Cyber attack on key SA government partner under investigation
A global engineering firm that works on national defence projects and holds numerous high-profile South Australian contracts was forced to shut down all of its online platforms after a cyber attack last month.
Photo: Dominic Lipinski/PA Wire
Aurecon said in a statement that it is now completing a forensic examination “seeking to establish the level of any impact on Aurecon’s systems”.
“We understand the urgency of this matter and will continue to keep our clients, government agencies and staff informed of any new information,” the statement said.
Both the State Government and Aurecon gave assurances that the company’s Australian network is now safely operational.
A Transport and Infrastructure Department spokesman said the company is currently working on a range of projects including the Torrens to Darlington section of the North-South Corridor.
He said no government projects were affected by the incident.
According to its website, Aurecon was also appointed in April this year “as one of the three Australian-based Enterprise Partners by the Department of Defence to deliver a $1 billion Sovereign Guided Weapons and Explosive Ordnance (GWEO) Enterprise”.
The company also had 200 staff work with the Royal Australian Navy in 2020 on the south development project at defence’s Osborne shipyard where the Collins Class submarines are based.
Work is now underway at this site to build the nation’s new Hunter Class frigates, where Aurecon was the lead engineering and advisory consultant.
A SA Transport and Infrastructure Department spokesman said he could “confirm that there has been no impact on its Information Services environment as a result of this incident”.
He also said Aurecon informed the department “on November 6 of a cyber security incident. Aurecon responded to this activity immediately, isolating the incident by disabling access to its online platforms”.
“Following a full cyber forensic analysis by a third-party cyber incident response partner, Aurecon has advised that their Australian network is now safely operational with all Australian-based work stations in use.”
Aurecon Group, an international design, engineering and advisory company, with more than 6500 employees around the world and 15 offices around Australia, declined to comment further than a statement it has posted on its website.
The department spokesman said Aurecon is also working on other projects including Fleurieu Connections, the Port Wakefield Overpass and Highway Duplication Alliance, the South Eastern Freeway safety review, the Marion Road and Sir Donald Bradman Drive intersection and the Majors Road interchange.
The Aurecon group did not provide answers to questions about the number of employees or the contracts it is working on based in South Australia.
Its website statement said: “Asia-Pacific design, engineering and advisory company Aurecon advises it is investigating a cyber incident after identifying suspicious activity on its IT system.”
“On Sunday 6 November Aurecon identified and acted to contain the incident, implementing our Cyber Security Incident Response Plan, engaging a specialist cyber security firm, and notifying government agencies, the Australian Cyber Security Centre and Cert NZ.
“While the initial incident response resulted in some necessary but unavoidable disruption, Aurecon’s network is now operational.”
The incident follows other high-profile cybercrimes in Australia including Optus and Medibank being targeted.
This year the Australian Cyber Security Centre (ACSC) released its first Annual Cyber Threat Report 2021-22, which highlights the “current threat environment and explains the cyber security and mitigation measures individuals and organisations can take to protect themselves”.
It showed an increase in the number of sophisticated cyber threats against Australians and Australian entities, and an increase in overall cybercrime activity.
Federal Defence Minister Richard Marles said at the time of its release that Australia had witnessed a heightened level of malicious cyber activity “over the last financial year and reflecting strategic competition globally”.
This report was produced in collaboration with our partner agencies, the Defence Intelligence Organisation, Australian Federal Police, Australian Criminal Intelligence Commission, Australian Security Intelligence Organisation, and the Department of Home Affairs.
The ACSC received more than 76,000 cybercrime reports, an increase of nearly 13 per cent from the previous financial year – equating to one report every seven minutes, compared to every eight minutes last financial year.