MSPs are engaged by organisations to manage their IT services and infrastructure. MSPs require remote access to their customer systems to deliver these services, making MSPs attractive targets for state actors and cybercriminals.
A number of MSPs that provide services in Australia are known to have been compromised. It is possible that other MSPs have also been affected. The compromise is significant and ongoing, and at this stage it is difficult to assess the full extent of damage to Australian organisations.
We have no evidence to suggest that individuals or the general public have been specifically targeted. However the campaign has targeted commercial secrets, which will affect Australia’s competitiveness.