Foreign intelligence services are the foremost cyber threat to Australia. Such adversaries seek both national security and commercial information to identify vulnerabilities in Australian capabilities or to further their own economic or strategic advantage.
Contractors, both in Australia and overseas, have reported significant increases in malicious cyber activity against their systems and are priority targets for adversaries1. Often the value to an adversary of the information contained on a contractor’s systems is not immediately evident. Unclassified information can still be sensitive; in particular, wholesale aggregation of unclassified information can present a threat to Australia’s interests.
Examples of adversaries compromising contractors include the compromises of:
- US aerospace company Boeing, which resulted in gigabytes of information relating to 32 US projects, including information on the Lockheed Martin F-35 and F-22, as well as the Boeing C-17 aircraft, being sent to China 2.
- US security vendor RSA, which led to subsequent targeting of US defence contractors Lockheed Martin, L-3 Communications and Northrop Grumman. This cyber security incident is reported to have cost RSA 90 million 3.
Cyber intrusion techniques are many and varied. A common cyber intrusion technique used by adversaries is socially engineered emails targeting high-ranking members of contractors and their support staff. These emails often aim to exploit common security vulnerabilities such as unpatched applications or operations systems, the use of similar passwords across systems, or the use of personal devices for work purposes. These emails may be sent directly from an adversary or from a supplier or subcontractor that an adversary has already compromised in order to leverage a trusted relationship with their intended target.