With the ASIO’s Threat Report revealing a network of spies has been removed Australia, global cybersecurity leader Proofpoint warns that threat intelligence research confirms Australia is still at risk.
Proofpoint’s Adrian Covich, Senior Director, Systems Engineering for the APJ region, warns that last year the company found evidence of China cyber-espionage in South China Sea, which was targeting defence contractors, manufacturers, universities, government agencies, legal firms involved in diplomatic disputes, and foreign companies involved with Australasian policy.
Adrian Covich, Senior Director, Systems Engineering, APJ, Proofpoint said, “It is encouraging to hear ASIO commit to a more aggressive counterespionage posture, and to know that the organisation exercised its power to remove a network of spies from Australia. However, we know that threat actors aren’t bound by borders in today’s day and age.”
“There are threat actors out there which are infiltrating our nation without ever stepping foot on our shores by preying on Australian’s use of and reliance upon digital technology,” said Covich
One of the most consistent presences we’ve seen in the threat landscape is a threat actor TA423, also known as Red Landon.
TA423 is a China-based, espionage-motivated threat actor that has been active since 2013, and that in 2022 shifted its focus to local and federal Australian Governmental agencies by impersonating media publications to deliver its malware infrastructure.
“What is important to know is that these threat actors aren’t just trying to take sensitive information from military leaders, government officials and journalist.”
“They also target everyday Australians. We are a highly connected nation, and our government has made an effort to keep up with this demand for digital technology,” said Covich
“As critical government services have moved online to improve citizen access to their tax, Medicare and other services, they’ve opened up a world of risk.”
“Lately, our Proofpoint team has seen several Australian myGov themed lures. These lures come from .com.au addresses, point to an authentic looking Australian myGov themed url, and go as far as to feature a padlock. All this to steal the hard-earned money, personal data and trust of everyday Australians,” he said
The unfortunate, yet important, reality is that bad actors are everywhere, and they want the easiest way to get through people.
Covich concluded, “Today, we believe human nature and email attachments are still providing that easy route. When we have conversations about the state of security in Australia, we need to not only think of spies and cybersecurity as hackers in dark rooms with computers, but think about security being a people problem.”
Mr Covich has also observed a concerning trend of how online government services, like myGov, are being hacked and used to steal data and money from everyday Australians.
