FOI Request LEX3637, Schedule of Released Documents [PDF 183KB] (pdf)
Download cached file | Download from AEC--- Page 1 --- Document No. Document Title Exemption Decision on Access Email dated 16 November 2022 – Internal AEC Email – Cyber Incident 11744 – Phishing email targeting indigenous inboxes s47E, 47F Release in part Email dated 17 November 2022 – Internal AEC Email – Phishing email targeting indigenous inboxes s47E, 47F Email dated 17 November 2022 – Internal AEC Email – Phishing email targeting indigenous inboxes s47E, 47F Release in part Release in part Email dated 30 November 2022 – Internal AEC Email – INC11744 Summary – AEC spear phishing campaign s47E, 47F Release in part Email dated 21 December 2022 – Internal AEC Email - INC11744 Summary – AEC spear phishing campaign s47E, 47F Release in part Email dated 16 November 2022 – Internal AEC Email - indigenous-tas@aec.gov.au have 12 Pending incoming emails s47F Email dated 16 November 2022 – Internal AEC Email – Phishing email targeting indigenous inboxes s47E, 47F Release in part Release in part RE: [ACSC-6029] Blocked email [SEC=OFFICIAL] S7(2A)(a)(vii) Access refused --- Page 2 --- Document No. Document Title Exemption Decision on Access RE: ACSC-6029 Blocked email [SEC=OFFICIAL] S7(2A)(a)(vii) Access refused EIC cyber brief 18.11.22 s47E, s22 Release in part EIC Agenda Paper 4a s47E, s22 Release in part 4a Paper – Cyber Security – Essential Eight – Nov 22 s47E, s22 Release in part Email dated 9 January 2023 - FOR ACTION: IDC Agenda_8/12 [SEC=OFFICIAL:Sensitive] s47E, 47F, s22 Release in part Attachment to Doc 13 - KG TPs - NIAA - Phishing attempt against the AEC s47E, s22 Release in part Email dated 12 January 2023 - FW: FOR ACTION: IDC Agenda_8/12 [SEC=OFFICIAL:Sensitive] s47E, 47F Release in part Attachment to Doc 15 - AEC TPs - Phishing attempt against the AEC and the EIAT s47E, s22 Release in part Email dated 1 December 2022 - FW: INC11744 summary - AEC spear phishing campaign [SEC=OFFICIAL:Sensitive] s47E, 47F Release in part --- Page 3 --- Document No. Document Title Exemption Decision on Access MH TPs - EIAT Board Meeting - 7 December 2022 (A2336504) s47E, 47F, s22 Release in part Email dated 5 December 2022 - RE: For awareness: AEC spear phishing campaign [SEC=OFFICIAL:Sensitive] s47E, 47F Release in part Email dated 21 December 2022 - RE: INC11744 summary - AEC spear phishing campaign [SEC=OFFICIAL:Sensitive] s47E, 47F Release in part
LEX3637 documents [ZIP 9.4MB] (zip)
Download cached ZIP | Download from AECZIP Contents
- Document 1 - FW_ Cyber Incident 11744 - Phishing email targeting indigenous inboxes _SEC_OFFICIAL_Sensitive_Redacted.pdf (pdf)
- Document 10 - EIC cyber brief 18.11.22_Redacted.pdf (pdf)
- Document 11 - EIC Agenda Paper 4a_Redacted.pdf (pdf)
- Document 12 - 4a Paper - Cyber Security Essential Eight - Nov 22_Redacted.pdf (pdf)
- Document 13 - FOR ACTION_IDC Agenda_8_12 _SEC=OFFICIAL_Sensitive__Redacted.pdf (pdf)
- Document 14 - FOR ACTION_ IDC Agenda_8_12 _SEC_OFFICIAL_Sensitive_Attachment_Redacted.pdf (pdf)
- Document 15 -FW_ FOR ACTION_ IDC Agenda_8_12 _SEC_OFFICIAL_Sensitive__Redacted.pdf (pdf)
- Document 16 - FW_ FOR ACTION_ IDC Agenda_8_12 _SEC_OFFICIAL_Sensitive_Attachment_Redacted.pdf (pdf)
- Document 17- FW_INC117744 summary - AEC spear phishing campaign _SEC_OFFICIAL_Sensitive__Redacted.pdf (pdf)
- Document 18 - MH TPs - EIAT Board Meeting - 7 December 2022 (A2336504)_Redacted.pdf (pdf)
- Document 19 - RE_ For awareness_ AEC spear phishing campaign _SEC_OFFICIAL_Sensitive__Redacted.pdf (pdf)
- Document 2 - FW_ Phishing email targeting indigenous inboxes _SEC_OFFICIAL_Sensitive_(1)_Redacted.pdf (pdf)
- Document 20 - RE_ INC11744 summary - AEC spear phishing campaign _SEC_OFFICIAL_Sensitive__Redacted.pdf (pdf)
- Document 3 - FW_ Phishing email targeting indigenous inboxes _SEC_OFFICIAL_Sensitive__Redacted.pdf (pdf)
- Document 4 - RE_ INC11744 summary - AEC spear phishing campaign _SEC_OFFICIAL_Sensitive_(1)_Redacted.pdf (pdf)
- Document 5 - RE_ INC11744 summary - AEC spear phishing campaign _SEC_OFFICIAL_Sensitive__Redacted.pdf (pdf)
- Document 6 - RE_ indigenous-tas@aec_gov_au have 12 Pending incoming emails _SEC_OFFICIAL_Redacted.pdf (pdf)
- Document 7 - RE_ Phishing email targeting indigenous inboxes _SEC_OFFICIAL_Sensitive__Redacted.pdf (pdf)
Document 1 - FW_ Cyber Incident 11744 - Phishing email targeting indigenous inboxes _SEC_OFFICIAL_Sensitive_Redacted.pdf (pdf)
Download file--- Page 1 --- Andrew Brooks Wednesday, 16 November 2022 11:37 AM Cyber Security; FW: Cyber Incident 11744 - Phishing email targeting indigenous inboxes [SEC=OFFICIAL:Sensitive] From: Sent: To: Subject: Fyi maybe also the Andrew Brooks | Director (ITSA) Cyber Security & Assurance Section | Electoral Integrity and Communications Branch Australian Electoral Commission From: Andrew Brooks Sent: Wednesday, 16 November 2022 11:36 AM To: John Forrest ; Brian Foo ; Julie Igglesden Subject: RE: Cyber Incident 11744 - Phishing email targeting indigenous inboxes [SEC=OFFICIAL:Sensitive] Hi All Regards Andrew Andrew Brooks | Director (ITSA) Cyber Security & Assurance Section | Electoral Integrity and Communications Branch Australian Electoral Commission From: Andrew Brooks Sent: Wednesday, 16 November 2022 10:36 AM To: John Forrest 1 s47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Es47E --- Page 2 --- Cc: Brian Foo Subject: FW: Cyber Incident 11744 - Phishing email targeting indigenous inboxes [SEC=OFFICIAL:Sensitive] Hi John As discussed Regards Andrew Andrew Brooks | Director (ITSA) Cyber Security & Assurance Section | Electoral Integrity and Communications Branch Australian Electoral Commission From: Andrew Brooks Sent: Wednesday, 16 November 2022 10:08 AM To: Brian Foo Cc: Julie Igglesden Subject: Cyber Incident 11744 - Phishing email targeting indigenous inboxes [SEC=OFFICIAL:Sensitive] Hi Brian Below is the current summary of the email attack targeting state indigenous group mailboxes inboxes (account harvesting attempt). Some additional points to note: This email campaign is very targeted Staff in the network managing the mailboxes have been contacted The emails are being removed from the mailboxes to avoid any future issues (completed 09:50) I’ve already given Julie a quick heads up given the thematic of the campaign and expect this will want a broader Integrity lens given the very specific targeting. along with any other relevant updates as more information becomes available. Regards 2 s47Fs47Fs47Fs47Fs47Fs47Es47Es47Es47E --- Page 3 --- Regards Andrew Andrew Brooks | Director (ITSA) Cyber Security & Assurance Section | Electoral Integrity and Communications Branch Australian Electoral Commission From: Sent: Wednesday, 16 November 2022 9:40 AM To: Subject: Phishing email targeting indigenous inboxes [SEC=OFFICIAL] ; Andrew Brooks Hi Andrew and from the Victorian State Office notified us yesterday evening at 6.19pm about a suspicious email. After initial investigations (starting at 8.15am this morning) this appears to be a phishing campaign sent to 8 Indigenous AEC email accounts: indigenous@aec.gov.au indigenous-sa@aec.gov.au indigenous-wa@aec.gov.au indigenous-vic@aec.gov.au indigenous-tas@aec.gov.au indigenous-qld@aec.gov.au indigenous-nt@aec.gov.au indigenous-nsw@aec.gov.au Using the subject line: [recipient email address] have 12 Pending incoming emails 3 s47Fs47Fs47Fs47Fs47Fs47Fs47E --- Page 4 --- --- Page 5 --- | Cyber Security Analyst Cyber Security & Assurance Section | Electoral Integrity and Communications Branch Australian Electoral Commission 5 s47Fs47F
Document 10 - EIC cyber brief 18.11.22_Redacted.pdf (pdf)
Download file--- Page 1 --- --- Page 2 --- s22 --- Page 3 --- OFFICIAL: Sensitive . Cyber Security Incidents INC11744 summary - AEC spear phishing campaign Email details On 14 November 2022, at 22:52, a series of emails were sent to the AEC’s eight IEPP mailboxes, The list of recipients is as follows: • • • • • • • • indigenous@aec.gov.au indigenous-sa@aec.gov.au indigenous-wa@aec.gov.au indigenous-vic@aec.gov.au indigenous-tas@aec.gov.au indigenous-qld@aec.gov.au indigenous-nt@aec.gov.au indigenous-nsw@aec.gov.au Electoral Integrity Committee – Cyber Security Brief Page 3 s22s22s22s22s22s22s22s47E --- Page 4 --- OFFICIAL: Sensitive : VIC State Office users correctly identified the illegitimacy of the email they had received, and reported the incident to Cyber Security via email at 18:19 that same day. Electoral Integrity Committee – Cyber Security Brief Page 4 s47Es47Es47Es47Es47Es47Es47E --- Page 5 --- OFFICIAL: Sensitive Summary Electoral Integrity Committee – Cyber Security Brief Page 5 s47Es47Es47Es47Es47E --- Page 6 --- s22 --- Page 7 --- s22
Document 11 - EIC Agenda Paper 4a_Redacted.pdf (pdf)
Download file--- Page 1 ---
Document 12 - 4a Paper - Cyber Security Essential Eight - Nov 22_Redacted.pdf (pdf)
Download file--- Page 1 --- --- Page 2 --- OFFICIAL: Sensitive Key risks 4. Recommendations It is recommended that Committee note the cyber security updates provided in person and within Attachment A “EIC cyber brief 18.11.22” Prepared by: Andrew Brooks, Director Cyber Security & Assurance 18 November 2022 Cleared by: Brian Foo, A/g Assistant Commissioner, Electoral Integrity & Communications 21 November 2022 Cleared by ELT: John Forrest, A/g First Assistant Commissioner Electoral Integrity & Operations Select date Attachments: A: EIC 4a Cyber Brief Attachment A Agenda Paper: Electoral Integrity Committee (EIC) Page 2 OFFICIAL: Sensitive s22
