The Australian Cyber Security Centre (ACSC) has found that Iranian hackers were behind a recent cyber attack on Australian defence shipbuilder Austal.
Austal was also subject to an extortion attempt, the company announced to the Australian Stock Exchange earlier this month.
Austal, which provides defence vessels to both the US and Australian navies, said its US operations were not affected.
Nor did the breach affect any of Austal’s other 100 clients spanning 54 nations. These include the Royal Navy of Oman and Caspian Marine Services fleet of offshore support vessels serving the offshore oil and gas exploration and production industry.
An Austal spokesperson confirmed to IHS Markit that keeping their US and Australian computer networks separate was intentional and part of the company’s longstanding security processes that helped foil the attack.
The Australian Department of Defence released a statement confirming the breach was unclassified material and the investigation was under way.
“No compromise of classified or sensitive information or technology has been identified so far,” Defence announced.
“Defence and the ACSC have provided cyber security assistance to Austal and are working with Austal to assess and mitigate harm,” the joint statement read.
“This incident reinforces the serious nature of the cyber security threat faced by [the] defence industry, and the need for industry partners to put in place, and maintain, strong cyber defences.”
The breach to the Australian business data management systems was then referred to the Australian Cyber Security Centre and the Australian Federal Police, who are providing ongoing assistance and advice, according to the Austal statement.
Some of the information hacked was offered for sale on the dark web.
Head of the ACSC Alastair MacGibbon told local media the hackers failed to steal sensitive information. He described the attack as a “ram-raid” with the hackers taking as much information as they could before they were detected and shut out.
“The fact that this material was put on the dark web to sell to the highest bidder would have to suggest it’s a criminal matter” MacGibbon said.
As such, it was unclear whether the hackers were linked to the Iranian government acting in retaliation to a recent Australian announcement that it would review its support for the Iran nuclear deal, or criminal elements.
Meanwhile the company’s IT team have installed additional security measures to prevent further breaches.
“No company wants to lose control of its information, but there is no evidence to date to suggest that information affecting national security, nor the commercial operations of the company, has been stolen: ship design drawings which may be distributed to customers and fabrication sub-contractors or suppliers are neither sensitive nor classified,” the company statement said.
The hacker did make off with some staff email addresses and mobile phone numbers, as well as ship design drawings. He/she then attempted to extort money from Austral, according to the company statement.
“The company has not and will not respond to the extortion attempts,” the company stressed.