Hacking expert says ‘third media company’ targetted

Feb 10, 2022 at 10:24 am by admin


With reports of cyber attacks on Australian media groups continuing, a new claim has appeared that Chinese hackers had attacked a local publisher.

An “exclusive” in today’s News-owned The Australian claims “Chinese state-affiliated hackers” had targeted “a major Australian media company, stealing passwords and data using a publicised vulnerability within hours of the software flaw being revealed”.

Foreign affairs and defence correspondent Ben Packham quotes Alastair MacGibbon, chief strategy officer of cybersecurity company CyberCX and a former Australian Cyber Security Centre head, that investigators were confident in attributing the attack to China.

Packham says the affected company “was not News Corp and understood not to be Nine Entertainment” but does not canvas other options other than to describe it as “major” and “local”.

Australian Community Media had not responded to a request for comment at the time of posting.

He says CyberCX claimed attackers “moved swiftly to exploit the Log4j vulnerability in December last year”, gaining access to the company’s IT systems before it had a chance to patch the affected software. Those responsible for the attack used “tradecraft consistent with Chinese state-sponsored actors” to gain access to the company’s mobile devices management software.

MacGibbon said attackers “used what we call customised web shells”, a technique he says is frequently used in Chinese attacks. “They stole data – they weren’t looking to lock phones or hold their data for ransom.”

Packham says the incident “predated a cyber attack on News Corp identified on January 20 and linked to Chinese espionage ­activities that affected the Wall Street Journal, the New York Post, and British newspapers The Times and The Sun.

He said Nine Entertainment had been the victim of a major cyber intrusion in March last year, “which bore the hallmarks of a ransomware attack but was not accompanied by a demand for payment”.

Among comments on The Australian website, a reader asks, “Why is the hacked media company a secret? Surely it's in the public interest, and safety, that it should be made public; after all passwords are involved and for my part it would be good to know if any of my passwords could have been exposed.”

Pictured: The post on The Australian’s website

Sections: Digital business