Document 13 - FOR ACTION_IDC Agenda_8_12 _SEC=OFFICIAL_Sensitive__Redacted.pdf (pdf)
Download file--- Page 1 --- From: Sent: To: Cc: Subject: Attachments: Hi Matt Monday, 9 January 2023 2:58 PM Matthew Haigh ; EIAT FOR ACTION: IDC Agenda_8/12 [SEC=OFFICIAL:Sensitive] KG TPs - NIAA - Phishing attempt against the AEC.docx As requested by Dr Gleeson / Mr Lynch late last year (see below thread), please see attached talking points on the spear phishing attempt against the AEC in November 2022, reported to the EIAT and queried by the NIAA. For quick reference, the NIAA has asked for: - Clarity re the purpose of the attack, trends, and what the overall risks are. Also would be good to understand what the EIAT is and whether a referendum specific one is needed. We have also provided context regarding the EIAT and its potential role for the proposed referendum, including that the Board intends to brief the NIAA / Referendum IDC. For your review and clearance to Michael please. Kind regards | Assistant Director Defending Democracy Unit | Electoral Integrity and Communications Branch Australian Electoral Commission From: Sent: Monday, 9 January 2023 2:32 PM To: Subject: RE: IDC Agenda_8/12 [SEC=OFFICIAL:Sensitive] Thanks Agree, let’s put it up with a caveated date ( Regards 1 s47Es47Es47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47F --- Page 2 --- | Acting Director Defending Democracy Unit | Electoral Integrity and Communications Branch Australian Electoral Commission From: Sent: Monday, 9 January 2023 2:01 PM To: Subject: RE: IDC Agenda_8/12 [SEC=OFFICIAL:Sensitive] Thanks, – updated and attached. advice that they don’t expect anything fulsome, wondering if we should now progress through Matt and Michael to ensure Kath receives this in “early January” as requested? Kind regards | Assistant Director Defending Democracy Unit | Electoral Integrity and Communications Branch Australian Electoral Commission From: Sent: Friday, 6 January 2023 11:39 AM To: Subject: RE: IDC Agenda_8/12 [SEC=OFFICIAL:Sensitive] Thanks sounds sensible. Just so I don’t forget, there’s a typo in there “form” instead of “from” ). Let’s correct that next week. Regards | Acting Director Defending Democracy Unit | Electoral Integrity and Communications Branch Australian Electoral Commission 2 s47Es47Es47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47F --- Page 3 --- From: Sent: Thursday, 5 January 2023 12:51 PM To: Subject: FW: IDC Agenda_8/12 [SEC=OFFICIAL:Sensitive] Hi I don’t foresee necessity for these to be provided to Dr Gleeson this week, but for your visibility at this stage, please see draft talking points re the recent phishing attempt attached. the week should be considerate enough before progressing without. think waiting until the end of Happy to discuss. Kind regards | Assistant Director Defending Democracy Unit | Electoral Integrity and Communications Branch Australian Electoral Commission From: Michael Lynch Sent: Wednesday, 21 December 2022 4:00 PM To: AEC - Cc: (OFFICIAL) Matthew Haigh (OFFICIAL-AEC) Subject: RE: IDC Agenda_8/12 [SEC=OFFICIAL:Sensitive] Thanks – note I changed email to be AEC. Regards Michael Lynch | First Assistant Commissioner Electoral Integrity and Operations Group Australian Electoral Commission From: AEC - Sent: Wednesday, 21 December 2022 2:46 PM To: Michael Lynch 3 s47Es47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47F --- Page 4 --- Cc: Matthew Haigh Subject: RE: IDC Agenda_8/12 [SEC=OFFICIAL:Sensitive] (OFFICIAL) Thanks, Michael. OFFICIAL:Sensitive We are consulting the Cyber Security team to assist in updating our existing talking points on this subject. Once complete, we’ll seek Matt’s review/clearance ahead of providing to you and Kath. Kind regards From: AEC - LYNCH,Michael Sent: Wednesday, 21 December 2022 7:07 AM To: AEC - IGGLESDEN,Julie Cc: AEC - HAIGH,Matthew Subject: FW: IDC Agenda_8/12 [SEC=OFFICIAL:Sensitive] Hi Julie & Kath’s request for some talking points please. – just looping you in. You’ll see further info below regarding EIAT and the phishing attempt and OFFICIAL:Sensitive Regards Michael Lynch From: AEC - GLEESON,Kath Sent: Tuesday, 20 December 2022 9:43 PM To: AEC - HAIGH,Matthew Subject: FW: IDC Agenda_8/12 [SEC=OFFICIAL:Sensitive] ; AEC - LYNCH,Michael Hey – see trail below. In the new year, could you pls provide me with some TPs so I can speak to this in the IDC? OFFICIAL:Sensitive Kath Gleeson First Assistant Commissioner & National Election Manager Service Delivery Group Australian Electoral Commission From: Sent: Tuesday, 20 December 2022 1:47 PM To: AEC - GLEESON,Kath Subject: RE: IDC Agenda_8/12 [SEC=OFFICIAL:Sensitive] Hi Kath, Sorry for the confusion. OFFICIAL: Sensitive 4 s47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47F --- Page 5 --- The meeting on the 13th will be outside of IDC, with are attending from NIAA. Regards, From: AEC - GLEESON,Kath Sent: Friday, 9 December 2022 2:58 PM To: Cc: AEC - SCANDRETT,Natasha >; AEC - SO,Sally Subject: RE: IDC Agenda_8/12 [SEC=OFFICIAL:Sensitive] OK, thanks has come through today? I assume we will cover this at the meeting on Friday, 13 January 2023 1:30 PM-2:30 PM that OFFICIAL:Sensitive Cheers – Kath. Kath Gleeson First Assistant Commissioner & National Election Manager Service Delivery Group Australian Electoral Commission From: Sent: Friday, 9 December 2022 12:06 PM To: AEC - GLEESON,Kath Cc: AEC - SCANDRETT,Natasha ; AEC - SO,Sally Subject: RE: IDC Agenda_8/12 [SEC=OFFICIAL:Sensitive] Hi Kath! OFFICIAL: Sensitive Apologies about the mix up and I didn’t mean to put AEC on the spot. We received the below notification from the Electoral Integrity Assurance Taskforce (EIAT) about a phishing attempt on the AEC. I think it would be good to get clarity re the purpose of the attack, trends, and what the overall risks are. Also would be good to understand what the EIAT is and whether a referendum specific one is needed. At the last IDC it was decided to have a 1 hour session in January to cover it all off. Is that okay? Regards, From: EIAT <EIAT@aec.gov.au> Sent: Thursday, 1 December 2022 3:28 PM To: 5 s47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47F --- Page 6 --- Subject: For awareness: AEC spear phishing campaign [SEC=OFFICIAL:Sensitive] CAUTION: This email originated from outside of the organisation. Do not follow guidance, click links, or open attachments unless you recognise the sender and know the content is safe. Good afternoon EIAT members For your information and awareness, we would like to bring to your attention a recent ‘spear phishing’ email campaign at the AEC. The detail of these emails is below. AEC systems were not compromised in any way. We believe this is worthwhile sharing with the EIAT on the basis that despite being contained by the AEC, the campaign appears targeted and somewhat sophisticated. It is possible it relates to the proposed referendum given the targeting of AEC’s Indigenous Electoral Participation Program mailboxes. It is a reminder that the cyber threat environment for the proposed referendum is unlikely to be lower than for a federal election. Email details On 14 November 2022, at 22:52, a series of emails were sent to the AEC’s eight IEPP mailboxes, from the falsified email address support[@]aec.gov.au, with the subject ‘[email address] have 12 Pending incoming emails’. The list of recipients is as follows: • • • • • • • • indigenous@aec.gov.au indigenous-sa@aec.gov.au indigenous-wa@aec.gov.au indigenous-vic@aec.gov.au indigenous-tas@aec.gov.au indigenous-qld@aec.gov.au indigenous-nt@aec.gov.au indigenous-nsw@aec.gov.au 6 s47Es47Es47F --- Page 7 --- Thanks, | Project Officer Defending Democracy Unit | Electoral Integrity and Communications Branch Australian Electoral Commission OFFICIAL: Sensitive If you have received this transmission in error please notify us immediately by return e-mail and delete all copies. If this e-mail or any attachments have been sent to you in error, that error does not constitute waiver of any confidentiality, privilege or copyright in respect of information in the e-mail or attachments. From: AEC - GLEESON,Kath Sent: Thursday, 8 December 2022 2:02 PM To: Cc: AEC - SCANDRETT,Natasha AEC - SO,Sally 7 s47Es47Fs47Fs47Fs47Fs47F --- Page 8 --- Subject: FW: IDC Agenda_8/12 [SEC=OFFICIAL:Sensitive] Hi a clash); I’m not clear where this came from – can you advise? – I see we were down on the agenda for an item on phishing (apologies I couldn’t attend today – I had OFFICIAL:Sensitive Cheers – Kath. Kath Gleeson First Assistant Commissioner & National Election Manager Service Delivery Group Australian Electoral Commission From: Sent: Wednesday, 7 December 2022 1:41 PM To: Cc: Subject: IDC Agenda_8/12 [SEC=OFFICIAL:Sensitive] Good afternoon, OFFICIAL: Sensitive Please find attached the IDC meeting agenda for Thursday 8 December. Please note that tomorrow’s meeting is from 10:30 – 11:00. Regards, Constitutional Recognition Policy | Recognition and Empowerment