In the case of AUKUS, Mr Meyers said a deputy head of an unnamed Australian diplomatic mission had a copy of their resume used by hackers to target people and organisations that could provide an opening to AUKUS information.
The hackers sent the diplomat’s resume unsolicited to people, saying they were seeking employment. The aim was for the recipient to open the file to look at the resume and unwittingly deploy malware on their system.
“That’s interesting because its gives us a sense of the circles they are trying to get into,” Mr Meyers said.
“So they’re getting into diplomatic circles, that’s their initial foray into collecting activity related to defence information, bilateral information, multilateral information. So, they’re going after the Australian diplomatic community.”
Mr Meyers said the malware was identified as Baby Shark, which has been associated with North Korean government hackers. He was unable to determine how many people had been sent the resume and opened it.
“People open it up even if they’re like, ‘I’m not hiring a senior Australian diplomat’ … but if they get that resume it is going to entice them to say, ‘oh I wonder why this has been sent to me’,” he said.
“Soon as they do that, the North Korean threat actors are in the system, and they’re able to steal information, they’re able to then use that access to pivot to other targets they would be interested in.”
Mr Meyers said North Korea wanted to steal submarine technology because it lacked nuclear submarines capable of spending a long time at sea and travelling far, such as to the US west coast.
China’s aim was to gain a better understanding of what technology the US and UK was sharing with Australia, and its capabilities.
“[China] is trying to extend its reach through the various islands it has been building and weaponised, and so it is worried about Australian nuclear submarines patrolling those areas,” Mr Meyers said.
“There’s lots of secrets behind nuclear submarines and so China wants to understand all those capabilities, so it can defend against it, track it etc.”
The Defence Department said good cybersecurity was an essential prerequisite to the success of AUKUS.
“Defence is leveraging the full expertise of the Australian Signals Directorate’s Australian Cyber Security Centre to uplift our cybersecurity and protect the AUKUS work,” it said in a statement.
Mr Meyers said cyberattacks on businesses were evolving and data being “weaponised”. Traditional ransomware attacks involved hackers stealing data, encrypting it and refusing to restore access unless a company paid up.
But now more companies were calling the attackers’ bluff, refusing to pay the ransom because they could restore the data from back-ups.
In response, attackers were extorting companies by threatening to leak data publicly. The risk for companies that did not pay up was being hit with hefty fines and legal action from regulators for privacy breaches or exposing trade secrets to rivals.
“They are really ratcheting up the pain for enterprises,” he said.