The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) investigation report details the theft of commercial secrets, data and information from the Australian arm of a multinational construction services company via their Managed Service Provider.
Managed Service Providers (MSPs) are attractive targets for state actors and cyber criminals. This investigation by the ASD’s ACSC is one example of how Australian organisations are at risk of commercial secrets, data and information theft via their MSP. This report details an ASD’s ACSC investigation. It includes technical findings and mitigation advice related to the compromise of the Australian arm of a multinational construction services company via their MSP.
The tactics, techniques and procedures (TTPs) observed in this compromise align with a public report titled “Operation Cloud Hopper”, which details APT10’s targeting of MSPs to leverage existing trust relationships with their customers and gain access to their customer networks.
For mitigation strategies to manage the security risks posed by engaging and authorising network access to MSPs, the ASD’s ACSC recommends reviewing the PROTECT product How to Manage Your Security When Engaging a Managed Service Provider.