View all advisories

22 Nov 2021

Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities in Furtherance of Malicious Activities

Iranian government-sponsored APT actors are actively targeting a broad range of victims across multiple U.S. critical infrastructure sectors, including the Transportation Sector and the Healthcare and Public Health Sector, as well as Australian organizations.

27 Aug 2021

2021-007: Malicious actors deploying Gootkit Loader on Australian Networks

From April 2021, the ACSC has received an increase in reporting of malicious actors targeting Australian networks with Gootkit JavaScript (JS) Loaders. Open-source reporting confirms that Gootkit JS Loaders are a precursor to several malware families traditionally used for cybercrime, notably, Gootkit, REvil ransomware, Kronos, or CobaltStrike. The ACSC is providing this information to enable organisations to undertake their own risk assessments and take appropriate actions to secure their systems and networks. The ACSC will update this advisory if more information becomes available.

17 Aug 2021

Vulnerability Affecting BlackBerry QNX RTOS

The ACSC is aware of a vulnerability affecting the BlackBerry QNX, the world’s most prevalent real time operating system.

05 Aug 2021

2021-006: ACSC Ransomware Profile - Lockbit 2.0

The LockBit ransomware restricts access to corporate files and systems by encrypting them into a locked and unusable format. Victims receive instructions on how to engage with the offenders after encryption. LockBit affiliates have successfully deployed ransomware on corporate systems in a variety of countries and sectors, including Australia, where the ACSC is aware of numerous incidents since 2020. LockBit affiliates are known to implement the ‘double extortion’ technique by uploading stolen and sensitive victim information to their dark web site ‘LockBit 2.0’, and threatening to sell and/or release this information if their ransom demands are not met.

09 Jul 2021

Advisory 2021-004: Active exploitation of ForgeRock Access Manager / OpenAM servers

The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) has identified targeting and compromise of Australian organisations with vulnerable internet-accessible servers running ForgeRock Access Manager (ForgeRock AM). ForgeRock AM was previously known as OpenAM. The ACSC has observed malicious actors exploiting the vulnerability in ForgeRock AM/OpenAM to gain initial access to networks in multiple organisations, and facilitate further access within these networks. On 7 July 2021 the ACSC alerted organisations that this vulnerability was being actively exploited. This ACSC advisory provides recommendations for securing ForgeRock AM against vulnerability CVE-2021-35464, and advice on identifying potential successful exploitation of this vulnerability.

08 May 2021

2021-003: Ongoing campaign using Avaddon Ransomware

The Australian Cyber Security Centre (ACSC) is aware an ongoing ransomware campaign utilising the Avaddon Ransomware malware. This campaign is actively targeting Australian organisations in a variety of sectors. This advisory provides details of Avaddon threat actors, dark web activity, targeted countries and sectors, the malware infection chain, and known Techniques, Tools, and Procedures (TTPs). If activity is identified relating to this advisory please report any findings to the ACSC.

26 Mar 2021

Advisory 2021-002: Active exploitation of vulnerable Microsoft Exchange servers

On 2 March 2021 Microsoft released information regarding multiple exploits being used to compromise instances of Microsoft Exchange Server. Malicious actors are exploiting these vulnerabilities to compromise Microsoft Exchange server. Malicious actors are exploiting these vulnerabilities to compromise Microsoft Exchange servers exposed to the internet, enabling the malicious actor to access email accounts and to enable further compromise of the Exchange server and associated networks.

30 Oct 2020

Advisory 2020-017: Resumption of Emotet malware campaign

The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) has observed the resumption of an ongoing and widespread campaign of malicious emails designed to spread the Emotet malware across a variety of sectors in the Australian economy, including critical infrastructure providers and government agencies.

22 Sep 2020

Advisory 2020-016: "Zerologon" - Netlogon Elevation of Privilege Vulnerability (CVE-2020-1472)

The ACSC recommends organisations immediately patch affected Microsoft Windows systems with the Microsoft August 2020 Security Updates, released 11/08/2020.

16 Sep 2020

Advisory 2020-008: Copy-paste compromises - tactics, techniques and procedures used to target multiple Australian networks

This advisory details the tactics, techniques and procedures (TTPs) identified during the Australian Cyber Security Centre’s (ACSC) investigation of a cyber campaign targeting Australian networks. These TTPs are captured in the frame of tactics and techniques outlined in the MITRE ATT&CK framework.

02 Sep 2020

Joint Advisory on Technical Approaches to Uncovering and Remediating Malicious Activity

The purpose of this report is to enhance incident response among partners and network administrators along with serving as a playbook for incident investigation.

