2min read
PREVIOUS ARTICLE Melbourne firm collapse leaves... NEXT ARTICLE Aussie dumped for yen, but bon...

HOW THE CHINESE HACKED AN AUSTRALIAN COMPANY

* In March 2017, the Australian Cyber Security Centre received a report that a computer belonging to the Australian arm of a multinational construction services company was hit with malware known to be used by Chinese hackers working for the APT10 group.

* The malware was a version of the well-known ‘PlugX’ remote access tool (RAT). The hackers used a legitimate administrator account within the company’s managed service provider to remotely connect into the company’s network and install the RAT.

* The hackers then accessed sensitive data and commercial secrets.

* It was discovered the first hack attempt on the company had occurred in September 2016, when within the space of 25 seconds PlugX malware was installed under the innocent-sounding name ‘Corel Writing Tools Utility’.

* Over the next two months more PlugX malware was installed, using the name ‘Quick CreateInstall Installer’.

* Data then began to be gathered by the hackers and stored in text files.

* Three weeks after the ACSC received its report, it was noticed a new piece of malware known as RedLeaves was installed, which security experts believe was a response to the hacking being reported.

* In May 2017, the hackers deleted evidence from the initial host computer.

* The affected company was advised to take a range of security steps including: regularly patching its software, restricting administrative privileges, using multi-factor authentication (such as a hardware ‘token’), setting aside a specific workstation for sensitive tasks, and segregating computer networks.