Cyber Threat Actor: 23-year-old man

A 23-year-old Australian man, identified as an IT support worker employed by a third-party contractor, conducted an internal cyber attack against the Australian National Maritime Museum (ANMM) in Sydney. His position provided authorized access to the museum's financial systems, which he exploited to redirect payments. Specifically, he accessed the account payable system, replaced legitimate vendor banking details with his own, and subsequently made unauthorized purchases using the intercepted financial information. The incident was discovered when ANMM detected anomalies in payment information for contracted companies, prompting an investigation by independent forensic experts. This investigation confirmed the internal breach and led to notification of the Australian Federal Police (AFP). The perpetrator's actions resulted in an estimated $90,000 being fraudulently redirected, with the AFP alleging the sole motivation for the crime was financial greed.

AFP cyber crime investigators linked the individual to the offense, executing a search warrant at his residence in Macquarie Park where he was arrested and his electronic devices were seized for forensic analysis. He was subsequently charged with multiple offenses under New South Wales and Commonwealth law, including five counts of dishonestly obtaining property by deception, four counts of dishonestly obtaining or dealing in personal financial information, and two counts of unauthorized access and modification with intent to commit a serious computer offence. He appeared in Burwood Local Court in early March 2023. The case illustrates a straightforward insider threat scenario where a trusted contractor with legitimate system access abused that privilege for direct financial theft, targeting the financial processing capabilities of a single cultural institution in Australia. No evidence of broader targeting, malware deployment, or affiliations with external criminal or state entities was presented in the public report.