What We Do
How We Do
Get Started
Security advisories

APT Targeting Australian Interests

June 19, 2020 | 2 MINS READ

Speak With A Security Expert Now



On Thursday June 18th, 2020, the Australian Cyber Security Center (ACSC) released a report related to ongoing attacks targeting government entities and private organizations located in Australia [1]. The attacks observed make heavy use of publicly available tools and exploits; proof-of-concept exploit code and web shells. The goal of this campaign is not clear at this time, but there are no indications of ransomware or destructive malware based on the contents of the report.

ACSC states this campaign is likely being carried out by a Nation State APT group but does not attempt to attribute the attacks to any specific nation state-group. Organizations with a presence in Australia should be on high alert for unusual activity and phishing emails.

What we’re doing about it

What you should do about it

Additional information

In order to gain initial access into organizations, threat actors attempt to exploit four separate vulnerabilities, CVE-2019-18935 (Telerik), CVE-2019-19781 (Citrix), CVE-2019-0604 (Sharepoint) and the exploitation of VIEWSTATE handling in Microsoft IIS Servers. If these systems are not present or are up to date on security patches, the threat actors shift to using spear phishing emails for initial access.

Once initial access is gained, the threat actors deploy additional tools for persistence on and interaction with victim networks. In order to minimize the likelihood of detection, the threat actors employed stolen credentials for persistence.

Details relating to this campaign are still limited and additional details are expected in the near future.

For additional details on the exploited Citrix vulnerability CVE-2019-19781, see the eSentire advisory Critical Update To Citrix Vulnerability Exploited

For additional details on the exploited Telerik vulnerability CVE-2019-18935, see the eSentire advisory Active Exploitation of CVE-2019-18935


[1] https://www.cyber.gov.au/sites/default/files/2020-06/ACSC-Advisory-2020-008-Copy-Paste-Compromises.pdf

View Most Recent Advisories