The extensive compromise of multiple web hosting providers and mitigation measures have been detailed in a report released today by the Australian Cyber Security Centre (ACSC).
The findings of the ACSC investigation, Operation Manic Menagerie, show that eight Australian web hosting providers were compromised, allowing a malicious actor access to customer websites.
‘The access was exclusively used to conduct criminal activity on the network and customer websites, using the reputation of these legitimate sites to add validity to their activities,’ Alastair MacGibbon, Head of the ACSC said.
‘Australia is the first country to identify and engage with victims about this activity. While the methods used are not new or sophisticated the use of them in the manner described in this report, and the victims they target, make this a significant achievement.’
‘The ACSC has played a crucial public safety role in investigating and working with the providers to better protect themselves.’
‘The ACSC advised the Australian hosting providers to conduct a risk assessment and consider whether there was a reporting requirement under the Notifiable Data Breaches (NDB) Scheme.
‘This cyber-criminal activity was detected by the ACSC working with a diverse range of information sources, including industry, government departments, law enforcement and information security bodies (both domestic and international).’
‘While we will not be identifying the web hosting providers, it is important to note that all affected web hosting providers were advised to take remediation actions and we commend them for working collaboratively with us to achieve such success.’
‘The ACSC will continue to lead the Australian Government’s efforts to improve cyber security and provide advice to stakeholders about how they can protect themselves online. Under the recent amendment to the Intelligence Services Act 2001, this includes supporting Australians to ensure the integrity of information that is processed, stored or communicated electronically,’ Mr MacGibbon added.
Giving up the GhOst
Hackers relied on vulnerabilities within web applications to gain initial access to web servers before installing malicious software.
Malware utilised by the hackers included password stealing tools, and the well-known “Gh0st” Remote Access Tool (RAT).
Gh0st provides cyber criminals with a range of tools, including remote access to victims systems. The malware is also used to both upload and