An infamous ransomware gang known as “Conti”, which has previously carried out attacks on critical infrastructure in Australia, is causing concern among cyber authorities after the group joined the Russian government.
- Experts say there is a surge in cyberattacks around the world
- One group responsible for a dozen cyberattacks in Australia last year has vowed to back Russia’s invasion of Ukraine.
- There are fears that Australia’s sanctions on Russia could make it a target
Conti recently said it supported Moscow’s actions in Ukraine and warned against launching attacks against the “enemy”, claiming responsibility for the cyberattack on Rio Tinto in Canada.
It was responsible for at least 13 cyberattacks in Australia last year, including attacks on critical infrastructure such as Queensland-owned energy company CS Energy.
Abigail Bradshaw, head of the Australian Cyber Security Center (ACSC), said there has been a sharp spike in cyberattacks around the world both in the run-up to and after Russia’s invasion of Ukraine.
“The level of malicious cyber activity affecting Australian networks has not decreased in terms of either criminal cyber activity or government activity,” she said during a parliamentary inquiry.
“We are increasingly concerned about both the activities of state actors and the ever-increasing number of so-called self-managed cyber vigilantes.”
Ms. Bradshaw said earlier this week that there were about 20 groups “on the side of Russia”, but in just a few days that number had grown to 40 separate civilian hacker groups.
“Those organizations that have declared their support for Russia include two ransomware affiliates we saw in Australia: ransomware partner program Conti [and] an affiliate of Lockbit 2.0,” she said.
“As a consequence of this, we have directed ACSC and federal police support to critical infrastructure sectors, including classified briefings for critical infrastructure that we believe are most at risk.”
She noted that Australian authorities are in “hourly” contact with Five Eyes colleagues in the US, UK, Canada and New Zealand, exchanging intelligence.
Companies were advised on four highly destructive malware options so they could prepare.
But Ms Bradshaw said Australia has so far avoided any direct attack, despite concerns that Australia’s sanctions on Russia could provoke such action.
“To date, we have not observed any such activity in Australia and are not aware of any specific threat,” she said.
Most of the major attacks so far have taken place abroad, with Ukraine’s financial sector and telecommunications under immense pressure.
The Australian government recently provided additional cybersecurity assistance by offering virtual training to Ukrainian officials.