From itnews.com.au
Identity and amount of data exfiltrated still unknown.
The attacker that infiltrated the Australian National University’s enterprise systems built up a “shadow ecosystem” of compromised machines – physical and virtual – that allowed them to stay undetected for six weeks.The university released a 20-page post-incident report [pdf] on Wednesday that shone new light on the attack, which was publicly announced in June.
The intrusion was only detected in April “during a baseline threat hunting exercise”. ANU said it engaged defence contractor Northrop Grumman to lead the cleanup effort and forensics.ANU said the attack was initiated in November 2018 via a spearphishing email that was previewed by a senior staffer.