According to an audit report that the Queensland Audit Office released on the 10th of November, it seems that the Queensland water supplier has been targeted by hackers for a period of nine months during which the threat actors hid on a server where information related to the mentioned supplier could be found.
In the report, the name of the entity is not specified directly, however, it was confirmed by ABC Australia, a publication that later asked the water authority about this topic, that the report points out to SunWater, which is the water supplier owned by the Australian government. The SunWater data breach let hackers remain undetected.
Sunwater takes cyber security very seriously and acknowledges the findings in the Queensland Audit Office report.
The SunWater Data Breach: What Happened
According to BleepingComputer, the time when the breach appeared was between 2020 and 2021, more specifically between August 2020 and May this year. The cybercriminals achieved access to a web server used by the water supplier to keep there their customer data.
It seems that the hackers’ goal was not data exfiltration. What they did with that access was to install a custom malware that had the role to