Powered by MOMENTUM MEDIA

Website Notifications

Get notifications in real-time for staying up to date with content that matters to you.

ASCS reveals Australian web hosting providers compromised by Gh0st RAT

The Australian Cyber Security Centre has published its report into its 2018 investigation, “Operation Manic Menagerie”, outlining how at least eight Australian web hosting providers were compromised by a hacker.

The Australian Cyber Security Centre has published its report into its 2018 investigation, “Operation Manic Menagerie”, outlining how at least eight Australian web hosting providers were compromised by a hacker.

The report said the hosting providers were hacked by using a legacy variant of the Gh0st remote access tool (RAT).

Advertisement
Advertisement

“The access was exclusively used to conduct criminal activity on the network and customer websites, using the reputation of these legitimate sites to add validity to their activities,” said Alastair MacGibbon, head of the Australian Cyber Security Centre (ASCS).

“Australia is the first country to identify and engage with victims about this activity. While the methods used are not new or sophisticated, the use of them in the manner described in this report, and the victims they target, make this a significant achievement.”

The ASCS said there is evidence that the hacker used two of the hosts to mine cryptocurrency, as well as using other hosts to redirect web traffic.

“The actor favoured techniques such as web shells to gain initial access, exploiting vulnerable web applications to upload the web shells,” the report states.

“The actor rarely required privilege escalation but demonstrated the capability and persistence to escalate privilege when necessary.”

PROMOTED CONTENT

The ASCS said it worked with a “diverse range” of sources, including industry, government departments, law enforcement and information security bodies to detect the cyber-criminal activity.

MacGibbon said they will not be identifying the compromised providers, but “it is important to note that all affected web hosting providers were advised to take remediation actions, and we commend them for working collaboratively with us to achieve such success.”

The ASCS report also includes recommendations for hosting providers and customers, including a high recommendation for regular application and OS patches. 

ASCS reveals Australian web hosting providers compromised by Gh0st RAT
cyber-sec.jpg
lawyersweekly logo

Key decision-makers and stakeholders within the defence industry will converge at the inaugural Defence Connect AIC Summit for 2021 to discuss improving Australian Industrial Capability to increase the nation's sovereign production, defence capability and resilience. Register your interest to attend today! Limited spaces available. Register your interest to attend, visit: www.defenceconnect.com.au/aic-summit

more from defence connect

Aug 2 2021
Royal Regiment of Australian Artillery marks 150th anniversary
The Royal Regiment of Australian Artillery (RAA) marked the regiment’s 150th anniversary this weekend with commemoration service...
Aug 2 2021
Defence personnel come to the aid of NSW Police
Emergency Management Australia sent a request to the Australian Department of Defence on behalf of the NSW State Emergency Operat...
Aug 2 2021
EOS' SpaceLink secures funding for ISS relay satellite
SpaceLink has received funding to demonstrate its relay satellite for the International Space Station, facilitating communications...