This is a work in progress. While we strive for accuracy, some breach details may be incomplete or pending verification.

Bureau of Meteorology

Summary

The Bureau of Meteorology (BoM), which operates one of Australia's largest supercomputers and provides critical information to defence and security agencies, was compromised by a sophisticated state-sponsored cyber attack. The Australian Cyber Security Centre attributed the intrusion to a foreign intelligence service.

What Happened

In December 2015, the Australian Signals Directorate (ASD) detected Remote Access Tool (RAT) malware on the Bureau of Meteorology's network. The malicious software was described as "popular with state-sponsored cyber adversaries" and had been used in previous compromises of other Australian government networks.

The attackers gained unauthorised access to BoM's systems and searched for and copied an unknown quantity of documents from the network. ASD confirmed that information was likely stolen by the adversary. Multiple sources attributed the attack to China's intelligence services, though the Chinese government denied involvement.

The breach was particularly concerning because BoM is connected to other government agencies, including those involved in defence and security operations. This raised fears that the attackers could have used BoM's network as a stepping stone to access other sensitive government systems.

Impact on Individuals

While no personal data of Australian citizens was compromised, the breach had significant implications for national security:

  • Critical infrastructure vulnerability: The attack demonstrated that even highly secure government systems could be penetrated by sophisticated state actors
  • Defence implications: BoM provides weather data and computational services to defence and intelligence agencies
  • Potential for further intrusion: The attackers may have used access to BoM's network to probe connections to other government systems
  • Supercomputer access: BoM operates one of Australia's most powerful supercomputers, which could have been exploited for intelligence gathering or other purposes

Organisational Response

The Australian Cyber Security Centre (ACSC) worked to identify and remove the malicious software from BoM's systems. The incident prompted a broader review of security measures across Australian government networks and highlighted the ongoing threat from state-sponsored cyber espionage.

The breach occurred during a period of heightened awareness about sophisticated persistent threats targeting government infrastructure. It reinforced the need for enhanced cybersecurity measures and continuous monitoring of critical government systems.

Verification Source: View original statement