Threat Watch

Breach of Australian Ship Builder being Ambiguously Attributed to Iran

A user calling themselves “the.joker” is attempting to sell information stolen from Australian ship builder Austal.  The information was stolen during a breach which was detected by the Australian government in mid-October, during the same time that Australian Prime Minister Scott Morrison announced that the Australian government would be re-evaluating their support for the Iranian nuclear deal.  The breach compromised staff email addresses, phone numbers, ship drawings, and design plans.  At this time the only link to the Iranian government is the timing of the attack, the fact that the information has been put up for sale is highly irregular if Iran is in fact behind the breach.  According to Australia’s cyber-security chief no one from his office would have claimed that Iran was behind the attack and that those claims originated with the local media.

ANALYST NOTES

While Iran would certainly stand to benefit from access to Naval Ship designs, it is unlikely that they would steal the plans only to then sell them on the darknet.