In a report released this afternoon, the ANU revealed that despite characterising the attack as “extremely sophisticated,” only about 700MB of data was taken during the data breach made public on June 4, 2019.
The breach, which wasn’t discovered by the ANU staff until April of this year, was initially believed to be far more invasive than the report outlines. Primary assessments estimated that the breach could have potentially compromised up to 19 years of data.
Vice-Chancellor Professor Brian Schmidt commented that “this wasn’t a smash and grab. It was a diamond heist,” with the actors having an apparent goal.
The initial infection was through a spearphishing email on November 9, 2018, that did not require interaction, and automatically installed malware into the system. The attack consistently evolved to work around the ANU’s cybersecurity systems and erased any trace of their activities as they moved through the system.
The ANU is still unsure as to the goal of the attackers but confirmed that they were able to stop secondary attacks to the system. The breach was detected and established in May 2019, with only 0.035% of what was stored on the affected databases being taken.
ANU Chief Information Security Officer Suthagar Seevaratnam said that “based on what we know…our current sense is the actor didn’t get what they wanted because they were stopped twice during their campaign.”
“This required them to seek further access to our systems which they unsuccessfully tried to do in December 2018 and February 2019,” Seevaratnam further outlined.
A spokesperson for the ANU said that significant investments had been made to increase the cybersecurity of the ANU’s systems. This includes increases in training and awareness, as well as working with leading security agencies.
The university is continuing to monitor for cases of ID fraud that could be linked to the breach, and have made IDCare available to those that may have been affected. They are also making counselling available to all staff, students and alumni.