Russian Cybercriminals Perpetrate Ransomware Attacks on Australian Companies
Notorious Russian hackers, collectively known as the AlphV or BlackCat group, have reportedly targeted various businesses in Victoria, Australia. The cybercriminals claim to expose large quantities of stolen data if their ransom demands are not met. However, some companies dispute these allegations, maintaining their data security remains intact.
The Hackers' Claim
The malicious Russian group, AlphV, has taken responsibility for a series of cyber attacks on several prominent Victorian companies, including:
TissuPath, a leading pathology company
Strata Plan, a service provider for owners corporations
Barry Plant Blackburn, a well-known real estate agency
Tisher Liner FC Law, a firm specialising in business and property law
The criminal group alleges to have seized approximately 4.95 terabytes of data, and threatens to release it unless their demands are met. This recent activity follows their previous attack on one of Australia’s largest law firms, HWL Ebsworth, leading to the release of 1.45 terabytes of data on the dark web. The group also targeted FIIG securities, an Australian bond broker.
FalconFeeds.io, a threat intelligence platform, has documented these threats to Victorian businesses.
Potential Data Breach at TissuPath
TissuPath, one of the companies targeted, has confirmed the potential exposure of patient names, dates of birth, contact details, Medicare numbers, and private health insurance details. The company is in the process of notifying all potentially affected parties, reaffirming their commitment to privacy.
"We can confirm that we are investigating a data breach at a third-party IT supplier involving pathology referrals issued to TissuPath between 2011 and 2020," a company spokesperson stated.
However, it was clarified that the main database and reporting system that stores patient diagnoses were not compromised.
The Role of Core Desktop
Interestingly, TissuPath, Strata Plan, and Barry Plant Blackburn are all clients of Core Desktop, a South Melbourne-based IT services provider. This company recently detected a hack on its systems on August 22, 2023.
"Our cyber forensic team do not have a firm understanding of the origins of the entry but initial suggestions are that it was from a targeted client-side phishing attack which infiltrated our control systems, impersonated privileged accounts and encrypted some servers," Core Desktop revealed in a letter sent to its clients.
Core Desktop's managing director, Rod Bloom, confirmed his company was the victim of a cyber-attack. The company has reported the data breach to the Office of the Australian Information Commissioner and the Australian Cyber Security Centre. Core Desktop has regained control of its systems after resetting login details and hiring forensic cybersecurity specialists.
Companies Refute Hackers' Claims
Despite the hackers' threats, some companies are disputing the claims of the Russian group. Barry Plant’s CEO, Lisa Pennell, emphasised that the cyber attack was limited to its Blackburn office and did not breach the rest of the company's systems. The hackers allege to have stolen about 3 terabytes of data from Barry Plant.
Simon Chamaa, the director of Strata Plan, also disputed the hackers' claims, stating that their data remains secure due to preventative measures already in place.
Tisher Liner FC Law is currently working to validate the hackers' claims, promising to communicate with clients, staff, and stakeholders promptly if any actionable information arises.
Conclusion
As cyber threats continue to evolve, businesses are urged to adopt robust security measures to protect sensitive data. The recent ransomware attacks on Australian companies serve as a stark reminder of the potential threats that exist in the digital realm.