Branch | Strategic Policy Group National Indigenous Australians Agency 8 s47Fs47Fs47Fs47Fs47Fs47Fs47F --- Page 9 --- Charles Perkins House 16 Bowes Place Phillip ACT 2606| PO Box 6500 CANBERRA ACT 2600 w. niaa.gov.au w. indigenous.gov.au The National Indigenous Australians Agency acknowledges the traditional owners and custodians of country throughout Australia and acknowledges their continuing connection to land, waters and community. We pay our respects to the people, the cultures and the elders past, present and emerging. ______________________________________________________________________ IMPORTANT: This message, and any attachments to it, contains information that is confidential and may also be the subject of legal professional or other privilege. If you are not the intended recipient of this message, you must not review, copy, disseminate or disclose its contents to any other party or take action in reliance of any material contained within it. If you have received this message in error, please notify the sender immediately by return email informing them of the mistake and delete all copies of the message from your computer system. ______________________________________________________________________ Notice: The information contained in this email message and any attached files may be confidential information, and may also be the subject of legal professional privilege. If you are not the intended recipient, any use, disclosure or copying of this email is unauthorised. If you received this email in error, please notify the sender by contacting the department's switchboard on 1300 566 046 during business hours (8am - 5pm Canberra time) and delete all copies of this transmission together with any attachments. ______________________________________________________________________ IMPORTANT: This message, and any attachments to it, contains information that is confidential and may also be the subject of legal professional or other privilege. If you are not the intended recipient of this message, you must not review, copy, disseminate or disclose its contents to any other party or take action in reliance of any material contained within it. If you have received this message in error, please notify the sender immediately by return email informing them of the mistake and delete all copies of the message from your computer system. ______________________________________________________________________ Notice: The information contained in this email message and any attached files may be confidential information, and may also be the subject of legal professional privilege. If you are not the intended recipient, any use, disclosure or copying of this email is unauthorised. If you received this email in error, please notify the 9 s47F --- Page 10 --- sender by contacting the department's switchboard on 1300 566 046 during business hours (8am - 5pm Canberra time) and delete all copies of this transmission together with any attachments. ______________________________________________________________________ IMPORTANT: This message, and any attachments to it, contains information that is confidential and may also be the subject of legal professional or other privilege. If you are not the intended recipient of this message, you must not review, copy, disseminate or disclose its contents to any other party or take action in reliance of any material contained within it. If you have received this message in error, please notify the sender immediately by return email informing them of the mistake and delete all copies of the message from your computer system. ______________________________________________________________________ Notice: The information contained in this email message and any attached files may be confidential information, and may also be the subject of legal professional privilege. If you are not the intended recipient, any use, disclosure or copying of this email is unauthorised. If you received this email in error, please notify the sender by contacting the department's switchboard on 1300 566 046 during business hours (8am - 5pm Canberra time) and delete all copies of this transmission together with any attachments. Notice: The information contained in this email message and any attached files may be confidential information, and may also be the subject of legal professional privilege. If you are not the intended recipient, any use, disclosure or copying of this email is unauthorised. If you received this email in error, please notify the sender by contacting the department's switchboard on 1300 566 046 during business hours (8am - 5pm Canberra time) and delete all copies of this transmission together with any attachments. 10
Document 14 - FOR ACTION_ IDC Agenda_8_12 _SEC_OFFICIAL_Sensitive_Attachment_Redacted.pdf (pdf)
Download file--- Page 1 --- Electoral Integrity and Communications Branch: Cyber Security Spear Phishing Attempt Against the AEC Overview • There was a ‘spear phishing’ email campaign against the AEC in November 2023. • AEC systems were not compromised in any way and the incident was managed internally. • • We shared this information with the EIAT on the basis that despite being contained, the campaign appeared targeted and somewhat sophisticated. • It is also a reminder to be vigilant against cyber threats in the lead up to, and throughout, the proposed referendum. Background • • • • • • Spear Phishing Attempt Against the AEC Page 1 s22s47Es47Es47Es47Es47Es47Es47Es47E
Document 15 -FW_ FOR ACTION_ IDC Agenda_8_12 _SEC_OFFICIAL_Sensitive__Redacted.pdf (pdf)
Download file--- Page 1 --- From: Sent: To: Cc: Subject: Attachments: Hi Thursday, 12 January 2023 12:09 PM EIAT FW: FOR ACTION: IDC Agenda_8/12 [SEC=OFFICIAL:Sensitive] AEC TPs - Phishing attempt against the AEC and the EIAT.docx In response to Kath’s suggestion for discourse on the below topics in the Voice meeting tomorrow, please see some high-level talking points for your review and clearance to Matt attached (the EIAT section of the original talking points is what has been updated). After Matt has approved, think it’ll be worth sharing with Kath/others for visibility. Happy to discuss. Kind regards | Assistant Director Defending Democracy Unit | Electoral Integrity and Communications Branch Australian Electoral Commission From: Kath Gleeson Sent: Tuesday, 10 January 2023 9:23 PM To: Cc: Michael Lynch Matthew Haigh Subject: RE: FOR ACTION: IDC Agenda_8/12 [SEC=OFFICIAL:Sensitive] ; John Forrest Wonderful, thanks I will share the general response with NIAA but given the mis/dis meeting has been set up now for Friday it will make most sense for Matt to provide this context in that session. And on the topic of Friday’s meeting, I have forwarded another invitation that has come from NIAA. @Matthew – pls invite anyone from your team you want there (EES, perhaps?). - - I intend to open given I kind of instigated this joining up (unless I will perhaps throw to Matt for some info on: does) o Briefly what EIAT is and what was done in mis/dis space for 22FE o What we intend to do for 23Ref o What we won’t do (I’m happy to speak to this if needed. But it is basically anything not relating to process of the referendum, e.g. operation of The Voice etc.) - I understand there will be reps from AGD, DoF, Infra & Comms and Home Affairs NIAA. 1 s47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47F --- Page 2 --- Cheers – Kath. Kath Gleeson | First Assistant Commissioner & National Election Manager Service Delivery Group Executive Leadership Team Australian Electoral Commission EA: EO: From: Sent: Tuesday, 10 January 2023 4:42 PM To: Kath Gleeson Cc: Michael Lynch Matthew Haigh Subject: FW: FOR ACTION: IDC Agenda_8/12 [SEC=OFFICIAL:Sensitive] Hi Kath Please see the attached talking points, now cleared by AC EICB Matt Haigh, regarding the below email thread and request for information from the NIAA in December. For quick reference, the NIAA has asked for: - Clarity re the purpose of the [spear phishing] attack, trends, and what the overall risks are. Also would be good to understand what the EIAT is and whether a referendum specific one is needed. This topic may be raised during the VOICE Mis/Disinformation meeting with the NIAA (and others) on Friday 13 January 2022. If that is the case, Matt is attending and is comfortable talking to the subject given the EICB equites as well as his role as Chair of the Electoral Integrity Assurance Taskforce if you would like. In response to NIAA’s queries at a high-level: - - Information about the EIAT is within the talking points, including the EIAT Board’s intention to brief the NIAA / Referendum IDC about the EIAT and its potential role during the proposed referendum – likely to occur soon or at least within qtr. 1 2023 (to be scheduled by PM&C). Please let me know if you have any questions. Kind regards Anna | Assistant Director 2 s47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47E --- Page 3 --- Defending Democracy Unit | Electoral Integrity and Communications Branch Australian Electoral Commission From: Michael Lynch Sent: Wednesday, 21 December 2022 4:00 PM To: AEC - Cc: (OFFICIAL) Matthew Haigh (OFFICIAL-AEC) Subject: RE: IDC Agenda_8/12 [SEC=OFFICIAL:Sensitive] Thanks – note I changed email to be AEC. Regards Michael Lynch | First Assistant Commissioner Electoral Integrity and Operations Group Australian Electoral Commission From: AEC - Sent: Wednesday, 21 December 2022 2:46 PM To: Michael Lynch Cc: Matthew Haigh < Subject: RE: IDC Agenda_8/12 [SEC=OFFICIAL:Sensitive] ; (OFFICIAL) Thanks, Michael. OFFICIAL:Sensitive We are consulting the Cyber Security team to assist in updating our existing talking points on this subject. Once complete, we’ll seek Matt’s review/clearance ahead of providing to you and Kath. Kind regards Anna From: AEC - LYNCH,Michael Sent: Wednesday, 21 December 2022 7:07 AM To: AEC - IGGLESDEN,Julie > ; AEC - BATTEN,Anastasia Cc: AEC - HAIGH,Matthew Subject: FW: IDC Agenda_8/12 [SEC=OFFICIAL:Sensitive] OFFICIAL:Sensitive 3 s47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47F --- Page 4 --- Hi Julie & Kath’s request for some talking points please. – just looping you in. You’ll see further info below regarding EIAT and the phishing attempt and Regards Michael Lynch From: AEC - GLEESON,Kath Sent: Tuesday, 20 December 2022 9:43 PM To: AEC - HAIGH,Matthew Subject: FW: IDC Agenda_8/12 [SEC=OFFICIAL:Sensitive] AEC - LYNCH,Michael Hey – see trail below. In the new year, could you pls provide me with some TPs so I can speak to this in the IDC? OFFICIAL:Sensitive Kath Gleeson First Assistant Commissioner & National Election Manager Service Delivery Group Australian Electoral Commission From: Sent: Tuesday, 20 December 2022 1:47 PM To: AEC - GLEESON,Kath Subject: RE: IDC Agenda_8/12 [SEC=OFFICIAL:Sensitive] Hi Kath, Sorry for the confusion. OFFICIAL: Sensitive The meeting on the 13th will be outside of IDC, with are attending from NIAA. Regards, From: AEC - GLEESON,Kath Sent: Friday, 9 December 2022 2:58 PM To: Cc: AEC - SCANDRETT,Natasha ; Subject: RE: IDC Agenda_8/12 [SEC=OFFICIAL:Sensitive] >; AEC - SO,Sally OK, thanks has come through today? I assume we will cover this at the meeting on Friday, 13 January 2023 1:30 PM-2:30 PM that OFFICIAL:Sensitive Cheers – Kath. 4 s47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47F --- Page 5 --- --- Page 6 --- Good afternoon EIAT members For your information and awareness, we would like to bring to your attention a recent ‘spear phishing’ email campaign at the AEC. The detail of these emails is below. AEC systems were not compromised in any way. We believe this is worthwhile sharing with the EIAT on the basis that despite being contained by the AEC, the campaign appears targeted and somewhat sophisticated. It is possible it relates to the proposed referendum given the targeting of AEC’s Indigenous Electoral Participation Program mailboxes. It is a reminder that the cyber threat environment for the proposed referendum is unlikely to be lower than for a federal election. Email details On 14 November 2022, at 22:52, a series of emails were sent to the AEC’s eight IEPP mailboxes, from the falsified email address support[@]aec.gov.au, with the subject ‘[email address] have 12 Pending incoming emails’. The list of recipients is as follows: • • • • • • • • indigenous@aec.gov.au indigenous-sa@aec.gov.au indigenous-wa@aec.gov.au indigenous-vic@aec.gov.au indigenous-tas@aec.gov.au indigenous-qld@aec.gov.au indigenous-nt@aec.gov.au indigenous-nsw@aec.gov.au 6 s47Es47E --- Page 7 --- Thanks, | Project Officer Defending Democracy Unit | Electoral Integrity and Communications Branch Australian Electoral Commission OFFICIAL: Sensitive If you have received this transmission in error please notify us immediately by return e-mail and delete all copies. If this e-mail or any attachments have been sent to you in error, that error does not constitute waiver of any confidentiality, privilege or copyright in respect of information in the e-mail or attachments. From: AEC - GLEESON,Kath Sent: Thursday, 8 December 2022 2:02 PM To: Cc: AEC - SCANDRETT,Natasha ; AEC - SO,Sally 7 s47Fs47Fs47Fs47Fs47Fs47E --- Page 8 --- Subject: FW: IDC Agenda_8/12 [SEC=OFFICIAL:Sensitive] Hi a clash); I’m not clear where this came from – can you advise? – I see we were down on the agenda for an item on phishing (apologies I couldn’t attend today – I had OFFICIAL:Sensitive Cheers – Kath. Kath Gleeson First Assistant Commissioner & National Election Manager Service Delivery Group Australian Electoral Commission From: Sent: Wednesday, 7 December 2022 1:41 PM To: Cc: Subject: IDC Agenda_8/12 [SEC=OFFICIAL:Sensitive] Good afternoon, OFFICIAL: Sensitive Please find attached the IDC meeting agenda for Thursday 8 December. Please note that tomorrow’s meeting is from 10:30 – 11:00. Regards, Constitutional Recognition Policy | Recognition and Empowerment Branch | Strategic Policy Group National Indigenous Australians Agency 8 s47Fs47Fs47Fs47Fs47Fs47Fs47F --- Page 9 --- Charles Perkins House 16 Bowes Place Phillip ACT 2606| PO Box 6500 CANBERRA ACT 2600 w. niaa.gov.au w. indigenous.gov.au The National Indigenous Australians Agency acknowledges the traditional owners and custodians of country throughout Australia and acknowledges their continuing connection to land, waters and community. We pay our respects to the people, the cultures and the elders past, present and emerging. ______________________________________________________________________ IMPORTANT: This message, and any attachments to it, contains information that is confidential and may also be the subject of legal professional or other privilege. If you are not the intended recipient of this message, you must not review, copy, disseminate or disclose its contents to any other party or take action in reliance of any material contained within it. If you have received this message in error, please notify the sender immediately by return email informing them of the mistake and delete all copies of the message from your computer system. ______________________________________________________________________ Notice: The information contained in this email message and any attached files may be confidential information, and may also be the subject of legal professional privilege. If you are not the intended recipient, any use, disclosure or copying of this email is unauthorised. If you received this email in error, please notify the sender by contacting the department's switchboard on 1300 566 046 during business hours (8am - 5pm Canberra time) and delete all copies of this transmission together with any attachments. ______________________________________________________________________ IMPORTANT: This message, and any attachments to it, contains information that is confidential and may also be the subject of legal professional or other privilege. If you are not the intended recipient of this message, you must not review, copy, disseminate or disclose its contents to any other party or take action in reliance of any material contained within it. If you have received this message in error, please notify the sender immediately by return email informing them of the mistake and delete all copies of the message from your computer system. ______________________________________________________________________ Notice: The information contained in this email message and any attached files may be confidential information, and may also be the subject of legal professional privilege. If you are not the intended recipient, any use, disclosure or copying of this email is unauthorised. If you received this email in error, please notify the 9 s47F --- Page 10 --- sender by contacting the department's switchboard on 1300 566 046 during business hours (8am - 5pm Canberra time) and delete all copies of this transmission together with any attachments. ______________________________________________________________________ IMPORTANT: This message, and any attachments to it, contains information that is confidential and may also be the subject of legal professional or other privilege. If you are not the intended recipient of this message, you must not review, copy, disseminate or disclose its contents to any other party or take action in reliance of any material contained within it. If you have received this message in error, please notify the sender immediately by return email informing them of the mistake and delete all copies of the message from your computer system. ______________________________________________________________________ Notice: The information contained in this email message and any attached files may be confidential information, and may also be the subject of legal professional privilege. If you are not the intended recipient, any use, disclosure or copying of this email is unauthorised. If you received this email in error, please notify the sender by contacting the department's switchboard on 1300 566 046 during business hours (8am - 5pm Canberra time) and delete all copies of this transmission together with any attachments. Notice: The information contained in this email message and any attached files may be confidential information, and may also be the subject of legal professional privilege. If you are not the intended recipient, any use, disclosure or copying of this email is unauthorised. If you received this email in error, please notify the sender by contacting the department's switchboard on 1300 566 046 during business hours (8am - 5pm Canberra time) and delete all copies of this transmission together with any attachments. 10
