Global hack of MSPs affects Australian organisations
Cyber security compromises of managed service providers (MSPs) globally, including Australia, have been exposed. These compromises were a concerted campaign to steal commercial secrets from the customers of MSPs for commercial advantage.
MSPs are engaged by organisations to manage their IT services and infrastructure. MSPs require remote access to their customer systems to deliver these services, making MSPs attractive targets for state actors and cybercriminals.
A number of MSPs that provide services in Australia are known to have been compromised. It is possible that other MSPs have also been affected. The compromise is significant and ongoing, and at this stage it is difficult to assess the full extent of damage to Australian organisations.
We have no evidence to suggest that individuals or the general public have been specifically targeted. However the campaign has targeted commercial secrets, which will affect Australia’s competitiveness.
Embedded from https://youtu.be/-cZNmIRRb_o
What is the ACSC doing?
Following the Operation Cloud Hopper report (PWC) in early 2017, the ACSC contacted MSPs to alert them to these security risks and provide advice on how to address them. The ACSC has again directly contacted affected MSPs.
The ACSC is also offering a new partner program for MSPs to improve their cyber security and protect the valuable data and intellectual property of Australian organisations from further cyber security compromises. MSPs who provide services to Australian organisations should contact us to join the program.
The ACSC will continue to provide updates on this matter.