A notorious ransomware gang known as “Conti”, which has previously launched attacks on critical infrastructure in Australia, is causing concern for cyber authorities after the group aligned itself with the Russian government.
- Experts say there has been an uptick in cyber attacks worldwide
- One group responsible for a dozen cyber attacks in Australia last year has pledged support for Russia’s invasion of Ukraine
- There are fears Australia’s sanctions of Russia could make it a target
Conti recently announced it was backing Moscow’s actions in Ukraine and warned of launching attacks against “the enemy”, claiming credit for a cyber attack against Rio Tinto in Canada.
It was responsible for at least 13 cyber attacks in Australia last year, including on critical infrastructure such as Queensland-owned power company CS Energy.
Abigail Bradshaw, head of the Australian Cyber Security Centre (ACSC), said there had been a dramatic uptick in cyber attacks worldwide both in the lead-up to and since Russia’s invasion of Ukraine.
“There has been no reprieve from the level of malicious cyber activity impacting Australian networks, both in terms of criminal cyber activity or state-based activity,” she told a parliamentary inquiry.
“We are increasingly concerned at both activity by state-based actors, but also the ever-growing number of so-called self-directed cyber vigilantes.”
Ms Bradshaw said earlier this week there were nearly 20 groups “on the side of Russia”, but in just a few days, that had risen to about 40 separate civilian hacking groups.
“Included in those entities that have declared their support to Russia are two ransomware affiliates which we’ve seen in Australia; the Conti ransomware affiliate [and] the Lockbit 2.0 affiliate,” she said.
“As a consequence of that, we have directed the support of the ACSC and federal police to critical infrastructure sectors, including classified briefings to critical infrastructure that we regard most at risk.”
She outlined that Australian authorities are in “hour-by-hour” contact with Five Eyes counterparts in the US, UK, Canada and New Zealand, sharing intelligence.
Advice about four variations of highly destructive malware has been issued to companies to ensure they can prepare themselves.
But Ms Bradshaw said Australia had so far avoided any direct attacks, despite fears Australian sanctions on Russia could provoke such action.
“To date, we have not observed any of that activity in Australia, nor are we aware of a specific threat,” she said.
Most major attacks have occurred overseas so far, with Ukraine’s finance sector and telecommunications coming under enormous pressure.
Recently, the Australian government provided more cyber security assistance, offering virtual training to Ukrainian officials.