Contact us
Portal login
1300 CYBER1 (1300 292 371)
You can view all our advisories from this page. Use the filters below to filter by audience type, title and summary and the sort options to sort for the most recently updated or published content.
24 Jan 2023
2023-01: ACSC Ransomware Profile - Royal
The Australian Cyber Security Centre (ACSC) is aware of a ransomware variant called Royal, which is being used by cybercriminals to conduct ransomware attacks against multiple sectors and organisations worldwide, including Australia. Once gaining access to a victim’s environment, cybercriminals use this ransomware for similar purposes to other variants such as encrypting their data and extorting a ransom to return access to the sensitive files.
23 Dec 2022
Gootkit Loader continues to be used on multiple Australian networks
The Australian Cyber Security Centre continues to observe instances of Gootkit JavaScript (JS) Loaders on multiple Australian networks in 2022. Open source reporting also indicates continued Gootkit activity.
15 Sep 2022
Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations
The Australian Cyber Security Centre (ACSC) has joined with international cyber security agency partners to co-author an advisory on continued Iranian state-sponsored cyber threats. Organisations are encouraged to apply the recommended mitigations to protect themselves online.
05 Aug 2022
2021 Top Malware Strains
This joint Cybersecurity Advisory (CSA) was coauthored by the Cybersecurity and Infrastructure Security Agency (CISA) and the Australian Cyber Security Centre (ACSC).
17 May 2022
Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure
The cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom are releasing this joint Cybersecurity Advisory (CSA). The intent of this joint CSA is to warn organizations that Russia’s invasion of Ukraine has altered the geopolitical balance in ways that could expose organizations both within and beyond the region to increased malicious cyber activity. This activity may occur as a response to the unprecedented economic costs imposed on Russia as well as materiel support provided by the United States and U.S. allies and partners.
12 May 2022
Protecting Against Cyber Threats to Managed Service Providers and their Customers
This advisory describes cybersecurity best practices for information and communications technology (ICT), focusing on guidance that enables transparent discussions between MSPs and their customers on securing sensitive data.
28 Apr 2022
2021 Top Routinely Exploited Vulnerabilities
This advisory provides details on the top 15 Common Vulnerabilities and Exposures (CVEs) routinely exploited by malicious cyber actors in 2021, as well as other CVEs frequently exploited.
2022-02: Australian organisations should urgently adopt an enhanced cyber security posture
Entities should follow ACSC advice and act on improving their resilience within a heightened threat environment.
14 Apr 2022
2022-004: ACSC Ransomware Profile – ALPHV (aka BlackCat)
ALPHV (aka BlackCat, Noberus) is a ransomware variant first observed in late 2021, used by cybercriminals to conduct ransomware attacks against multiple sectors and organisations worldwide, including Australia.
04 Mar 2022
2021-010: ACSC Ransomware Profile - Conti
Conti is a ransomware variant first observed in early 2020, used by cybercriminals to conduct ransomware attacks against multiple sectors and organisations worldwide, including Australia. Conti is offered as a Ransomware-as-a-Service (RaaS), enabling affiliates to utilise it as desired, provided that a percentage of the ransom payment is shared with the Conti operators as commission. This product provides information related to Conti’s background, threat activity, and mitigation advice.
10 Feb 2022
2021 Trends Show Increased Globalized Threat of Ransomware
This joint Cybersecurity Advisory—authored by cybersecurity authorities in the United States, Australia, and the United Kingdom—provides observed behaviors and trends as well as mitigation recommendations to help network defenders reduce their risk of compromise by ransomware.
29 Dec 2021
2021-007: Log4j vulnerability – advice and mitigations
On 10 December 2021, ACSC released an alert relating to a serious vulnerability in versions of the Log4j Java logging library. Malicious cyber actors are using this vulnerability to target and compromise systems globally and in Australia. The ACSC is working with a significant number of victims and affected vendors across all sectors of the economy.
23 Dec 2021
Mitigating Log4Shell and Other Log4j-Related Vulnerabilities
Malicious cyber actors are actively scanning networks to potentially exploit Log4Shell, CVE-2021-45046, and CVE-2021-45105 in vulnerable systems. According to public reporting, Log4Shell and CVE-2021-45046 are being actively exploited. This joint Cybersecurity Advisory is to provide mitigation guidance on addressing vulnerabilities.
22 Nov 2021
Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities in Furtherance of Malicious Activities
Iranian government-sponsored APT actors are actively targeting a broad range of victims across multiple U.S. critical infrastructure sectors, including the Transportation Sector and the Healthcare and Public Health Sector, as well as Australian organisations.