Document 16 - FW_ FOR ACTION_ IDC Agenda_8_12 _SEC_OFFICIAL_Sensitive_Attachment_Redacted.pdf (pdf)
Download file--- Page 1 --- Electoral Integrity and Communications Branch: Cyber Security Spear Phishing Attempt Against the AEC Overview • There was a ‘spear phishing’ email campaign against the AEC in November 2023. A phishing campaign is typically an email scam designed to steal personal information from victims and spear phishing is when the campaign is targeted or more specific to the recipient/s. • AEC systems were not compromised in any way and the incident was managed internally. • . • We shared this information with the EIAT on the basis that despite being contained, the campaign appeared targeted and somewhat sophisticated. • It is also a reminder to be vigilant against cyber threats in the lead up to, and throughout, the proposed referendum. Background • • • • • • • Spear Phishing Attempt Against the AEC Page 1 s47Es47Es47Es47Es47Es47Es47Es47Es22s22s22 --- Page 2 --- Spear Phishing Attempt Against the AEC Page 2 s22s22
Document 17- FW_INC117744 summary - AEC spear phishing campaign _SEC_OFFICIAL_Sensitive__Redacted.pdf (pdf)
Download file--- Page 1 --- From: Sent: To: Cc: Subject: Julie Igglesden Thursday, 1 December 2022 9:54 AM EIAT FW: INC11744 summary - AEC spear phishing campaign [SEC=OFFICIAL:Sensitive] I am happy for this to go out to EIAT today from the mailbox. Please include the more detailed explanation in Jeff’s pack for Wednesday. Cheers Julie Igglesden | Director Defending Democracy Unit | Electoral Integrity and Communications Branch Australian Electoral Commission From: Sent: Thursday, 1 December 2022 9:50 AM To: EIAT <EIAT@aec.gov.au>; Andrew Brooks Cc: ; Julie Igglesden Subject: RE: INC11744 summary - AEC spear phishing campaign [SEC=OFFICIAL:Sensitive] Hi Andrew has now approved a revised version of this being shared with EIAT, as below. We’ve further modified this to strengthen the emphasis there was no compromise, and removed unnecessary detail about the AEC’s internal response. It is primarily the targeted nature of the content that should be relevant for EIAT’s purposes. Dear EIAT members For your information and awareness, we would like to bring to your attention a recent ‘spear phishing’ email campaign at the AEC. The detail of these emails is below. AEC systems were not compromised in any way. We believe this is worthwhile sharing with the EIAT on the basis that despite being contained by the AEC, the campaign appears targeted and somewhat sophisticated. It is possible it relates to the proposed referendum given the targeting of AEC’s Indigenous Electoral Participation Program mailboxes. It is a reminder that the cyber threat environment for the proposed referendum is unlikely to be lower than for a federal election. 1 s47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47E --- Page 2 --- Email details On 14 November 2022, at 22:52, a series of emails were sent to the AEC’s eight IEPP mailboxes, from the falsified email address support[@]aec.gov.au, with the subject ‘[email address] have 12 Pending incoming emails’. The list of recipients is as follows: • • • • • • • • indigenous@aec.gov.au indigenous-sa@aec.gov.au indigenous-wa@aec.gov.au indigenous-vic@aec.gov.au indigenous-tas@aec.gov.au indigenous-qld@aec.gov.au indigenous-nt@aec.gov.au indigenous-nsw@aec.gov.au Thanks, Deputy ITSA Cyber Security & Assurance Section | Electoral Integrity & Communications Branch Australian Electoral Commission 2 s47Fs47Fs47Es47E --- Page 3 --- From: EIAT <EIAT@aec.gov.au> Sent: Friday, 18 November 2022 2:35 PM To: Andrew Brooks Cc: ; Julie Igglesden Subject: FW: INC11744 summary - AEC spear phishing campaign [SEC=OFFICIAL:Sensitive] Hi Andrew I think may have discussed this with you. Are you supportive if we notify EIAT members of this incident? The benefit would be to ensure EIAT members remain alert to the threats in the referendum environment and particularly reinforce that it is not necessarily a lower cyber threat environment compared to a federal election. We would propose sharing the incident summary below (happy if you have a more recent version) and introduce it along the lines below so as not to alarm anyone or otherwise imply that the AEC was compromised. Dear EIAT members For your information and awareness, we would like to bring to your attention a recent ‘spear phishing’ attempt at the AEC. The incident summary is below. AEC systems were not compromised in anyway. The attempt appears targeted and somewhat sophisticated. It is possible it relates to the proposed referendum given the targeting of AEC’s Indigenous Electoral Participation Program mailboxes. It is a reminder that the cyber threat environment for the proposed referendum is unlikely to be lower than for a federal election. Grateful for your thoughts. Regards | Assistant Director Defending Democracy Unit | Electoral Integrity and Communications Branch Australian Electoral Commission 3 s47Fs47Fs47Fs47Fs47Fs47Fs47Fs47E --- Page 4 --- From: Andrew Brooks Sent: Thursday, 17 November 2022 11:14 AM To: John Forrest ; Brian Foo Julie Igglesden >; Toby Wright Subject: INC11744 summary - AEC spear phishing campaign [SEC=OFFICIAL:Sensitive] Good Morning Please refer below for a high level summary that consolidates yesterday’s incident response so we are all on the same page as to what happened including the resulting mitigation actions. While the incident has now been closed from a response perspective, . The nature of the targeted phishing campaign and the resulting incident response may make an excellent case study for broader awareness activities in the future. Let me know if additional information is required and note we’ve purposely left the more technical details out of this summary. Regards Andrew Andrew Brooks | Director (ITSA) Cyber Security & Assurance Section | Electoral Integrity and Communications Branch Australian Electoral Commission INC11744 summary - AEC spear phishing campaign Email details On 14 November 2022, at 22:52, a series of emails were sent to the AEC’s eight IEPP mailboxes, from the falsified email address support[@]aec.gov.au, with the subject ‘[email address] have 12 Pending incoming emails’. The list of recipients is as follows: • • • • • • • • indigenous@aec.gov.au indigenous-sa@aec.gov.au indigenous-wa@aec.gov.au indigenous-vic@aec.gov.au indigenous-tas@aec.gov.au indigenous-qld@aec.gov.au indigenous-nt@aec.gov.au indigenous-nsw@aec.gov.au 4 s47Fs47Fs47Fs47Fs47Fs47Fs47Es47E --- Page 5 --- 5 s47Es47Es47Es47Es47Es47Es47E --- Page 6 --- . 6 s47Es47E
Document 18 - MH TPs - EIAT Board Meeting - 7 December 2022 (A2336504)_Redacted.pdf (pdf)
Download file--- Page 1 --- OFFICIAL: SENSITIVE AGENDA Date: 7 December 2022 Time: 1:30pm – 3:30pm Electoral Integrity Assurance Taskforce Board Location: Ben Chifley Building, 70 Constitution Avenue, Parkes ACT 2600 Agenda items NO. DESCRIPTION ping 1 2 3 4 5 6 OFFICIAL: SENSITIVE s47Fs47Fs47Fs22s22s22s22s22s22 --- Page 2 --- NO. DESCRIPTION [ . 1 s22s22s22 --- Page 3 --- NO. DESCRIPTION 2 s22s22s22 --- Page 4 --- NO. DESCRIPTION Phishing attempt against the AEC • There was a recent ‘spear phishing’ email campaign against the AEC. • Up front: AEC systems were not compromised in any way and was managed internally. We also engaged the ACSC and continue to liaise with them. • • On 14 November 2022, a series of emails were sent to the AEC’s eight Indigenous Electoral Participation Program mailboxes, from the falsified email address support[@]aec.gov.au, with the subject ‘[email address] have 12 Pending incoming emails’. • • . . • We are sharing this with the EIAT on the basis that despite being contained by the AEC, the campaign appears targeted and somewhat sophisticated. • It is also a reminder the cyber threat environment for the proposed referendum is unlikely to be lower than for a federal election. . 3 s22s47Es47Es47Es47Es47E --- Page 5 --- NO. DESCRIPTION • • 7 8 9 Close • Next meeting 4 s22s22s22s47Es47Es47E
Document 19 - RE_ For awareness_ AEC spear phishing campaign _SEC_OFFICIAL_Sensitive__Redacted.pdf (pdf)
