Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Hackers hit Queensland government agencies with phishing emails

Hackers have targeted over 1,300 Queensland public servants, forcing some to log back in after hours in an effort to extract sensitive information.

user icon
Thu, 08 Sep 2022
Hackers hit Queensland government agencies with phishing emails
expand image

The Queensland Department of Agriculture and Fisheries (DAF) is investigating the latest hacking attempt after some staff had reported being urged to log back in after hours on Friday last week to change their passwords after clicking through a suspicious email link.

Staff who had clicked through the link in the malicious email were taken to a prompt aimed to log back into their Microsoft account.

According to a department spokesperson, security protocols and concerned staff raised the alarm, describing the phishing attempt as a "malicious email with a voicemail attachment". The department's IT team has contacted those affected and has been liaising with the government’s Cyber Security Unit.

============
============

Commenting on the incident, the state Department of Communities, Housing and Digital Economy – in which the Cyber Security Unit sits – explained that the DAF phishing attempt was one of a number of government agencies reporting "increased levels" of such threats in the past fortnight.

"These types of phishing attempts are common across private and public sector agencies and are not believed to be specifically targeted towards government," the spokesperson said.

According to the Brisbane Times, multiple departmental staff, who had spoken anonymously as "they were not authorised to talk to media", revealed the issue came to light late on Friday afternoon when fielding calls from the IT team urging them to "log back in and change their password".

Many colleagues reported clicking through to a link in the email that had asked them to log back into their Microsoft account.

The department's "current understanding" was that no staff members had entered details into the phishing link according to the department spokesperson.

The situation will continue to be investigated and monitored, the spokesperson added, even though the ongoing risk has been identified as low impact and further activity was detected over the weekend.

"At this stage, there has been no compromise of any system," the spokesperson asserted.

[Related: Over half of Aussie firms’ supply chains impacted by ransomware]

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.