Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Chinese cyber criminals allegedly target Australian power grid

Energy provider CS Energy, which operates the Kogan Creek and Collide power stations, almost fell victim to a ransomware attack.

user icon
Wed, 08 Dec 2021
Kogan Creek
expand image

Queensland-based CS Energy announced recently that it had responded to a ransomware attack that targeted the energy operator’s ICT network on the weekend of 27 November.

The company, which operates the Kogan Creek and Collide power stations, managed to narrowly avoid the shutdown of the generators.

According to the Daily Mail, the attackers were attempting to penetrate the company’s energy generators that provide some 3,500 megawatts of electricity for Queensland users. Media outlets have reported that the attacks stem from Chinese threat actors.

“CS Energy moved quickly to contain this incident by segregating the corporate network from other internal networks and enacting business continuity processes,” Andrew Bills, chief executive of CS Energy, said in a company release.

“We immediately notified relevant state and federal agencies, and are working closely with them and other cyber security experts.

“We have contacted our retail customers to reassure them that there is no impact to their electricity supply and we have been regularly briefing employees about our response to this incident.

“Unfortunately, cyber events are a growing trend in Australia and overseas. This incident may have affected our corporate network, but we are fortunate to have a resilient and highly skilled workforce who remain focused on ensuring CS Energy continues to deliver electricity to Queenslanders.”

Security researcher at Akamai Steve Ragan explained how such ransomware attacks have been used to extort businesses.

“Although each ransom group operates differently, this is typically part of the PR/marketing play for most ransom groups. They announce victims, which encourages them to negotiate, and if they don't pay, they leak their data. The 0.00 B in the file section (in the attached screen shot) tells you that the company is likely in active negotiations. Should they stall, the next step is to leak some of the data, or threaten to leak it. If negotiations fail, whatever data that was cloned (likely everything on the network depending on the reach the malware had before encryption) will be placed up for bid, or freely available, Ragan explained.

In November, the Coalition government has passed reforms to the Security Legislation Amendment (Critical Infrastructure) Bill 2020, designed to improve nationwide responses to cyber attacks on critical infrastructure.

Reforms include the provision of government assistance to industry as a last resort – subject to “appropriate limitations”.

Other amendments include the introduction of a cyber-incident reporting regime for critical infrastructure assets and expanding the definition of critical infrastructure.

The expanded definition would include:

  • energy;
  • communications;
  • financial services;
  • defence industry;
  • higher education and research;
  • data storage or processing;
  • food and grocery;
  • health care and medical;
  • space technology;
  • transport; and
  • water and sewerage sectors.

David Tudehope, CEO of Macquarie Telecom Group, has welcomed the reforms, noting they’re a step in the right direction.

“The whole economy depends on the proper functioning of these sectors, so it’s appropriate that their resilience and security are now being recognised as a shared responsibility, with government providing guidance and specialist assistance where necessary to the owners and operators of critical infrastructure and systems,” he said.

“As a long-time provider of data storage and cyber security services to government and critical infrastructure providers, Macquarie is very aware of the dynamic and increasingly volatile risk environment facing Australia’s digital infrastructure.

“These risks are significant and underscore the importance of a comprehensive approach to securing these systems and infrastructure.”

However, according to Tudehope, the amendments don’t go far enough in shoring up Australia’s data sovereignty.

“If Australia’s laws and authorities are to help secure and defend Australia's critical data assets, that data must first be brought within the remit of this new security regime,” he said.

“The same security expectations and standards should apply to it regardless of whether it is managed in-house, hosted by a third party, or located offshore.”

[Related: Australia joins chorus of democracies condemning China’s global cyber attacks]

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.