New South Wales school online accounts were under attack from hackers on the same day the prime minister warned that businesses and government were being targeted by a state-based cyber actor.
Guardian Australia was informed on Friday that the Microsoft Sharepoint platform used by NSW schools was being exploited as part of a phishing campaign.
An email, seen by the Guardian, told users that a document had been shared with them through Microsoft OneNote, a collaborative note-taking app. Once they clicked on a link, it directed them to a login page on the NSW Schools Sharepoint, another collaborative platform.
The email, however, was a scam: a well-known phishing attempt that tries to collect user logins and passwords from people through exploiting the trust users have in Sharepoint.
It is a type of attack the Australian Cyber Security Centre warned in its Friday advisory following Scott Morrison’s announcement. It is not certain whether the attack was related to the campaign he outlined.
The link was removed after Guardian Australia approached the NSW Department of Education for comment.
A department spokeswoman said users were being educated in how to spot these kinds of phishing emails.
“When phishing is detected, the NSW Department of Education puts steps in place to control the impact and protect accounts and systems,” she said. “User awareness and education are ongoing activities at the Department of Education to reduce the likelihood of phishing being successful.”
The advisory released on Friday pointed to a number of known vulnerabilities in Sharepoint, Microsoft Internet Information Services and Citrix which can be exploited if government agencies and businesses have not patched their software.
Experts said the methods reported by the government on Friday were methods that could be prevented with appropriate cyber security measures in place but embarrassing for government agencies and businesses that fail to take cyber security seriously.
“[The state actor campaign] doesn’t look very sophisticated,” UNSW professor of cybersecurity Richard Buckland said. “It’s well-resourced in a large scale but I haven’t seen anything yet that’s super secret or super sinister. They’re using known techniques against known vulnerabilities and following known processes.”