Australia ACSC Home

LEO SATCOM Security Risks and Mitigations Guidance Released

ASD's ACSC, in collaboration with the Australian Space Agency, Canadian Centre for Cyber Security, NSA, and New Zealand National Cyber Security Centre, has published guidance on cyber security risks associated with Low Earth Orbit (LEO) satellite communication services. The guidance covers risks across space, ground, and user segments, addressing communication links, supply chains, and data management. The document provides key questions organisations should ask LEO SATCOM providers to assess security measures and resiliency.

ACSC Publishes Guidance on Frontier AI Cyber Threat Landscape

The Australian Cyber Security Centre (ACSC) has published guidance on how frontier artificial intelligence models are reshaping the cyber threat landscape, noting that AI is reducing the cost, effort and expertise required to discover and exploit software vulnerabilities. The guidance references Anthropic's Claude Mythos model having discovered long-standing vulnerabilities that survived decades of human review and millions of automated tests, in some cases resulting in sophisticated exploit development. ACSC recommends organisations implement mitigation strategies including reducing attack paths, adopting daily patching, using AI to identify vulnerabilities in software development, and implementing layered security aligned with defence-in-depth principles. The guidance references ASD's Information Security Manual and Essential Eight framework as baseline standards.

Joint Advisory on INC Ransom Cyber Threat Targeting Australia, New Zealand and Pacific

The Australian Cyber Security Centre (ACSC) has released a joint advisory with CERT Tonga and New Zealand's National Cyber Security Centre (NCSC) detailing the operations of INC Ransom, a Russian-based ransomware group that has targeted organisations in Australia and the Pacific since 2023. The advisory describes the group's tactics including spear-phishing, exploitation of unpatched internet-facing devices, and double-extortion techniques where stolen data is published to a leak site if ransom is not paid. The ACSC strongly recommends organisations and government ministries implement the outlined mitigations to reduce compromise risk.