“The cyberattack was not a casual crime of opportunity,” Rosmarin said. “The skilled criminal had knowledge of Optus’ systems and cycled through many tens of thousands of internet protocol addresses in an attempt to evade our automated cyber monitoring.”
In September,Optus’ systems were breached inone of the largest cyberattacks in Australian history,accessing names,dates of birth,phone numbers,email addresses,physical addresses and driver’s licence numbers of millions of the telecommunications giant’s customers.
Optus and the federal government were at loggerheads at the time over the nature of the attack,with Home Affairs Minister Clare O’Neil suggesting the attack was a very simple one. “What is of concern for us is how what is quite a basic hack was undertaken on Optus,” she told the ABC last year.
Loading
Rosmarin said Optus refused to pay a ransom to the hacker and that the initial motive of the attack was likely to be the extraction of data for other scam purposes.
“We never paid a ransom,” Rosmarin said. “You can’t assume the hacker was actually planning to do a ransom in the first place. It looks like a bit of an odd attempt. The most likely scenarios were SIM swaps and phishing,which was shut down by going public so quickly.”
The Optus boss also admitted the telco had lost customers immediately after the hack.