NewsBite

‘High probability’: China suspected of being behind cyber security attack on West Australian parliament

There is a ‘high probability’ that China was behind a cyber security attack on an Australian state’s parliament days before an election.

China suspected behind cyber attack on Australia

China is suspected of being behind a cyber security attack that targeted the West Australian parliament days before the state election.

Parliamentary Services executive manager Rob Hunter said the attack was consistent with Microsoft’s worldwide advice on March 2 regarding exchange server vulnerabilities and the urgent release of Microsoft’s security patch.

“Microsoft has concluded that there was a ‘high probability’ that the exchange attack originated from China,” he said in a statement on Wednesday.

“However, we have no information to confirm the source of the attack.

“The parliament is confident that no data was lost and all networks were protected.”

Parliament House in Western Australia. Picture: Tony McDonough
Parliament House in Western Australia. Picture: Tony McDonough

Mr Hunter said parliament was first advised of “some unusual activity” on the outward facing Microsoft Exchange mail server just after 5.30pm on March 4 by the Australian Cyber Security Centre.

“The exchange server was immediately shutdown, which effectively disabled external and internal mail traffic, and mitigated the risk of data loss,” he said.

A process of reinstalling a clean backup of the exchange mail server began, as well as installing all Microsoft patches, which took about 19 hours.

“During the 19-hour rebuild, the parliament provided data files to the ACSC for investigation,” Mr Hunter said.

“There was no evidence of data leakage or impact on the parliament’s network.

“All other systems remained operational and protected behind the firewall.”

The Australian Cyber Security Centre intervened following a cyber attack on the WA parliament’s email network. Picture: NCA NewsWire/Tony McDonough
The Australian Cyber Security Centre intervened following a cyber attack on the WA parliament’s email network. Picture: NCA NewsWire/Tony McDonough

ACSC also confirmed it had engaged with the WA parliament to provide advice and assistance.

“Regarding the Microsoft Exchange vulnerability, the ACSC has identified a large number of Australian organisations that are yet to patch affected versions of Microsoft Exchange, leaving them exposed to potential compromise,” a spokesman said.

“It is important that Australian organisations that are yet to patch affected versions take immediate steps to protect themselves.”

Further alerts were then issued on March 9 and March 12.

“The best thing Australian organisations can do to secure their information is to implement the necessary network security patches as soon as possible and then follow the detection steps outlined by Microsoft, available as Microsoft.com/security,” a spokesman said.

“The ACSC is monitoring the Microsoft Exchange situation and is able to provide assistance and advice as required.

Assistant Minister for Defence Andrew Hastie urged Australian organisations to follow the advice.

WA Premier Mark McGowan returned to the top job after a historic crushing wipe-out of the Liberal Party at the weekend.

Read related topics:China

Add your comment to this story

To join the conversation, please Don't have an account? Register

Join the conversation, you are commenting as Logout

Original URL: https://www.news.com.au/technology/online/security/australian-cyber-security-centre-issues-warning-on-microsoft-exchange-after-wa-government-cyber-attack/news-story/efcf9ae2b43cf1e9c5571e289a09ba39