02 Aug 2020

2020-013 Ransomware targeting Australian aged care and healthcare sectors

Recently there has been a significant increase in healthcare or COVID-19 themed malicious cyber activity, including targeting of the aged care and healthcare sectors by financially motivated cyber criminals using the ‘Maze’ ransomware.

15 Jul 2020

ACSC Advisory 2020-012: Critical remote code execution vulnerability in Windows DNS server (CVE-2020-1350)

An adversary who successfully exploits the vulnerability could run arbitrary code in the context of the Local System Account. The Australian Cyber Security Centre (ACSC) strongly recommends users apply the security patch to their Windows DNS servers to prevent an adversary from exploiting this vulnerability.

14 Jul 2020

2020-011: Critical Vulnerability in SAP NetWeaver Application Server (CVE-2020-6287)

The Australian Cyber Security Centre (ACSC) recommends users of these products urgently apply available security patches to prevent an adversary from exploiting this vulnerability.

22 May 2020

2020-006 Detecting and mitigating exploitation of vulnerability in Microsoft Internet Information Services

This advisory provides indicators of the activity ACSC has observed and details proactive advice on detecting and mitigating potential exploitation of this vulnerability in Microsoft Internet Information Services.

22 May 2020

Advisory 2020-004: Remote code execution vulnerability being actively exploited in vulnerable versions of Telerik UI by sophisticated actors

This advisory is focused around the targeting of CVE-2019-18935 but has significant overlap to the previously released ACSC 2019-126 advisory.

20 May 2020

Summary of Tactics, Techniques and Procedures Used to Target Australian Networks

This advisory provides information on methods to detect many of the TTPs listed. Partners are strongly encouraged to review their environments for the presence of the exploited vulnerabilities and provided TTPs.

08 May 2020

Advisory 2020-009: Recommendations to mitigate APT actors targeting health sector and COVID-19 essential services

The ACSC recommends that organisations in the health sector implement the following cyber security mitigations:

20 Apr 2020

Threat update: COVID-19 malicious cyber activity 20 April 2020

The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) continues to receive reports from individuals, businesses and government departments about a range of different COVID-19 themed scams, online frauds and phishing campaigns. This threat update is about raising awareness of the evolving nature of COVID-19 related malicious cyber activity impacting Australians.

14 Apr 2020

COVID-19: Cyber security tips when working from home

The COVID-19 pandemic has resulted in many people working from home for the first time. Working from home has specific cyber security risks, including targeted cybercrime. When compromised, unauthorised access to your stored information can have a devastating effect on your emotional, financial and working life.

27 Mar 2020

Threat update: COVID-19 malicious cyber activity 27 March 2020

This update is designed to raise awareness of increasing COVID-19 themed malicious cyber activity, and provide practical cyber security advice that organisations and individuals can follow to reduce the risk of being impacted.

27 Mar 2020

COVID-19 themed malicious cyber activity

This update is designed to raise awareness of increasing COVID-19 themed malicious cyber activity, and provide practical cyber security advice that organisations and individuals can follow to reduce the risk of being impacted.

13 Mar 2020

Cyber security is essential when preparing for COVID-19

In light of the COVID-19 pandemic, organisations are developing strategies to protect staff and vulnerable members of our community.

25 Feb 2020

Recommendations to mitigate DDoS threats being made against Australian organisations

The Australian Signals Directorate's Australian Cyber Security Centre (ACSC) is aware of a number of Denial of Service (DoS) for ransom threats being made against Australian organisations, primarily in the banking and finance sector.

06 Feb 2020

2020-003: Mailto ransomware incidents Recommendations

The ACSC’s recommendations for detecting and preventing the spread of the Mailto ransomware is to update antivirus and other security tools.

29 Jan 2020

Revised patch released to disable mitigation against Spectre variant 2

Intel has confirmed that the microcode updates designed to mitigate Spectre variant 2 (CVE-2017-5715: Branch Target Injection) have introduced an increased risk of system instability, data loss and corruption.

15 Jan 2020

2020-002: Critical Vulnerabilities for Microsoft Windows, Patch Urgently

If you or your organisation uses any of the affected products, the ACSC recommends that you apply the patches urgently.

13 Jan 2020

2020-001-4: Remediation for critical vulnerability in Citrix Application Delivery Controller and Citrix Gateway

On 19 January 2020, Citrix released patches for two versions of the Citrix Application Delivery Controller (ADC) and Citrix Gateway appliances. Citrix expects to have patches available across all supported versions of Citrix ADC, Citrix Gateway and Citrix SD-WAN WANOP before the end of January 2020.

