From itnews.com.au
![ANU attacker built 'shadow ecosystem' to stay hidden for six weeks](https://i.nextmedia.com.au/Utils/ImageResizer.ashx?n=https%3a%2f%2fi.nextmedia.com.au%2fNews%2fANU.jpg&w=480&c=0&s=1)
Identity and amount of data exfiltrated still unknown.
The attacker that infiltrated the Australian National University’s enterprise systems built up a “shadow ecosystem” of compromised machines – physical and virtual – that allowed them to stay undetected for six weeks.The university released a 20-page post-incident report [pdf] on Wednesday that shone new light on the attack, which was publicly announced in June.
The intrusion was only detected in April “during a baseline threat hunting exercise”. ANU said it engaged defence contractor Northrop Grumman to lead the cleanup effort and forensics.ANU said the attack was initiated in November 2018 via a spearphishing email that was previewed by a senior staffer.