Download file--- Page 1 --- From: Sent: To: Subject: Great, thanks Jeff Pope Monday, 5 December 2022 5:34 PM EIAT RE: For awareness: AEC spear phishing campaign [SEC=OFFICIAL:Sensitive] Jeff Pope | Deputy Electoral Commissioner Executive Leadership Team Australian Electoral Commission From: EIAT <EIAT@aec.gov.au> Sent: Monday, 5 December 2022 5:13 PM To: Jeff Pope Cc: EIAT <EIAT@aec.gov.au> Subject: FW: For awareness: AEC spear phishing campaign [SEC=OFFICIAL:Sensitive] Hi Jeff Providing for your information below as we shared this with our Taskforce colleagues. Matt will provide a high level update at the Board meeting on Wednesday as part of his EIAT agenda item. Just liaising with on a couple of your agenda items and then I will provide your talking points as well. Kind regards | Assistant Director Defending Democracy Unit | Electoral Integrity and Communications Branch Australian Electoral Commission From: EIAT <EIAT@aec.gov.au> Sent: Thursday, 1 December 2022 3:28 PM To: 1 s47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47F --- Page 2 --- Subject: For awareness: AEC spear phishing campaign [SEC=OFFICIAL:Sensitive] Good afternoon EIAT members For your information and awareness, we would like to bring to your attention a recent ‘spear phishing’ email campaign at the AEC. The detail of these emails is below. AEC systems were not compromised in any way. We believe this is worthwhile sharing with the EIAT on the basis that despite being contained by the AEC, the campaign appears targeted and somewhat sophisticated. It is possible it relates to the proposed referendum given the targeting of AEC’s Indigenous Electoral Participation Program mailboxes. It is a reminder that the cyber threat environment for the proposed referendum is unlikely to be lower than for a federal election. Email details On 14 November 2022, at 22:52, a series of emails were sent to the AEC’s eight IEPP mailboxes, from the falsified email address support[@]aec.gov.au, with the subject ‘[email address] have 12 Pending incoming emails’. The list of recipients is as follows: • • • • • • • • indigenous@aec.gov.au indigenous-sa@aec.gov.au indigenous-wa@aec.gov.au indigenous-vic@aec.gov.au indigenous-tas@aec.gov.au indigenous-qld@aec.gov.au indigenous-nt@aec.gov.au indigenous-nsw@aec.gov.au 2 s47Fs47Es47E --- Page 3 --- Thanks, | Project Officer Defending Democracy Unit | Electoral Integrity and Communications Branch Australian Electoral Commission 3 s47Fs47Fs47E
Document 2 - FW_ Phishing email targeting indigenous inboxes _SEC_OFFICIAL_Sensitive_(1)_Redacted.pdf (pdf)
Download file--- Page 1 --- From: Sent: To: Subject: Andrew Brooks Thursday, 17 November 2022 9:36 AM Matthew Haigh; FW: Phishing email targeting indigenous inboxes [SEC=OFFICIAL:Sensitive] It all happens while you are away it seems Andrew Brooks | Director (ITSA) Cyber Security & Assurance Section | Electoral Integrity and Communications Branch Australian Electoral Commission From: Andrew Brooks Sent: Thursday, 17 November 2022 9:34 AM To: Cc: Subject: RE: Phishing email targeting indigenous inboxes [SEC=OFFICIAL:Sensitive] Toby Wright ; Brian Foo security systems and hold privilege access to ensure that we take due caution when carry out our duties. , I’ll take this as a lesson for all of us who manage Regards Andrew Andrew Brooks | Director (ITSA) Cyber Security & Assurance Section | Electoral Integrity and Communications Branch Australian Electoral Commission 1 s47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Es47Es47Es47E --- Page 2 --- From: Sent: Wednesday, 16 November 2022 11:30 AM To: Cc: Andrew Brooks Subject: RE: Phishing email targeting indigenous inboxes [SEC=OFFICIAL] Hi Sure. Cyber Security . Please let me know if you need any further information. Regards | Infrastructure Engineer IT Infrastructure | Information, Communication and Technology Branch Australian Electoral Commission From: Sent: Wednesday, 16 November 2022 11:09 AM To: Subject: FW: Phishing email targeting indigenous inboxes [SEC=OFFICIAL] Hi Can you please provide explanation on the below? Kind Regards, | Assistant Director IT Infrastructure IT Infrastructure | Digital Technology Branch Australian Electoral Commission 2 s47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Es47E --- Page 3 --- --- Page 4 --- From: Sent: Wednesday, 16 November 2022 9:40 AM To: Subject: Phishing email targeting indigenous inboxes [SEC=OFFICIAL] Andrew Brooks Hi Andrew and from the Victorian State Office notified us yesterday evening at 6.19pm about a suspicious email. After initial investigations (starting at 8.15am this morning) this appears to be a phishing campaign sent to 8 Indigenous AEC email accounts: indigenous@aec.gov.au indigenous-sa@aec.gov.au indigenous-wa@aec.gov.au indigenous-vic@aec.gov.au indigenous-tas@aec.gov.au indigenous-qld@aec.gov.au indigenous-nt@aec.gov.au indigenous-nsw@aec.gov.au Using the subject line: [recipient email address] have 12 Pending incoming emails 4 s47Fs47Fs47Fs47Fs47Fs47E --- Page 5 --- --- Page 6 --- | Cyber Security Analyst Cyber Security & Assurance Section | Electoral Integrity and Communications Branch Australian Electoral Commission 6 s47Fs47F
Document 20 - RE_ INC11744 summary - AEC spear phishing campaign _SEC_OFFICIAL_Sensitive__Redacted.pdf (pdf)
Download file--- Page 1 --- EIAT <EIAT@aec.gov.au> Wednesday, 21 December 2022 5:26 PM EIAT ; Andrew Brooks RE: INC11744 summary - AEC spear phishing campaign [SEC=OFFICIAL:Sensitive] From: Sent: To: Cc: Subject: Thanks, Kind regards | Assistant Director Defending Democracy Unit | Electoral Integrity and Communications Branch Australian Electoral Commission From: Sent: Wednesday, 21 December 2022 2:43 PM To: EIAT <EIAT@aec.gov.au> Cc: Subject: RE: INC11744 summary - AEC spear phishing campaign [SEC=OFFICIAL:Sensitive] Andrew Brooks Hi This disappeared Thanks, Deputy ITSA Cyber Security & Assurance Section | Electoral Integrity & Communications Branch Australian Electoral Commission From: EIAT <EIAT@aec.gov.au> Sent: Wednesday, 21 December 2022 9:52 AM To: Cc: Subject: RE: INC11744 summary - AEC spear phishing campaign [SEC=OFFICIAL:Sensitive] EIAT <EIAT@aec.gov.au>; Andrew Brooks 1 s47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Es47Es47E --- Page 2 --- Hi Michael and Kath are seeking an update to the below campaign and any further analysis/findings by the AEC I imagine you might have already reported on this via other avenues so hopeful you may be able to share further information. Anything I provide to Michael and Kath will be cleared by Matt. Happy to discuss! Kind regards | Assistant Director Defending Democracy Unit | Electoral Integrity and Communications Branch Australian Electoral Commission From: Kyle Sterland Sent: Thursday, 1 December 2022 9:50 AM To: EIAT <EIAT@aec.gov.au>; Andrew Brooks Cc: ; Julie Igglesden ; Subject: RE: INC11744 summary - AEC spear phishing campaign [SEC=OFFICIAL:Sensitive] Hi Andrew has now approved a revised version of this being shared with EIAT, as below. We’ve further modified this to strengthen the emphasis there was no compromise, and removed unnecessary detail about the AEC’s internal response. It is primarily the targeted nature of the content that should be relevant for EIAT’s purposes. Dear EIAT members For your information and awareness, we would like to bring to your attention a recent ‘spear phishing’ email campaign at the AEC. The detail of these emails is below. AEC systems were not compromised in any way. We believe this is worthwhile sharing with the EIAT on the basis that despite being contained by the AEC, the campaign appears targeted and somewhat sophisticated. It is possible it relates to the proposed referendum given the targeting of AEC’s Indigenous Electoral Participation Program mailboxes. It is a reminder that the cyber threat environment for the proposed referendum is unlikely to be lower than for a federal election. Email details On 14 November 2022, at 22:52, a series of emails were sent to the AEC’s eight IEPP mailboxes, from the falsified email address support[@]aec.gov.au, with the subject ‘[email address] have 12 Pending incoming emails’. The list of recipients is as follows: 2 s47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Es47E --- Page 3 --- • • • • • • • • indigenous@aec.gov.au indigenous-sa@aec.gov.au indigenous-wa@aec.gov.au indigenous-vic@aec.gov.au indigenous-tas@aec.gov.au indigenous-qld@aec.gov.au indigenous-nt@aec.gov.au indigenous-nsw@aec.gov.au Thanks, | Deputy ITSA Cyber Security & Assurance Section | Electoral Integrity & Communications Branch Australian Electoral Commission 3 s47Fs47Fs47Es47E --- Page 4 --- From: EIAT <EIAT@aec.gov.au> Sent: Friday, 18 November 2022 2:35 PM To: Andrew Brooks Cc: ; Julie Igglesden Subject: FW: INC11744 summary - AEC spear phishing campaign [SEC=OFFICIAL:Sensitive] Hi Andrew I think may have discussed this with you. Are you supportive if we notify EIAT members of this incident? The benefit would be to ensure EIAT members remain alert to the threats in the referendum environment and particularly reinforce that it is not necessarily a lower cyber threat environment compared to a federal election. We would propose sharing the incident summary below (happy if you have a more recent version) and introduce it along the lines below so as not to alarm anyone or otherwise imply that the AEC was compromised. Dear EIAT members For your information and awareness, we would like to bring to your attention a recent ‘spear phishing’ attempt at the AEC. The incident summary is below. AEC systems were not compromised in anyway. The attempt appears targeted and somewhat sophisticated. It is possible it relates to the proposed referendum given the targeting of AEC’s Indigenous Electoral Participation Program mailboxes. It is a reminder that the cyber threat environment for the proposed referendum is unlikely to be lower than for a federal election. Grateful for your thoughts. Regards | Assistant Director Defending Democracy Unit | Electoral Integrity and Communications Branch Australian Electoral Commission From: Andrew Brooks Sent: Thursday, 17 November 2022 11:14 AM To: John Forrest ; Brian Foo ; Julie Igglesden Toby Wright Subject: INC11744 