MSPs are engaged by organisations to manage their IT services and infrastructure. MSPs require remote access to their customer systems to deliver these services, making MSPs attractive targets for state actors and cybercriminals.
A number of MSPs that provide services in Australia are known to have been compromised. It is possible that other MSPs have also been affected. The compromise is significant and ongoing, and at this stage it is difficult to assess the full extent of damage to Australian organisations.
We have no evidence to suggest that individuals or the general public have been specifically targeted. However the campaign has targeted commercial secrets, which will affect Australia’s competitiveness.
What is the ACSC doing?
Following the Operation Cloud Hopper report (PWC) in early 2017, the ACSC contacted MSPs to alert them to these security risks and provide advice on how to address them. The ACSC has again directly contacted affected MSPs.
The ACSC is also offering a new partner program for MSPs to improve their cyber security and protect the valuable data and intellectual property of Australian organisations from further cyber security compromises. MSPs who provide services to Australian organisations should contact us to join the program.
The ACSC will continue to provide updates on this matter.