The Australian Signals Directorate issued an emergency advisory in 2021 for a critical vulnerability found in software and web hosting platforms used by the Australian military.
ForceNet is the Australian Defence Force’s secure social media and employee communications platform.
The bulletin said the vulnerability is being actively exploited in Australia, and warned platform administrators to ensure patches are up-to-date and to check logs for malicious activity.
Defense Secretary Matt Keogh said Monday that the Department of Defense has communicated with staff that outside contractors have been targeted by ransomware attacks. That outside contractor is providing… around a defense platform like an internal social media platform with 2018 data on defense personnel. “
“In light of the recent cybersecurity attacks we’ve seen from many organisations in Australia, the Ministry of Defence has engaged with staff to ensure that people are actually vigilant about their personal information,” Kehoe said.
Kehoe said that there may be as many as 40,000 records held on the target system, and “we are connecting defense personnel with outside vendors to support them if they need help securing their identification documents or personal information.”
ForceNet is Defence’s ostensibly secure, invitation-only employee and social media communications platform. It was deployed to create a secure, authoritative sharing hub without the need to link it to defense-restricted or covert networks and release defense materials in the public domain.
While ForceNet’s material is inherently unclassified, Defense Control can access it and adjust its content.
Deployed in 2014 as a Facebook-meets-human resources portal, ForceNet was built using Sitecore software and a web hosting suite, built and maintained in partnership with Deloitte.
ForceNet was originally planned for the reserve, but has since expanded to the entire military.
It has intentionally increased functionality and less onerous security requirements, so personnel can still communicate with colleagues, including overseas troops on missions or embedded in Australian forces.
On November 5, 2021, the Australian Cyber Security Centre, part of the ASD, issued a public warning that “a proof-of-concept vulnerability has been published for a remote code execution vulnerability (CVE-2021-42237) in certain versions of Sitecore Experience. Leverage the Code Platform (Sitecore XP) content management system.”
The bulletin, marked “Alert Status: Critical,” warns that “successful exploitation of this vulnerability could lead to remote code execution, which could allow an internet-based actor to install malware/or webshell and perform other actions.”
“Australian organizations that have identified Internet-exposed Sitecore XP instances vulnerable to CVE-2021-42237 should review logs for signs of malicious activity against the vulnerable Report.ashx file outlined in the Sitecore security bulletin,” the bulletin continued. said.
The latest ransomware incident against a high-profile target follows a major breach at Optus and Medibank Private that affected the data of 10 million people, while Medibank Private affected 4 million.
Both attacks have so far been characterized as criminal attacks, rather than “sophisticated” raids by state-backed APTs (Advanced Persistent Threats).
Both Optus and Medibank Private hold major DOD contracts, Optus is responsible for satellite communications, while Medibank Private is responsible for Garrison Health, the DOD’s health insurance provider, and Medibank lost the BUPA contract in July 2019 officially take over.
With another defense supplier now being targeted, it remains to be seen whether the criminal features of the recent attack remain.
The Defense Secretary said the Department of Defense is “now working to get a full picture” of the situation.
“We’re working with this outside vendor to make sure we have a complete picture of the type of data that exists and is available. We know they may be holding around 30,000 to 40,000 records,” Kehoe said.
Defense Department announces ban on anti-satellite missiles