Parliament hit by brute force 'attack'

·1-min read

Federal parliament has suffered a brute force attack, two years after cyber espionage by a sophisticated state actor thought to be China.

President of the Senate Scott Ryan told an estimates hearing on Monday the "malicious activity" lasted just under 24 hours.

He said it was unsuccessful and Department of Parliamentary Services networks were not compromised.

"I'm not going to get into a backdoor discussion of attribution," Senator Ryan said.

"What I can say about the attack is the following: On March 26, 2021, the DPS was the subject of malicious cyber activity."

"A malicious actor sought to access the DPS network accounts from MobileIron devices," he said, naming the commercial software used to manage the security and management of DPS-issued mobile devices.

He said "unsophisticated brute force tradecraft" was used.

The attempted hack sparked an outage for department-issued mobile phones and tablets from March 27 to April 5 as accounts were locked down.

Those controls were successful in blocking the malicious actor but also impacted legitimate users, Senator Ryan said.

"DPS has been and will remain an attractive target for malicious cyber activity, which is increasing in frequency and sophistication," he said.

The federal government had previously stopped short of describing the March incident at Parliament House as an "attack".

Australian Security Intelligence Organisation director-general Mike Burgess told a hearing last month he was not concerned by the latest outage.

A "sophisticated state actor" was detected in February 2019 conducting malicious activity within the networks of federal parliament and major Australian political parties.