27 Aug 2021
2021-009: Malicious actors deploying Gootkit Loader on Australian Networks
From April 2021, the Australian Cyber Security Centre (ACSC) has received an increase in reporting of malicious actors targeting Australian networks with Gootkit JavaScript (JS) Loaders. Open-source reporting confirms that Gootkit JS Loaders are a precursor to several malware families traditionally used for cybercrime, notably, Gootkit, REvil ransomware, Kronos, or CobaltStrike. The ACSC is providing this information to enable organisations to undertake their own risk assessments and take appropriate actions to secure their systems and networks. The ACSC will update this advisory if more information becomes available.
17 Aug 2021
Vulnerability Affecting BlackBerry QNX RTOS
The ACSC is aware of a vulnerability affecting the BlackBerry QNX, the world’s most prevalent real time operating system.
05 Aug 2021
2021-006: ACSC Ransomware Profile - Lockbit 2.0
The LockBit ransomware restricts access to corporate files and systems by encrypting them into a locked and unusable format. Victims receive instructions on how to engage with the offenders after encryption. LockBit affiliates have successfully deployed ransomware on corporate systems in a variety of countries and sectors, including Australia, where the ACSC is aware of numerous incidents since 2020. LockBit affiliates are known to implement the ‘double extortion’ technique by uploading stolen and sensitive victim information to their dark web site ‘LockBit 2.0’, and threatening to sell and/or release this information if their ransom demands are not met.
09 Jul 2021
Advisory 2021-004: Active exploitation of ForgeRock Access Manager / OpenAM servers
The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) has identified targeting and compromise of Australian organisations with vulnerable internet-accessible servers running ForgeRock Access Manager (ForgeRock AM). ForgeRock AM was previously known as OpenAM. The ACSC has observed malicious actors exploiting the vulnerability in ForgeRock AM/OpenAM to gain initial access to networks in multiple organisations, and facilitate further access within these networks. On 7 July 2021 the ACSC alerted organisations that this vulnerability was being actively exploited. This ACSC advisory provides recommendations for securing ForgeRock AM against vulnerability CVE-2021-35464, and advice on identifying potential successful exploitation of this vulnerability.
26 Mar 2021
Advisory 2021-002: Active exploitation of vulnerable Microsoft Exchange servers
On 2 March 2021 Microsoft released information regarding multiple exploits being used to compromise instances of Microsoft Exchange Server. Malicious actors are exploiting these vulnerabilities to compromise Microsoft Exchange servers exposed to the internet, enabling the malicious actor to access email accounts and to enable further compromise of the Exchange server and associated networks.
04 Nov 2020
Protect yourself from remote access scams
NEVER provide your personal and financial details or give a stranger remote access to your device or computer – simply hang up.
30 Oct 2020
Advisory 2020-017: Resumption of Emotet malware campaign
The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) has observed the resumption of an ongoing and widespread campaign of malicious emails designed to spread the Emotet malware across a variety of sectors in the Australian economy, including critical infrastructure providers and government agencies.
22 Sep 2020
Advisory 2020-016: "Zerologon" - Netlogon Elevation of Privilege Vulnerability (CVE-2020-1472)
The ACSC recommends organisations immediately patch affected Microsoft Windows systems with the Microsoft August 2020 Security Updates, released 11/08/2020.
16 Sep 2020
Advisory 2020-008: Copy-paste compromises - tactics, techniques and procedures used to target multiple Australian networks
This advisory details the tactics, techniques and procedures (TTPs) identified during the Australian Cyber Security Centre’s (ACSC) investigation of a cyber campaign targeting Australian networks. These TTPs are captured in the frame of tactics and techniques outlined in the MITRE ATT&CK framework.
02 Sep 2020
Joint Advisory on Technical Approaches to Uncovering and Remediating Malicious Activity
The purpose of this report is to enhance incident response among partners and network administrators along with serving as a playbook for incident investigation.
13 Aug 2020
02 Aug 2020
2020-013 Ransomware targeting Australian aged care and healthcare sectors
Recently there has been a significant increase in healthcare or COVID-19 themed malicious cyber activity, including targeting of the aged care and healthcare sectors by financially motivated cyber criminals using the ‘Maze’ ransomware.
16 Jul 2020
Protect yourself and others from MyGov-related scams
The Australian Taxation Office (ATO) is receiving increased reports of myGov-related SMS and email scams. As always, our advice is DON’T click any links and DON’T provide the information requested.
15 Jul 2020
ACSC Advisory 2020-012: Critical remote code execution vulnerability in Windows DNS server (CVE-2020-1350)
An adversary who successfully exploits the vulnerability could run arbitrary code in the context of the Local System Account. The Australian Cyber Security Centre (ACSC) strongly recommends users apply the security patch to their Windows DNS servers to prevent an adversary from exploiting this vulnerability.
14 Jul 2020
2020-011: Critical Vulnerability in SAP NetWeaver Application Server (CVE-2020-6287)
The Australian Cyber Security Centre (ACSC) recommends users of these products urgently apply available security patches to prevent an adversary from exploiting this vulnerability.