summary - AEC spear phishing campaign [SEC=OFFICIAL:Sensitive] Good Morning 4 s47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47E --- Page 5 --- Please refer below for a high level summary that consolidates yesterday’s incident response so we are all on the same page as to what happened including the resulting mitigation actions. While the incident has now been closed from a response perspective, . The nature of the targeted phishing campaign and the resulting incident response may make an excellent case study for broader awareness activities in the future. Let me know if additional information is required and note we’ve purposely left the more technical details out of this summary. Regards Andrew Andrew Brooks | Director (ITSA) Cyber Security & Assurance Section | Electoral Integrity and Communications Branch Australian Electoral Commission INC11744 summary - AEC spear phishing campaign Email details On 14 November 2022, at 22:52, a series of emails were sent to the AEC’s eight IEPP mailboxes, from the falsified email address support[@]aec.gov.au, with the subject ‘[email address] have 12 Pending incoming emails’. The list of recipients is as follows: • • • • • • • • indigenous@aec.gov.au indigenous-sa@aec.gov.au indigenous-wa@aec.gov.au indigenous-vic@aec.gov.au indigenous-tas@aec.gov.au indigenous-qld@aec.gov.au indigenous-nt@aec.gov.au indigenous-nsw@aec.gov.au 5 s47Fs47Es47E --- Page 6 --- . 6 s47Es47Es47Es47E --- Page 7 --- 7 s47Es47E
Document 3 - FW_ Phishing email targeting indigenous inboxes _SEC_OFFICIAL_Sensitive__Redacted.pdf (pdf)
Download file--- Page 1 --- From: Sent: To: Subject: Andrew Brooks Thursday, 17 November 2022 11:14 AM Cyber Security FW: Phishing email targeting indigenous inboxes [SEC=OFFICIAL:Sensitive] Andrew Brooks | Director (ITSA) Cyber Security & Assurance Section | Electoral Integrity and Communications Branch Australian Electoral Commission From: Toby Wright Sent: Thursday, 17 November 2022 10:58 AM To: Andrew Brooks Cc: < Subject: RE: Phishing email targeting indigenous inboxes [SEC=OFFICIAL:Sensitive] Brian Foo Thanks Andrew, and accidents happen and like Andrew says let’s take it as a lesson. Regards Toby From: Andrew Brooks Sent: Thursday, 17 November 2022 9:34 AM To: Cc: Subject: RE: Phishing email targeting indigenous inboxes [SEC=OFFICIAL:Sensitive] Toby Wright ; Brian Foo . 1 s47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Es47Es47E --- Page 2 --- --- Page 3 --- From: Sent: Wednesday, 16 November 2022 11:09 AM To: Subject: FW: Phishing email targeting indigenous inboxes [SEC=OFFICIAL] Hi Can you please provide explanation on the below? Kind Regards, | Assistant Director IT Infrastructure IT Infrastructure | Digital Technology Branch Australian Electoral Commission From: Sent: Wednesday, 16 November 2022 10:31 AM To: Cc: Andrew Brooks ; H Subject: FW: Phishing email targeting indigenous inboxes [SEC=OFFICIAL] Hi Cyber Security Can you please confirm why released these? 3 s47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47E --- Page 4 --- --- Page 5 --- indigenous-vic@aec.gov.au indigenous-tas@aec.gov.au indigenous-qld@aec.gov.au indigenous-nt@aec.gov.au indigenous-nsw@aec.gov.au Using the subject line: [recipient email address] have 12 Pending incoming emails 5 s47Es47Es47E --- Page 6 ---
Document 4 - RE_ INC11744 summary - AEC spear phishing campaign _SEC_OFFICIAL_Sensitive_(1)_Redacted.pdf (pdf)
Download file--- Page 1 --- From: Sent: To: Cc: Subject: Andrew Brooks Wednesday, 30 November 2022 3:36 PM RE: INC11744 summary - AEC spear phishing campaign [SEC=OFFICIAL:Sensitive] I’m ok with the revised wording if you want to get back to EIAT and cc me in Andrew Brooks | Director (ITSA) Cyber Security & Assurance Section | Electoral Integrity and Communications Branch Australian Electoral Commission From: Sent: Wednesday, 30 November 2022 3:33 PM To: Andrew Brooks Cc: Subject: RE: INC11744 summary - AEC spear phishing campaign [SEC=OFFICIAL:Sensitive] Please see below | Deputy ITSA Cyber Security & Assurance Section | Electoral Integrity & Communications Branch Australian Electoral Commission From: Sent: Monday, 21 November 2022 1:24 PM To: Andrew Brooks Cc: Subject: RE: INC11744 summary - AEC spear phishing campaign [SEC=OFFICIAL:Sensitive] Are you happy to share this with EIAT? I’ve edited their proposed wording and cut out a lot of the summary, below: Dear EIAT members For your information and awareness, we would like to bring to your attention a recent ‘spear phishing’ email campaign at the AEC. The detail of these emails is below. 1 s47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47F --- Page 2 --- AEC systems were not compromised in any way. We believe this is worthwhile sharing with the EIAT on the basis that despite being contained by the AEC, the campaign appears targeted and somewhat sophisticated. It is possible it relates to the proposed referendum given the targeting of AEC’s Indigenous Electoral Participation Program mailboxes. It is a reminder that the cyber threat environment for the proposed referendum is unlikely to be lower than for a federal election. Email details On 14 November 2022, at 22:52, a series of emails were sent to the AEC’s eight IEPP mailboxes, from the falsified email address support[@]aec.gov.au, with the subject ‘[email address] have 12 Pending incoming emails’. The list of recipients is as follows: indigenous@aec.gov.au indigenous-sa@aec.gov.au indigenous-wa@aec.gov.au indigenous-vic@aec.gov.au indigenous-tas@aec.gov.au indigenous-qld@aec.gov.au indigenous-nt@aec.gov.au indigenous-nsw@aec.gov.au 2 s47Es47Es47E --- Page 3 --- | Deputy ITSA Cyber Security & Assurance Section | Electoral Integrity & Communications Branch Australian Electoral Commission From: EIAT <EIAT@aec.gov.au> Sent: Friday, 18 November 2022 2:35 PM To: Andrew Brooks < Cc: Julie Igglesden Subject: FW: INC11744 summary - AEC spear phishing campaign [SEC=OFFICIAL:Sensitive] Hi Andrew I think may have discussed this with you. Are you supportive if we notify EIAT members of this incident? The benefit would be to ensure EIAT members remain alert to the threats in the referendum environment and particularly reinforce that it is not necessarily a lower cyber threat environment compared to a federal election. We would propose sharing the incident summary below (happy if you have a more recent version) and introduce it along the lines below so as not to alarm anyone or otherwise imply that the AEC was compromised. Dear EIAT members For your information and awareness, we would like to bring to your attention a recent ‘spear phishing’ attempt at the AEC. The incident summary is below. AEC systems were not compromised in anyway. The attempt appears targeted and somewhat sophisticated. It is possible it relates to the proposed referendum given the targeting of AEC’s Indigenous Electoral Participation Program mailboxes. It is a reminder that the cyber threat environment for the proposed referendum is unlikely to be lower than for a federal election. Grateful for your thoughts. Regards | Assistant Director Defending Democracy Unit | Electoral Integrity and Communications Branch Australian Electoral Commission 3 s47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47E --- Page 4 --- From: Andrew Brooks Sent: Thursday, 17 November 2022 11:14 AM To: John Forrest Brian Foo Julie Igglesden Toby Wright Subject: INC11744 summary - AEC spear phishing campaign [SEC=OFFICIAL:Sensitive] Good Morning Please refer below for a high level summary that consolidates yesterday’s incident response so we are all on the same page as to what happened including the resulting mitigation actions. While the incident has now been closed from a response perspective, . The nature of the targeted phishing campaign and the resulting incident response may make an excellent case study for broader awareness activities in the future. Let me know if additional information is required and note we’ve purposely left the more technical details out of this summary. Regards Andrew Andrew Brooks | Director (ITSA) Cyber Security & Assurance Section | Electoral Integrity and Communications Branch Australian Electoral Commission INC11744 summary - AEC spear phishing campaign Email details On 14 November 2022, at 22:52, a series of emails were sent to the AEC’s eight IEPP mailboxes, from the falsified email address support[@]aec.gov.au, with the subject ‘[email address] have 12 Pending incoming emails’. The list of recipients is as follows: indigenous@aec.gov.au indigenous-sa@aec.gov.au indigenous-wa@aec.gov.au indigenous-vic@aec.gov.au indigenous-tas@aec.gov.au indigenous-qld@aec.gov.au indigenous-nt@aec.gov.au 4 s47Fs47Fs47Fs47Fs47Fs47Fs47E --- Page 5 --- --- Page 6 --- 6 s47Es47E
Document 5 - RE_ INC11744 summary - AEC spear phishing campaign _SEC_OFFICIAL_Sensitive__Redacted.pdf (pdf)
