As Australia reels under sustained cyber attacks following increased Chinese diplomatic hostility, the country's Lion brewery and dairy conglomerate has been hit for the second time.
The Sydney Morning Herald reported that Lion told its staff today "it had been hit by a second cyber attack that had further disrupted its IT systems."
"The company is now focusing on defence efforts over restoration from the previous attack, its chief executive officer Stuart Irvine told employees during the briefing," said the newspaper, citing a source who had listened to the call.
The second attack was "anticipated" and Lion's IT security bods of choice, Accenture, are said to be dealing with it. Earlier today Prime Minister Scott Morrison declared that Australia's public sector was under attack – and while he didn't identify who was responsible, weeks of Chinese diplomatic belligerence means the world is already pointing fingers.
As we reported this morning, China "recently took offence at Australia's call for an international inquiry into the source of the COVID-19 pandemic and appears to have retaliated with new trade disputes and advice that its citizens should not visit Australia as tourists or students," in a tit-for-tat move.
Matt Lawrence, director of detection and response at threat intel biz F-Secure, opined in a canned comment that blaming China is unwise without further evidence: "Some are pointing the finger at China for these cyber attacks and, while we have seen some Chinese APT groups ramping up their attacks, we wait to see if evidence is released publicly that confirms they are directly targeting Australia. Although it's reasonable to assume that such a country is being targeted by a range of cyber criminals and state-sponsored threat actors, it's dangerous to speculate further without appropriate evidence and threat intelligence."
Last week, ransomware criminals (which El Reg can confirm were the REvil gang) targeted Lion, causing chaos for the entire company.
At the time a company spokeswoman said: "Our IT teams and expert cyber advisors are working around the clock, investigating the issue and assessing how long the impacts will continue. Our focus is on bringing systems back online safely so we can resume our business as usual manufacturing, and customer services. This is taking some time, but it is necessary that we work through this properly."
The firm refused to comment on reports of an $800,000 equivalent ransomware demand, made in the Monero cryptocurrency. ®