Russian operatives try to hack NSW Health, Rio Tinto and Serco Asia Pacific
The nation’s biggest health department, Rio Tinto and Serco Asia Pacific targeted in one of the biggest hacking attacks in history.
The nation’s biggest health department has been attacked by a Russian hacking offensive that has already infiltrated major companies and some of the most powerful institutions on the planet.
NSW Health, which is leading the state’s coronavirus response, says it was alerted to the SolarWinds cyber attack last week. It said it was confident there had been no breach of its systems or access of any patient records.
Serco Asia Pacific, which holds numerous contracts with Australian detention centres and defence, and mining giant Rio Tinto have also both been linked to what is being described as one of the biggest hacking attacks in history.
The SolarWinds attack, which originated in Russia, has reportedly infiltrated major US government agencies including the Department of State, the National Nuclear Security Administration, Homeland Security, Commerce and the Treasury — as well as big tech companies such as Microsoft, Cisco and Intel.
The hackers used a compromised version of SolarWinds Orion, a widely used IT system management platform, to insert a backdoor into the computer systems of potentially thousands of major organisations.
A spokeswoman for eHealth NSW confirmed the department was among the many organisations that had been using the SolarWinds monitoring system across its network. “To date, there has been no evidence found that NSW Health systems have been compromised and no evidence that there has been any breach of patient information,” the spokeswoman said.
“eHealth NSW can confirm that it has received the necessary updates from the vendor to ensure ongoing protection of its services.”
A spokesman for Serco Asia Pacific said the company had immediately shut down all its SolarWinds servers after receiving an alert from the Australian Cyber Security Centre last week.
“(Serco Asia Pacific) will keep them offline until we are satisfied that an effective and safe version is available,” the spokesman said. The company believes all its data is safe.
“A full security review of logs and other internal investigations was undertaken and we have not found evidence of data or systems outside the Orion system being compromised, either internal Serco or customer related,” the spokesman said.
“Serco IT staff have conducted scans against Serco Infrastructure to verify that there was no handshake/compromise.”
Rio Tinto declined to comment on the attack, which targeted the mining giant’s internal network. It is understood that a detailed investigation by the company’s IT team has not found any evidence that its systems were accessed.
NSW Health, Serco and Rio Tinto were among hundreds of potential SolarWinds victims identified in reverse-engineering by cybersecurity experts of data gleaned from the internet.
The data showed that websites linked to all three groups were found to have communicated with the main “command and control” server used by the hackers, which pointed to some level of infiltration.
Robert Potter, the chief executive of cyber defence consultancy Internet 2.0, told The Australian the appearance of NSW Health, Serco and Rio Tinto in that data meant it was almost certain that the malware was within their networks.
“Multiple researchers, both within Australia and globally, have studied this information and concluded that domains on that list are highly likely to have an infection resident somewhere within the domain,” he said.
SolarWinds has said that the malware was in its software between March and June, potentially affecting up to 18,000 organisations around the world.
Thomas Bossert, former security adviser to Donald Trump, said the magnitude of the attack was “hard to overstate”. He said evidence suggested Russia’s SVR intelligence agency was responsible. “The Russians have had access to a considerable number of important and sensitive networks for six to nine months,” he wrote in the New York Times.
‘Unique’ AUKUS deal a safeguard from tariffs: Marles
Defence Minister Richard Marles spruiks Australian contributions to US military at a meeting with Pete Hegseth in Washington, as Donald Trump runs the ruler over American allies.
Found: rock legend’s ‘lost’ songs
People are strange, The Doors told us, but no stranger than the tale of Jim Morrison’s ‘lost’ songs, believed to have turned up in a cluttered timber home on a remote hill in the Tasmanian bush.