Compromised Website Led to Australia Parliament Hack (Nov 18, 2019)
The Australian Parliament was infected by a watering-hole attack when politicians browsed a legitimate website that had been already compromised. The attack was discovered in January and the Australian government has stated that the intrusion resulted in a “small amount of non-sensitive data” being breached. The investigation was conducted by the Australian Signals Directorate.
Recommendation: Watering-hole attacks are effective because they take advantage of online locations that are trusted and visited frequently by their target. Victims have no idea that the website (such as a news site) they have visited previously, or have come to trust, is now compromised. In the past, attackers have been targeted in their approach by using whitelists to only infect those victims approaching from certain IP ranges. Organisations can take measures to not trust any third-party traffic.Watering-hole attacks have been used in criminal and nation-state campaigns as they are so successful in by-passing controls.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.