ANU attacker built ‘shadow ecosystem’ to stay hidden for six weeks

From itnews.com.au

ANU attacker built 'shadow ecosystem' to stay hidden for six weeks

Identity and amount of data exfiltrated still unknown.

The attacker that infiltrated the Australian National University’s enterprise systems built up a “shadow ecosystem” of compromised machines – physical and virtual – that allowed them to stay undetected for six weeks.The university released a 20-page post-incident report [pdf] on Wednesday that shone new light on the attack, which was publicly announced in June.

The intrusion was only detected in April “during a baseline threat hunting exercise”. ANU said it engaged defence contractor Northrop Grumman to lead the cleanup effort and forensics.ANU said the attack was initiated in November 2018 via a spearphishing email that was previewed by a senior staffer.

Read more…