Ransomware hackers hit Australian defence communications platform

By Renju Jose

SYDNEY (Reuters) – Hackers have targeted a communications platform used by Australian military personnel and defence staff with a ransomware attack, authorities said on Monday, as the country battles a recent spike in cyberattacks across businesses.

The ForceNet service, one of the external providers that the defence department contracts to run one of its websites, has come under attack but so far no data have been compromised, Assistant Minister For Defence Matt Thistlethwaite said.

“I want to stress that this isn’t an attack or a breach on defence (technology) systems and entities,” Thistlethwaite told ABC Radio. “At this stage, there is no evidence that the data set has been breached, that’s the data that this company holds on behalf of defence”.

But some private information such as dates of birth and enlistment details of military personnel may have been stolen, the Australian Broadcasting Corp reported, citing an unidentified source with knowledge of the investigation.

Thistlethwaite said the government will view the incident “very seriously” and all defence personnel have been notified, with suggestions to consider changing their passwords.

Ransomware hackers hit Australia’s biggest companies

A Defence department spokesperson told Reuters in an emailed statement the department was examining the contents of the impacted data set and what personal information it contained.

Ransom software works by encrypting victims’ data and hackers typically will offer the victim a key in return for cryptocurrency payments that can run into the hundreds of thousands or even millions of dollars.

Some of Australia’s biggest companies, including No. 2 telecoms company Optus, owned by Singapore Telecommunications Ltd, and the country’s biggest health insurer, Medibank Private Ltd, have had data hacked recently, likely exposing the details of millions of customers.

Technology experts said the country has become a target for cyber attacks just as a skills shortage leaves an understaffed, overworked cybersecurity workforce ill-equipped to stop it.