Cyber Intel Report  |  November 2020

Australian State and Local Government Threat Report

Crisis conditions created by COVID-19 accelerate the threat of hacktivism on Australian government entities

In 2020, Australian state governments were forced to implement unpopular measures to contain the spread of COVID-19. This is particularly true for Victoria where the restrictions and strict lockdown rules angered many residents and business owners who called for protests. Demonstrations and group gatherings were banned under Melbourne’s Stage 4 restrictions, meaning protest attendees face potential arrests and criminal prosecution. This, combined with a real risk of catching COVID-19, has driven the number of protesters down significantly. With the combination of a crisis situation, unpopular policies, and a lengthy physical lockdown, perfect conditions for hacktivism have thrived. In the second half of 2020, global hacktivist activity consisted primarily of website defacement and online defamation campaigns coordinated by opportunistic groups with relatively low, albeit increasing levels of capability.

Hacktivism during periods of conflict was recently demonstrated by several groups of Armenian hacktivists, leaking banking transaction data and the PII of up to 520,000 individuals in Azerbaijan. In Belarus, local hacktivist group targeted the website of the National Bank of Belarus in a DDoS attack. The DDoS attack was a response to the bank’s refusal to join nation-wide strikes that began with recent crackdowns on dissent following the likely rigged 2020 presidential elections in the country. Hacktivism will continue for as long as we have crises. It may be amplified further in the periods of COVID-19 lockdown when protesters are unable to meet in person.

Hacktivism has been declining in recent years, mainly due to the reduction in activity of groups of hacktivists operating under the decentralised “Anonymous” movement, which was responsible for many of the incidents reported globally. However, as the US dealt with widespread civil unrest in the wake of violent protests in Minneapolis over the death of George Floyd in May 2020, Anonymous activities returned, promising to expose crimes of the city’s police force. As a result, various forms of cyber attack have been attributed to the Anonymous movement in relation to the George Floyd protests. Whether Anonymous will continue in its campaign elsewhere in the world remains to be seen, however, the arrests following lockdown protests in Melbourne present the exact circumstances hacktivists are typically interested in. The last time Anonymous attacked an Australia-based government agency was when they defaced the website of Victoria Human Rights Commission in 2017, stating they deface websites of entities not supporting the freedom of speech and promoting information censorship.