11 Jan 2020

Meltdown and Spectre patches unsuitable for some security products

The ACSC is aware of reporting that a variety of security products (e.g. antivirus solutions) are incompatible with Microsoft's patches for the Meltdown and Spectre vulnerabilities.

08 Nov 2019

2019-131a: Emotet malware campaign recommended actions

The ACSC recommends organisations consider the following actions to mitigate a number of Emotet/Trickbot infections leading to ransomware attacks, most notably a recent attack on the Victorian health sector using the Ryuk ransomware variant.

01 Oct 2019

2019-129: Recommendations to mitigate vulnerability in Pulse Connect Secure VPN Software

The Australian Cyber Security Centre recommends users of the affected Pulse Connect Secure VPN software immediately upgrade their software.

05 Aug 2019

2019-130: Password spray attacks – detection and mitigation strategies

This advisory contains detection and mitigation guidance, some of which has been successfully deployed in recent investigations.

30 Jul 2019

ICS-CERT Advisories

ICS-CERT advisories link from the US Department of Homeland Security

03 Jul 2019

2019-009: Recommendations for securing unprotected network and data services

All Australian businesses and organisations should ensure they have implemented strong user authentication and access controls on their databases and network infrastructure.

06 Jun 2019

Mitigation for Microsoft Windows Security Vulnerability – ‘BlueKeep’ (CVE-2019-0708)

The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) advises Windows users to ensure their systems are patched and up to date after Microsoft’s recent disclosure of new remote desktop vulnerability.

16 May 2019

2019-126: Recommendations for mitigation of vulnerable version of Telerik UI

The tools to exploit this vulnerability have been publicly published and require only basic knowledge or skills to use successfully. Any servers currently running a vulnerable version should be considered at risk and remediation steps should be taken.

06 May 2019

ACSC Advisory 2019-125: Targeting of Microsoft SharePoint CVE-2019-0604

This ACSC advisory provides recommendations for securing Microsoft SharePoint and advice on identifying potential successful exploitation of this vulnerability.

15 Mar 2019

Recommendations to protect 773M accounts affected by 'Collection #1' breach

This advisory provides recommendations for protecting 773M accounts affected by 'Collection #1' breach.

09 Jan 2019

Advice remains that organisations should patch Meltdown/Spectre vulnerabilities

Recent media reporting has indicated that applying the patches for these vulnerabilities can lead to performance issues, and can impact on the availability of third party software.

05 Jan 2019

Patch your devices for Meltdown and Spectre vulnerabilities as soon as possible

A malicious actor could possibly use this vulnerability to gain access to areas of memory they should not have permission to access. This could result in malicious actors obtaining sensitive data, such as passwords.

29 Sep 2018

Recommendations to mitigate Facebook flaw in 'View As' feature

This advisory provides information about how to protect yourself to minimise the risk of further breaches caused by attackers exploiting the flaw in the 'View As' feature on Facebook.

17 May 2018

Information about vulnerability in the Drupal content management system

Drupal assesses this vulnerability as critical. If you are using a version of Drupal prior to 7.58 or 8.51, the ACSC recommends that you upgrade immediately as per Drupal's advice.

15 May 2018

Protecting against VPNFilter malware

Once a malicious actor compromises a device using VPNFilter malware, they are able to collect network traffic (including website credentials) traversing the device. Importantly, the malware can also be used to disable the device.

17 Apr 2018

Secure the Cisco IOS and IOS XE Smart Install Feature

Organisations are advised to identify Cisco devices running Smart Install within their networks, evaluate the need of running this feature, and remove or secure the feature as required. Both the ACSC and Cisco documentation contain details on how to accomplish this.

29 Jun 2017

Update on the initial infection vector of the Petya ransomware campaign

This is an example of where a lack of patching and continued use of out-dated protocols presents a significant risk to organisational IT security.

28 Jun 2017

Update on Petya ransomware campaign

The ACSC is aware of a large-scale ransomware campaign that is impacting organisations globally. The campaign is variously known as 'Petya', 'NotPetya', 'SortaPetya', 'Petna' or 'GoldenEye'.

15 Nov 2015

Web Shells – Threat Awareness and Guidance

This advisory outlines the Web shells threat and provides prevention, detection and mitigation strategies for administrators of web servers that have active content languages installed.