22 May 2020
2020-006 Detecting and mitigating exploitation of vulnerability in Microsoft Internet Information Services
This advisory provides indicators of the activity ACSC has observed and details proactive advice on detecting and mitigating potential exploitation of this vulnerability in Microsoft Internet Information Services.
Advisory 2020-004: Remote code execution vulnerability being actively exploited in vulnerable versions of Telerik UI by sophisticated actors
This advisory is focused around the targeting of CVE-2019-18935 but has significant overlap to the previously released ACSC 2019-126 advisory.
20 May 2020
Summary of Tactics, Techniques and Procedures Used to Target Australian Networks
This advisory provides information on methods to detect many of the TTPs listed. Partners are strongly encouraged to review their environments for the presence of the exploited vulnerabilities and provided TTPs.
08 May 2020
Advisory 2020-009: Recommendations to mitigate APT actors targeting health sector and COVID-19 essential services
The ACSC recommends that organisations in the health sector implement the following cyber security mitigations:
20 Apr 2020
Threat update: COVID-19 malicious cyber activity 20 April 2020
The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) continues to receive reports from individuals, businesses and government departments about a range of different COVID-19 themed scams, online frauds and phishing campaigns. This threat update is about raising awareness of the evolving nature of COVID-19 related malicious cyber activity impacting Australians.
16 Apr 2020
Sextortion campaign - What to do if you receive the email
In most cases, there is no reason to be concerned. These emails are typically generated in their thousands by online scammers using limited personal details, with the aim of intimidating recipients into paying the ransom.
14 Apr 2020
COVID-19: Cyber security tips when working from home
The COVID-19 pandemic has resulted in many people working from home for the first time. Working from home has specific cyber security risks, including targeted cybercrime. When compromised, unauthorised access to your stored information can have a devastating effect on your emotional, financial and working life.
27 Mar 2020
COVID-19 Malicious Scams - Threat Awareness and Guidance
The ACSC has produced a detailed report, including practical cyber security advice that organisations and individuals can follow to reduce the risk of harm.
Threat update: COVID-19 malicious cyber activity 27 March 2020
This update is designed to raise awareness of increasing COVID-19 themed malicious cyber activity, and provide practical cyber security advice that organisations and individuals can follow to reduce the risk of being impacted.
COVID-19 themed malicious cyber activity
16 Mar 2020
COVID-19 scam messages
The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) is aware of a COVID-19 themed scam being distributed via text message.
13 Mar 2020
Cyber security is essential when preparing for COVID-19
In light of the COVID-19 pandemic, organisations are developing strategies to protect staff and vulnerable members of our community.
25 Feb 2020
Recommendations to mitigate DDoS threats being made against Australian organisations
The Australian Signals Directorate's Australian Cyber Security Centre (ACSC) is aware of a number of Denial of Service (DoS) for ransom threats being made against Australian organisations, primarily in the banking and finance sector.
29 Jan 2020
Revised patch released to disable mitigation against Spectre variant 2
Intel has confirmed that the microcode updates designed to mitigate Spectre variant 2 (CVE-2017-5715: Branch Target Injection) have introduced an increased risk of system instability, data loss and corruption.
15 Jan 2020
2020-002: Critical Vulnerabilities for Microsoft Windows, Patch Urgently
If you or your organisation uses any of the affected products, the ACSC recommends that you apply the patches urgently.
13 Jan 2020
2020-001-4: Remediation for critical vulnerability in Citrix Application Delivery Controller and Citrix Gateway
On 19 January 2020, Citrix released patches for two versions of the Citrix Application Delivery Controller (ADC) and Citrix Gateway appliances. Citrix expects to have patches available across all supported versions of Citrix ADC, Citrix Gateway and Citrix SD-WAN WANOP before the end of January 2020.
11 Jan 2020
Meltdown and Spectre patches unsuitable for some security products
The ACSC is aware of reporting that a variety of security products (e.g. antivirus solutions) are incompatible with Microsoft's patches for the Meltdown and Spectre vulnerabilities.
13 Dec 2019
Australia Post SMS Scam - Threat Awareness and Guidance
Anyone can be a target, whether you are waiting for an Australia Post delivery or not. Scammers cast their net wide, hoping to catch someone out who might be waiting for a parcel delivery this holiday season.
08 Nov 2019
2019-131a: Emotet malware campaign recommended actions
The ACSC recommends organisations consider the following actions to mitigate a number of Emotet/Trickbot infections leading to ransomware attacks, most notably a recent attack on the Victorian health sector using the Ryuk ransomware variant.
01 Oct 2019
2019-129: Recommendations to mitigate vulnerability in Pulse Connect Secure VPN Software
The Australian Cyber Security Centre (ACSC) recommends users of the affected Pulse Connect Secure VPN software immediately upgrade their software.
05 Aug 2019
2019-130: Password spray attacks – detection and mitigation strategies
This advisory contains detection and mitigation guidance, some of which has been successfully deployed in recent investigations.