Info@NationalCyberSecurity
Info@NationalCyberSecurity

Russian ransomware gang AlphV targets pathology company, law firms in latest string of attacks | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware


  • In short: Russian hackers have claimed they are behind a series of cyber attacks on a number of Victorian companies, and say they have stolen at least 4.95 terbytes of data
  • What’s next? Some of the companies affected say they are communicating with their clients about the reported breach, but at least one has disputed the hackers’ claims and says it has not been impacted

A notorious Russian ransomware gang which infiltrated one of Australia’s largest law firms has now targeted a string of Victorian businesses, which it is extorting over terabytes of stolen data.

The cybercriminal group AlphV, which is also known as BlackCat, has claimed responsibility over attacks on several companies including:

  • TissuPath, a pathology company
  • Strata Plan, an owners corporation service provider
  • Barry Plant Blackburn, a real estate agency
  • Tisher Liner FC Law, a business and property law firm

AlphV claims to have stolen at least 4.95 terabytes of data, which it has threatened to publish.

The attack comes after the same group went through with a threat to publish 1.45 terabytes of data on the dark web in June after one of Australia’s largest law firms, HWL Ebsworth, refused to bend to its ransom demands.

The group has also attacked FIIG securities, an Australian bond broker.

“Due to your representatives’ refusal to negotiate, we are launching a campaign involving email distribution and calls to your clients,” the hackers said in a post on their dedicated leak site, which was documented by FalconFeeds.io, a threat intelligence platform.

“Your clients will be offered the option to pay a fee for the removal of their data from the public leak. You still have a chance to prevent a catastrophe,” they said.

Threat intelligence platform FalconFeeds.io documented the threats sent to Victorian businesses.(Supplied: FalconFeeds.io)

It is unclear what type of data the hackers claim to have, but TissuPath, the pathology company, said patient names, dates of birth, contact details, Medicare numbers and private health insurance details were exposed.

A spokesman said it was in the process of contacting everyone affected by the breach and that it took its privacy obligations “extremely seriously”.

“We can confirm that we are investigating a data breach at a third-party IT supplier involving pathology referrals issued to TissuPath between 2011 and 2020,” the spokesman said.

“Importantly, TissuPath’s main database and reporting system that stores patient diagnoses was not compromised. Further, we do not store patient financial details and other personal information documents, such as drivers licence numbers.

“We are very sorry this has happened, and we sincerely apologise to our patients who may have been affected.”

Hacks connected to Melbourne IT firm

TissuPath, Strata Plan and Barry Plant Blackburn were all clients of Core Desktop, a company based in South Melbourne which was hired to provide IT services.

The ABC has obtained a letter that Core Desktop sent to its clients which revealed it became aware of the hack on 22 August 2023.

“Our cyber forensic team do not have a firm understanding of the origins of the entry but initial suggestions are that it was from a targeted client-side phishing attack which infiltrated our control systems, impersonated privileged accounts and encrypted some servers,” the letter said.

“They appear to have acted in a focused fashion and threatened a small number of Core Desktop clients.”

Core Desktop’s managing director, Rod Bloom, confirmed his company was the victim of a cyber-attack.

“We’ve communicated with all of our clients about the attack,” he said.

“We’re not really aware of what information has been compromised … it’s not our data so we don’t know.”

Mr Bloom said the company had reported the data breach to the Office of the Australian Information Commissioner and the Australian Cyber Security Centre.

Core Desktop has since regained control of its systems after shutting down access to all affected accounts, resetting login details for administrators, resetting client passwords and hiring forensic cybersecurity specialists.

Companies dispute hackers’ claims of stolen data

Lisa Pennell, who is the chief executive of Barry Plant, stressed that the cyber attack was isolated to its Blackburn office and that the rest of the company’s systems were not breached.

The hackers are claiming to have stolen about 3 terabytes of data from Barry Plant.

“We have become aware that a third party supplier to a small part of the property management business of one of our [franchise] offices has had a cyber incident,” Ms Pennell said.

“This supplier is [an] IT-managed service provider and not owned or related directly to the Barry Plant Group more broadly other than providing their service to this specific local office in Blackburn.

“We are supporting our franchisee and have engaged market-leading experts to help us assess the situation.”

——————————————————–


Click Here For The Original Source.

National Cyber Security

FREE
VIEW