Australian Government Website Data Breach, 500 Files Exposed


An alleged data breach of the Australian government website is making rounds on breach forums where a cybercriminal named ‘UsNsA’ has claimed to have access to 500 files from the website.

According to a post on the breach forum, ‘UsNsA’ claimed to have access to details such as names, dates of birth, email addresses, addresses, etc.

However, the website link of the alleged breached Australian government website was accessible at the time of writing.

“Today I have uploaded the Australia Governmental website Database for you to download, thanks for reading and enjoy!” read the post by the hackers on the breach forum.

Screenshot from the breach forum

Australian Government Website Data Breach

The post further claimed to have access to the information of government officials. The post was published on January 14 and the gang claiming to have the data of

the Australian government website used the logo of the National Security Agency of the United States of America, which raises questions on the authenticity of the claim.

Government systems, especially in Australia, have experienced a series of cyberattacks in the past few years.

According to a report by the Center for Strategic & International Studies (CSIS), The Bahraini government website suffered a DDoS attack in November 2022,

along with an attack on the Vanuatu government’s digital services. Such attacks are a means of showing the presence of the hacker group and reach in attacking highly secured systems.

Some other government websites that were targeted in the year 2022 include:

  1. Guadeloupe government that impacted all government devices
  2. A communication service provider of the Department of Defense of Australia
  3. Bulgarian websites of the presidential administration, the Justice Ministry, and the Constitutional Court among others suffered a DDoS attack.
  4. United States government website was attacked in October last year by a pro-Russian group.
  5. The total information management systems belonging to the Albanian government were allegedly attacked by Iranian hackers. Following this attack in September 2022, Albania decided to end its diplomatic ties with Iran.
  6. Montenegro’s government networks were attacked which stalled the information platforms and the state’s main website.
  7. Two Iranian government websites were attacked by the Anonymous group.

From severing diplomatic ties between countries to causing sanctions and condemnations of attacking countries, attacks on Australian government websites have led to dire consequences.

Several hacker groups seem to find a way to exploit a flaw to gain access control, exfiltrate data, and post on the breach forums, leaving the victim extremely vulnerable to further attacks.

Although ransomware attacks are considered more common and serious in their impact, DDoS attacks remain a cause of disruption to government websites and other victims as one of the common means to halt services.

According to Cybersecurity Coalition, several methods of conducting DDoS attacks have been found including:

  1. Low bandwidth connection attacks
  2. High bandwidth volumetric attack
  3. Protocol-oriented attacks that use stateful network protocol
  4. Application layer attacks send a flood of requests to some aspects of the software.





Source link