A notorious Russian ransomware gang which infiltrated one of Australia’s largest law firms has now targeted a string of Victorian businesses, which it is extorting over terabytes of stolen data.
The cybercriminal group AlphV, which is also known as BlackCat, has claimed responsibility over attacks on several companies including:
- TissuPath, a pathology company
- Strata Plan, an owners corporation service provider
- Barry Plant Blackburn, a real estate agency
- Tisher Liner FC Law, a business and property law firm
AlphV claims to have stolen at least 4.95 terabytes of data, which it has threatened to publish.
The attack comes after the same group went through with a threat to publish 1.45 terabytes of data on the dark web in June after one of Australia’s largest law firms, HWL Ebsworth, refused to bend to its ransom demands.
The group has also attacked FIIG securities, an Australian bond broker.
“Due to your representatives’ refusal to negotiate, we are launching a campaign involving email distribution and calls to your clients,” the hackers said in a post on their dedicated leak site, which was documented by FalconFeeds.io, a threat intelligence platform.
“Your clients will be offered the option to pay a fee for the removal of their data from the public leak. You still have a chance to prevent a catastrophe,” they said.
It is unclear what type of data the hackers claim to have, but TissuPath, the pathology company, said patient names, dates of birth, contact details, Medicare numbers and private health insurance details were exposed.
A spokesman said it was in the process of contacting everyone affected by the breach and that it took its privacy obligations “extremely seriously”.
“We can confirm that we are investigating a data breach at a third-party IT supplier involving pathology referrals issued to TissuPath between 2011 and 2020,” the spokesman said.
“Importantly, TissuPath’s main database and reporting system that stores patient diagnoses was not compromised. Further, we do not store patient financial details and other personal information documents, such as drivers licence numbers.
“We are very sorry this has happened, and we sincerely apologise to our patients who may have been affected.”
Hacks connected to Melbourne IT firm.
TissuPath, Strata Plan and Barry Plant Blackburn were all clients of Core Desktop, a company based in South Melbourne which was hired to provide IT services.
The ABC has obtained a letter that Core Desktop sent to its clients which revealed it became aware of the hack on 22 August 2023.
“Our cyber forensic team do not have a firm understanding of the origins of the entry, but initial suggestions are that it was from a targeted client-side phishing attack which infiltrated our control systems, impersonated privileged accounts and encrypted some servers,” the letter said.
“They appear to have acted in a focused fashion and threatened a small number of Core Desktop clients.”
Core Desktop’s managing director, Rod Bloom, confirmed his company was the victim of a cyber-attack.
“We’ve communicated with all of our clients about the attack,” he said.
“We’re not really aware of what information has been compromised … it’s not our data so we don’t know.”
Mr Bloom said the company had reported the data breach to the Office of the Australian Information Commissioner and the Australian Cyber Security Centre.
Core Desktop has since regained control of its systems after shutting down access to all affected accounts, resetting login details for administrators, resetting client passwords and hiring forensic cybersecurity specialists.
Companies dispute hackers’ claims of stolen data.
Lisa Pennell, who is the chief executive of Barry Plant, stressed that the cyber-attack was isolated to its Blackburn office and that the rest of the company’s systems were not breached.
The hackers are claiming to have stolen about 3 terabytes of data from Barry Plant.
“We have become aware that a third-party supplier to a small part of the property management business of one of our [franchise] offices has had a cyber incident,” Ms Pennell said.
“This supplier is [an] IT-managed service provider and not owned or related directly to the Barry Plant Group more broadly other than providing their service to this specific local office in Blackburn.
“We are supporting our franchisee and have engaged market-leading experts to help us assess the situation.”
Simon Chamaa, the director of Strata Plan, said it was taking the cyber-attack seriously.
The cybercriminals claim to have breached 1.3 terabytes of information belonging to Strata Plan, but Mr Chamaa disputed that.
“Rest assured, that Strata Plan’s data remains secure. Thanks to our precautionary measures already in place, we have not experienced any impact on our systems,” he said.
“Strata Plan is actively investigating the matter with the assistance of cybersecurity experts, and we are dedicated to addressing this matter swiftly and effectively.”
Law firm Tisher Liner said it was still working to validate the claims and that its investigation was ongoing.
“We are aware of claims made by a third party regarding a breach of one of our managed service providers,” a spokesperson said.
“If we have any accurate information that requires further action, we will communicate with our clients, staff and other stakeholders as quickly as possible.”