An Australian parliamentarian and three staffers were targeted in a successful WhatsApp hack believed to have been orchestrated by a “foreign state actor”, a Senate estimates hearing has been told.
The accounts of the parliamentarian, who was not named, and staff were ensnared in a “targeted phishing targeting parliamentarians and staff” on March 6, Department of Parliamentary Services chief information officer Mike Webb told the hearing on Monday.
Mr Webb said officials had received reports that WhatsApp accounts, which were attached to both personal and DPS managed devices, had been compromised and taken over, all in the same manner.
“On the 9th of March, we implemented a temporary block of WhatsApp web … and this is largely because these are personal WhatsApp accounts that we don’t manage or control,” he said, adding that the lockdown was lifted the following Sunday.
Asked who was behind the attack, Mr Webb said there was “evidence that is a foreign state actor”.
“There’s a lot of public reporting of state-sponsored WhatsApp phishing campaigns targeting government officials,” he said.
“Multiple governments worldwide have issued warnings on this type of attack, including Germany, the Netherlands, the US, a range of other countries.
“So, this is targeting our parliamentarians, but this is a genuine, global issue.”
At the time of the lockdown, officials did not know the extent of communications between officials over the personal WhatsApp accounts, Mr Webb said.
He said the “flow” was that an individual “masquerading as a trusted source” would reach out to another individual, such as another senator.
Asked if he had concerns about WhatsApp use, Mr Webb said regardless of the platform, parliamentarians would be “high-value targets”.
Deputy secretary and chief operating officer Nicola Hinder told the hearing that since March 31 there had been 46 detections of malware as well as more than 20,000 phishing attempts.
There were a further 1458 “cyber alerts, which are attempts to be able to bomb the website or details on the website” used by parliamentarians, she said.
“We’ve indicated before that we’ve had high number times, without talking about it too much,” she said.
“I think it’s also cyclical. I think there are times where we have much higher and times when obviously attention is diverted elsewhere.”
The hearing was told it was “very, very difficult, near impossible” to attribute the attacks to specific actors.
