Australian defence shipbuilder Austal recently announced that they had experienced a cybersecurity breach in their data management system.
There was no known suspect at the time, but according to the Australian Cyber Safety Centre (ACSC), they alleged that the attack and the extortion attempt was carried out by an Iranian cybercriminal group.
However, it could not be determined whether the group was in cahoots with the Iranian government.
The Iranian Embassy based in Canberra, Australia through their spokesperson vehemently denied the allegations.
How Austal discovered the data breach is unclear but the company confirmed that there was an extortion attempt.
According to Fergus Hanson, head of Australian Strategic Policy Institute's International Cyber Policy Centre, China poses the most significant cyber threat to Australia.
Alternatively, Iran has been identified as an opportunist, due to its sophisticated capability and retaliatory attacks in the cyber world.
According to a statement released by the company, the hackers managed to access staff email addresses and phone numbers as well as ship designs and drawings.
The data was later put on sale by a hacker nicknamed "the.joker" on a dark web black hat forum. It is said that the material from the stolen data was being sold for 1 Bitcoin on the dark web forum.
The sale attempt was brought to light by a popular French security researcher called Xylitol, who posted the findings on Twitter.
Xylitol further stated in subsequent tweets that he contacted the alleged hacker, and was able to get his hands on four samples.
The researcher also alleged to be in possession of a 75 GB data dump containing designs and drawings that is a month prior.
In the statement they released a day after Xylitol's revelations, the company said that the drawings and designs leaked are not classified or sensitive material and are at times given to suppliers, customers and other sub-contractors.
It added that the data breach had so far not affected its ongoing operations nor have an impact on national security.
This sentiment was also echoed by Australia's Department of Defence, which stated that they were aware of the breach and that no sensitive or classified data had been compromised.
Who is Austal?
The company, a defence contractor, builds frigates and patrol vessels for the Australian navy as well as for other clients.
In its website, the company claims to have worked with over 100 clients from 54 countries, building more than 300 vessels.
One of its high profile clients is the United States, where it built the littoral combat ship for the U.S. Navy.
During the data breach, this business venture was not affected since their American subsidiary's systems are not linked to that of the parent company in Australia.
Iran-Backed Phishers Target Australian Universities
Earlier this year, several Australian universities were subject to a phishing campaign in an attempt to steal intellectual property and academic research.
The attack is believed to have been backed by the Iranian government, affecting up to 26 universities.
Australia was among the primary targets which also affected U.S., U.K. and Canada. In total, 320 universities from 22 nations were targeted in the campaign.
The stolen data included login details of 8,000 academics from the affected institutions.
The data was then used to steal research, academic journals, dissertations as well as other valuable academic material. The attack would later cost the affected Australian universities approximately $3.4 billion (USD).
The cyber intelligence community categories Iran as a critical cyberspace adversary joining China, Russia and North Korea in the list of countries that pose growing threats.
In the future, companies like Austal will be subject to more and more cyberattacks targeting not just data but also company secrets.
This situation will expose them to numerous threats after the data has been leaked.
A good example is that of West Haven City in Connecticut where the victims paid a ransom of $2,000 to hackers when malware attacked 23 of their servers and stole the data within.
In such a situation, companies are advised not to pay the perpetrators the demanded ransom in exchange for their data, but some companies prefer paying to avoid embarrassing data leaks in a quick solution.
This essentially means that companies will need to take strategies and policies as well as partner with cybersecurity experts to put in place and maintain reliable defences.
