TelcoNews Australia - Telecommunications news for ICT decision-makers
Australia

Guides

#
5g & beyond
#
internet of things
#
software-defined networking
#
space technologies
#
unified communications

Search

Locked digital vault warning symbols airplanes hacker figures cyber attack australian airline
#
SaaS
#
Firewalls
#
Data Protection

Fresh expert analysis reveals deeper concerns after Qantas cyber attack

Wed, 2nd Jul 2025
Author image
By Melania Watson, Interview Editor

The recent cyber attack on Qantas continues to reverberate across the security landscape, with fresh expert commentary shedding light on the increasingly agile and organised tactics used by loosely affiliated global hacking groups.

While the breach itself has been contained, the attack has exposed deeper vulnerabilities in how major brands and their third-party partners handle sensitive data.

Brett Winterford, Vice President of Okta Threat Intelligence, shed light on the nature of the group believed to be responsible.

"This attack has all the hallmarks of a group of loosely affiliated individuals that collaborate and share their tradecraft in a forum called 'TheCom'," he explained, adding that such groups are often comprised of young, globally distributed individuals, primarily from Western countries. He noted that their motivations are twofold: financial gain and the desire to achieve high-profile breaches that bolster their standing among peers.

Winterford emphasised that these groups operate opportunistically, frequently targeting industries where prior assaults have yielded success. "We've observed this in attacks on the gaming sector, on the UK retail sector, on insurance, and now in aviation." Their approach, he said, prioritises rapid compromise over concerns regarding detection.

"They often target the business process outsourcing (BPO) partners of their targets. Historically they have identified that account recovery flows present opportunities to compromise accounts that are otherwise well protected."

Describing the technical abilities and resources available to these attackers, Winterford said: "They might be young, but they often have considerable financial (cryptocurrency holdings) and technical resources at their disposal." He warned of the group's ability to manipulate or bribe helpdesk personnel, sometimes tricking them into resetting credentials for privileged users, opening doors to further exploitation."

"Once access has been obtained, the hackers move quickly, often laterally traversing corporate networks in search of sensitive data.

In previous attacks, Winterford noted, threat actors have accessed databases, exfiltrated hashed passwords, deployed ransomware, and extorted companies for the return of stolen data.

The attack on Qantas serves as a wake-up call to organisations across the spectrum. Nick Hughes, Technical Sales Manager at IT solutions provider CMTG, underlined the broader implications: "Today's cyberattack on Qantas is a stark reminder that even the most recognised brands are vulnerable to data breaches.

For businesses of all sizes, it's critical to ensure robust security controls are in place across every touchpoint, especially customer-facing platforms."

Hughes outlined CMTG's approach to bolstering clients' cyber resilience across a landscape of diverse technologies and uses.

"We help businesses strengthen their cyber resilience across a wide range of environments, including SaaS, IaaS, PaaS, and multi-OS platforms spanning Windows, Linux, Unix, Mac OS, Android and Apple iOS." He further stressed the significance of infrastructure investment, citing a recent AUD $2.3 million upgrade to CMTG's private data centre.

The upgrade, he said, aims to "enhance performance, security and control, giving businesses confidence that their data is safeguarded on Australian soil."

Security professionals argue that the aviation industry, due to its complex operational environment and valuable data, remains an attractive target for increasingly agile threat actors. The practice of attacking BPO partners or exploiting human vulnerabilities in password recovery chains is not unique to aviation and underscores a broader challenge faced by industries reliant on third-party services and large customer-facing teams.

The recurring nature of these incursions has prompted renewed calls for organisations to scrutinise their security frameworks, invest in advanced technologies, and provide regular staff training to minimise the risk posed by social engineering.

As attackers grow in confidence and capability, the need for businesses to pre-empt emerging tactics remains paramount. With cyber threats escalating in both frequency and sophistication, today's breach is unlikely to be the last to test Australia's digital resilience in the coming months.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
AI-driven network automation tops telecom investment plans
Check Point scores 99.59% in top firewall security report by NSS
New partnership to deliver zero-trust security for defence logistics
SIAM Body of Knowledge refresh brings AI, skills & guidance
Australia hosts global leaders to shape priorities for 6G future

Top stories

DroneShield secures AUD $7.6m US deals as orders & pipeline surge
Is OpenAI planning an AI cloud to rival AWS, Azure & Google?
Exclusive: Google on AI-powered attacks & cyber threats in Australia
Derek Peterson named chairman as WBA steers Wi Fi convergence
SentinelOne & AWS enhance AI security with new integrations