Australian Prime Minister Scott Morrison recently raised awareness of a state-based cyber attack that Australia is facing across all levels of government and the private sector. In response, the Australian Cyber Security Centre (ACSC) published an advisory on the nature of the attacks as well as guidance on how to mitigate these types of attacks in the future. The advisory, titled “Copy-paste compromises - tactics, techniques and procedures used to target multiple Australian networks,” is specific to the threat actor’s use of proof-of-concept exploit code, web shells, and other tools copied identically from open source resources. In this post, we provide a summary of the attack, a recap of the guidance given by the ACSC for mitigation, and how Okta’s multi-factor authentication (MFA) product can help. Attack overview The Australian Government is currently aware of and responding to a sustained targeting of both independent and government organisations carried out by.