
  • ☑️ CVE-2021-27065 

MuddyWater Malware Attack Paths

Further exploits in Exchange are today being laid at the foot of MuddyWater Iran. Fortinet is responsible for safeguarding government organisations and big businesses.

But a wide range of tactics is used to spy on them and steal data. According to the joint US UK release, this is a mixture of ransomware, extortion, data exfiltration, and spear phishing. Data exfiltration, In particular, involves the unwarranted movement of data from a computer, via malware.

Spear phishing relies on scam emails or messages that in fact secretly install malware in order to spy and steal data.

Future Outlook

Australian government defense minister, Peter Dutton, adds to UK and US government press releases that call the statewide cyber attacks on Ukraine’s banking sector on February 15 and 16 as a coordinated effort by the Russian Main Intelligence Directorate (GRU).

Dutton, on the international response: “The international community must not tolerate Russia’s misuse of cyberspace to undermine Ukraine’s national security, sovereignty, and territorial integrity by seeking to disrupt essential services, businesses, and community confidence”.

Finally, an ACSC spokesperson said they’re encouraging Australian organisations to urgently adopt an enhanced cybersecurity posture in light of the heightened threat environment”.

You Might Also Like:

Related news