Download file--- Page 1 --- From: Sent: To: Cc: Subject: Hi EIAT Wednesday, 21 December 2022 9:52 AM EIAT; Andrew Brooks RE: INC11744 summary - AEC spear phishing campaign [SEC=OFFICIAL:Sensitive] Michael and Kath are seeking an update to the below campaign and any further analysis/findings by the AEC I imagine you might have already reported on this via other avenues so hopeful you may be able to share further information. Anything I provide to Michael and Kath will be cleared by Matt. Happy to discuss! Kind regards | Assistant Director Defending Democracy Unit | Electoral Integrity and Communications Branch Australian Electoral Commission From: Sent: Thursday, 1 December 2022 9:50 AM To: EIAT <EIAT@aec.gov.au>; Andrew Brooks Cc: Julie Igglesden Anastasia Batten Subject: RE: INC11744 summary - AEC spear phishing campaign [SEC=OFFICIAL:Sensitive] Hi Andrew has now approved a revised version of this being shared with EIAT, as below. We’ve further modified this to strengthen the emphasis there was no compromise, and removed unnecessary detail about the AEC’s internal response. It is primarily the targeted nature of the content that should be relevant for EIAT’s purposes. Dear EIAT members For your information and awareness, we would like to bring to your attention a recent ‘spear phishing’ email campaign at the AEC. The detail of these emails is below. AEC systems were not compromised in any way. We believe this is worthwhile sharing with the EIAT on the basis that despite being contained by the AEC, the campaign appears targeted and somewhat sophisticated. It is possible it relates to the proposed referendum given the targeting of AEC’s Indigenous Electoral Participation Program mailboxes. 1 s47Es47Es47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47F --- Page 2 --- It is a reminder that the cyber threat environment for the proposed referendum is unlikely to be lower than for a federal election. Email details On 14 November 2022, at 22:52, a series of emails were sent to the AEC’s eight IEPP mailboxes, from the falsified email address support[@]aec.gov.au, with the subject ‘[email address] have 12 Pending incoming emails’. The list of recipients is as follows: indigenous@aec.gov.au indigenous-sa@aec.gov.au indigenous-wa@aec.gov.au indigenous-vic@aec.gov.au indigenous-tas@aec.gov.au indigenous-qld@aec.gov.au indigenous-nt@aec.gov.au indigenous-nsw@aec.gov.au Thanks, | Deputy ITSA Cyber Security & Assurance Section | Electoral Integrity & Communications Branch 2 s47Es47Es47F --- Page 3 --- Australian Electoral Commission From: EIAT <EIAT@aec.gov.au> Sent: Friday, 18 November 2022 2:35 PM To: Andrew Brooks Cc: Julie Igglesden Subject: FW: INC11744 summary - AEC spear phishing campaign [SEC=OFFICIAL:Sensitive] Hi Andrew I think may have discussed this with you. Are you supportive if we notify EIAT members of this incident? The benefit would be to ensure EIAT members remain alert to the threats in the referendum environment and particularly reinforce that it is not necessarily a lower cyber threat environment compared to a federal election. We would propose sharing the incident summary below (happy if you have a more recent version) and introduce it along the lines below so as not to alarm anyone or otherwise imply that the AEC was compromised. Dear EIAT members For your information and awareness, we would like to bring to your attention a recent ‘spear phishing’ attempt at the AEC. The incident summary is below. AEC systems were not compromised in anyway. The attempt appears targeted and somewhat sophisticated. It is possible it relates to the proposed referendum given the targeting of AEC’s Indigenous Electoral Participation Program mailboxes. It is a reminder that the cyber threat environment for the proposed referendum is unlikely to be lower than for a federal election. Grateful for your thoughts. Regards | Assistant Director Defending Democracy Unit | Electoral Integrity and Communications Branch Australian Electoral Commission 3 s47Es47Fs47Fs47Fs47Fs47Fs47Fs47Fs47F --- Page 4 --- From: Andrew Brooks Sent: Thursday, 17 November 2022 11:14 AM To: John Forrest Brian Foo ; Julie Igglesden Toby Wright Subject: INC11744 summary - AEC spear phishing campaign [SEC=OFFICIAL:Sensitive] Good Morning Please refer below for a high level summary that consolidates yesterday’s incident response so we are all on the same page as to what happened including the resulting mitigation actions. While the incident has now been closed from a response perspective, The nature of the targeted phishing campaign and the resulting incident response may make an excellent case study for broader awareness activities in the future. Let me know if additional information is required and note we’ve purposely left the more technical details out of this summary. Regards Andrew Andrew Brooks | Director (ITSA) Cyber Security & Assurance Section | Electoral Integrity and Communications Branch Australian Electoral Commission INC11744 summary - AEC spear phishing campaign Email details On 14 November 2022, at 22:52, a series of emails were sent to the AEC’s eight IEPP mailboxes, from the falsified email address support[@]aec.gov.au, with the subject ‘[email address] have 12 Pending incoming emails’. The list of recipients is as follows: indigenous@aec.gov.au indigenous-sa@aec.gov.au indigenous-wa@aec.gov.au indigenous-vic@aec.gov.au indigenous-tas@aec.gov.au indigenous-qld@aec.gov.au indigenous-nt@aec.gov.au indigenous-nsw@aec.gov.au 4 s47Es47Es47Fs47Fs47Fs47Fs47Fs47F --- Page 5 --- 5 s47Es47Es47Es47E --- Page 6 --- 6 s47Es47E
Document 6 - RE_ indigenous-tas@aec_gov_au have 12 Pending incoming emails _SEC_OFFICIAL_Redacted.pdf (pdf)
Download file--- Page 1 --- From: Sent: To: Subject: Hi Cyber Security Wednesday, 16 November 2022 8:36 AM State Office - VIC/TAS RE: indigenous-tas@aec.gov.au have 12 Pending incoming emails [SEC=OFFICIAL] Thank you for reporting these emails. I can confirm these are phishing emails, containing malicious links. Please delete them and continue to report suspicious emails to the Cyber Security team. Kind regards, | Cyber Security Analyst Cyber Security & Assurance Section | Electoral Integrity and Communications Branch Australian Electoral Commission From: State Office - VIC/TAS <StateOffice-VIC.TAS@aec.gov.au> Sent: Tuesday, 15 November 2022 6:19 PM To: Cyber Security Subject: FW: indigenous-tas@aec.gov.au have 12 Pending incoming emails [SEC=OFFICIAL] Hi Cyber Security, This email and the attached email looks suspicious. Please note I do not have access to the IEPP-TAS@aec.gov.au inbox. It is set up to forward to the stateoffice-vic.tas@aec.gov.au. Kind Regards, | Project Officer OPC Management and Property | VIC State Office Australian Electoral Commission The AEC acknowledges the Traditional Owners of country throughout Australia and recognises their continuing connection to land, waters, culture and community. We pay our respects to Elders past, present and emerging. 1 s47Fs47Fs47Fs47Fs47Fs47Fs47Fs47F --- Page 2 --- From: aec.gov.au Server Support <support@aec.gov.au> Sent: Monday, 14 November 2022 10:52 PM To: AEC IEPP - TAS <IEPP-TAS@aec.gov.au> Subject: indigenous-tas@aec.gov.au have 12 Pending incoming emails Hello indigenous-tas, You have pending incoming emails that you haven't received yet.. access to (indigenous-tas@aec.gov.au) will be restricted until you confirm ownership. indigenous-tas@aec.gov.au This link will only be for Confirm account now Note: access to indigenous-tas@aec.gov.au will be restricted within 48 ( forty-eight) working hours. Greetings aec.gov.au Support team 2
Document 7 - RE_ Phishing email targeting indigenous inboxes _SEC_OFFICIAL_Sensitive__Redacted.pdf (pdf)
Download file--- Page 1 --- From: Sent: To: Subject: Hi Andrew and Wednesday, 16 November 2022 2:20 PM Andrew Brooks; RE: Phishing email targeting indigenous inboxes [SEC=OFFICIAL] Of note, this article, outlines that IPFS content is difficult to take down: “To be sure to have this fraudulent content taken down, it takes more effort than usual for cyberdefenders. They need to reach all the gateways that lead to the file and ask for removal of the content from their cache.” Kind regards, | Cyber Security Analyst Cyber Security & Assurance Section | Electoral Integrity and Communications Branch Australian Electoral Commission 1 s47Fs47Fs47Fs47Fs47Fs47Fs47Es47Es47Es47Es47Es47E --- Page 2 --- From: Sent: Wednesday, 16 November 2022 9:54 AM To: Subject: RE: Phishing email targeting indigenous inboxes [SEC=OFFICIAL] Andrew Brooks Also, example of this phishing email attached. Kind regards, | Cyber Security Analyst Cyber Security & Assurance Section | Electoral Integrity and Communications Branch Australian Electoral Commission From: Sent: Wednesday, 16 November 2022 9:45 AM To: Subject: RE: Phishing email targeting indigenous inboxes [SEC=OFFICIAL] Andrew Brooks Incident number registered: 11744 Kind regards, | Cyber Security Analyst Cyber Security & Assurance Section | Electoral Integrity and Communications Branch Australian Electoral Commission From: Sent: Wednesday, 16 November 2022 9:40 AM To: Subject: Phishing email targeting indigenous inboxes [SEC=OFFICIAL] Andrew Brooks Hi Andrew and from the Victorian State Office notified us yesterday evening at 6.19pm about a suspicious email. After initial investigations (starting at 8.15am this morning) this appears to be a phishing campaign sent to 8 Indigenous AEC email accounts: indigenous@aec.gov.au indigenous-sa@aec.gov.au indigenous-wa@aec.gov.au 2 s47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47Fs47F --- Page 3 --- --- Page 4 ---