The Australian Directorate of Signals issued an urgent notice in 2021 for a critical vulnerability found in a web hosting and software platform used by the Australian military.
ForceNet is the secure social media and personnel communications platform for the Australian Defense Force.
The advisory said the vulnerability was being actively exploited in Australia and warned platform administrators to ensure patches were up to date and to review logs for malicious activity.
Defense Staff Minister Matt Keogh said on Monday that Defense had told staff that an outside contractor had been the target of a ransomware attack. That outside contractor was providing… a platform for Defense, which is like an internal social media platform that has data from 2018 on Defense personnel.”
“The defense has communicated with staff to ensure that individuals remain vigilant regarding their personal information in light of the recent cybersecurity attacks we have seen from various organizations in Australia,” Keogh said.
Keogh said up to 40,000 records were potentially kept on the target system and “we are connecting Defense personnel with a third-party provider to also support them if they need help protecting their identification documents or personal information.”
ForceNet is Defense’s seemingly secure, invite-only personal and social media communications platform. It was implemented to create a secure and authoritative clearinghouse without linking it to the Defense Restricted Network or Secret Network or publishing Defense material in the public domain.
Although ForceNet material is unclassified in nature, it can be accessed and content moderated by Defense controls.
Launched in 2014 as a kind of HR-meets-Facebook portal, ForceNet was built using the Sitecore software and web hosting suite, with Deloitte helping to build and maintain the platform.
ForceNet had initially been slated for reservists, but was later expanded to the entire military.
It is intentionally more functional, with fewer onerous security requirements so personnel can still communicate with colleagues, including overseas forces assigned to or integrated with Australian forces.
On November 5, 2021, the Australian Cyber Security Center, part of ASD, issued a public warning that “proof-of-concept exploit code for a remote code execution vulnerability (CVE-2021- 42237) in certain versions of Sitecore Experience Platform Content Management System (Sitecore XP)”.
Marked “Alert Status: CRITICAL,” the advisory warned that “successful exploitation of this vulnerability results in remote code execution that could allow an Internet-based actor to install malware or webshells and take other actions.”
“Australian organizations that have identified an Internet-exposed Sitecore XP instance vulnerable to CVE-2021-42237 should review logs for signs of malicious activity targeting the vulnerable Report.ashx file described in the Sitecore security bulletin,” it continued. The advertisement.
The latest suspected ransomware incident against a high-profile target follows major exfiltration incidents at Optus that affected 10 million people’s data, and Medibank Private that affected 4 million people.
Until now, both attacks have been characterized as criminal attacks rather than ‘sophisticated’ raids by state-sponsored APTs (advanced persistent threats).
Both Optus and Medibank Private have had major contracts with the Department of Defense, Optus for satellite communications and Medibank Private for Garrison Health, which serves as Defense’s health insurance provider, a contract that Medibank lost to BUPA, who officially took over. in July 2019.
With another defense provider now in the crosshairs, it remains to be seen if the criminal characterization of the recent attacks holds up.
The defense personnel minister said the department was “working now to get a full picture” of the situation.
“We’re working with that third-party provider to make sure we have a complete picture of what kind of data was there and available. We understand there may have been 30,000 to 40,000 records that they had,” Keogh said.
Defense declares anti-satellite missile ban