The attacker stole approximately 30 gigabytes of data, including data related to Australia's involvement in the F-35 Joint Strike Fighter program, as well as data on the P-8 Poseidon patrol plane, planned future Australian Navy ships, the C-130 Hercules cargo plane, and the Joint Direct Attack Munition (JDAM) bomb. The breach began in July of 2016.
The breach was achieved by "exploiting an Internet-facing server," the ACSC reported, "then [by] using administrative credentials to move laterally within the network, where they were able to install multiple webshells—a script that can be uploaded to a webserver to enable remote administration of the machine—throughout the network to gain and maintain further access." |