‘State actor’ possibly behind Nine Network cyber attack


Share on facebook
Share on twitter
Share on linkedin

Possibly the largest cyber attack on a media company in Australia’s history

Nine Entertainment’s broadcast and corporate business units were disrupted by a “cyber attack” early on Sunday morning, with the effects still being felt.

A “state actor” is the likely culprit behind the crippling cyber attack on the Nine Network, one geopolitical security expert has already said.

The Network is at the centre of possibly the largest cyber attack on a media company in Australia’s history, which brought network’s news production systems around the country to a grinding halt for more than 24 hours.

Major Australian law firm Allens, the Reserve Bank of New Zealand and the Australian Securities and Investment Commission are among other companies to be hit by the attacks, which are part of a spate of new threat activity.

Fergus Hanson, of the Australian Strategic Policy Institute, told the Network’s Today show that the fact ransomware was used but no ransom demanded pointed to a government behind the incident.

The company, which operates free-to-air stations such as Channel 9, confirmed the attack on Sunday evening, after earlier refusing to confirm or deny it had been hit.

The attack has taken down computer systems at Nine Sydney, which is located in North Sydney.

Reuters earlier reported that the company was trying to get its 6pm news bulletin done in Melbourne using a server that had not been compromised.

Earlier live broadcasts from Sydney were cancelled through the morning and replaced with either pre-recorded or interstate content, something unprecedented in recent memory.

Nine said its email systems did not appear to be impacted by the attack.

The Sydney Morning Heraldwhich is owned by Nine, reported the infection as “some kind of ransomware” attack, albeit using a malware strain or method not previously seen in Australia.

The infection is believed to be ransomware and impacted several thousand machines.

As at the time of this article, no group has claimed responsibility nor posted a ransom demand.

Investigators from the Australian Cyber Security Centre have been called in to investigate further and assist with the company’s recovery efforts.

A tweet by the Nine News twitter channel indicated that the company was also suspicious of potential state-actor intervention, making it the latest intriguing chapter in state-based threat actors’ activities in Australia.

A tweet by the Nine News account
Ahmed Khanji

Ahmed Khanji

Ahmed Khanji is the CEO of Gridware, a leading cybersecurity consultancy based in Sydney, Australia. An emerging thought leader in cybersecurity, Ahmed is an Adjunct Professor at Western Sydney University and regularly contributes to cybersecurity conversations in Australia. As well as his extensive background as a security advisor to large Australian enterprises, he is a regular keynote speaker and guest lecturer on offensive cybersecurity topics and blockchain.


Sydney Offices
Level 12, Suite 6
189 Kent Street
Sydney NSW 2000
1300 211 235

Melbourne Offices
Level 13, 114 William Street
Melbourne, VIC 3000
1300 211 235

Perth Offices
Level 32, 152 St Georges Terrace
Perth WA 6000
1300 211 235

Emergency Assistance

Under Attack?

Please fill out the form and we will respond ASAP. Alternatively, click the button to call us now.