40% of Australians Without Internet or Phone for One Day

November 7, 2023

An outage at No.2 Australian telco Optus left nearly half the population without internet or phone on Wednesday, throwing payment, transport and health systems into chaos and raising questions about the fragility of the country’s core infrastructure. The outage was first reported about 4 a.m. local time (1700 GMT on Tuesday) and it was not until almost 5.30 p.m. that Optus said services had been restored.

Some 10 million Australians, 40% of the population, are Optus customers and could not use smartphones, broadband internet or landlines for much of the day. Hospitals couldn’t take phone calls, small businesses were unable to process electronic payments and train networks and ride share services were down simultaneously in some cities. The incident sparked criticism about the robustness of Australia’s telecommunications network and in particular about Optus, which is owned by Singapore Telecommunications

read more

Cyberattack Crippled Facilities of Large Australia Port Operator

November 12, 2023

A cyber incident shut down Australia’s second largest port operator, which is now having an impact on moving goods in and out of the country. DP World Australia, which operates ports in Melbourne, Sydney, Brisbane and Fremantle, is responsible for 40 percent of maritime freight said it began responding to a cybersecurity incident this past Friday, according to an ABC News report. While ships remain able to unload freight, the freight cannot then leave the port site. The operator said it took immediate action which included disconnecting Internet connectivity, which stopped any ongoing unauthorized access.

Operations at container terminals in Melbourne, Sydney, Brisbane and Perth were disrupted from Friday to Monday morning. DP World Australia said its ports resumed operations at 09:00 local time “following successful tests of key systems overnight” – reports BBC.

There was no further word on what type of attack the port operator suffered and who was behind the assault.

read more

Employee Data of Rio Tinto Group Uploaded to Dark Web

March 23, 2023

Personal data of Rio Tinto Ltd’s former and current Australian employees were stolen by Cl0p. On April 6 the files were uploaded on the dark web. Ransom group Cl0p claims responsibility for the alleged data hack.

Rio Tinto confirmed that stolen employee data have been uploaded on the dark web, ABC News reported.

read more

Australian Infrastructure Services Provider Takes Down Systems

July 8, 2023

The Australian infrastructure services provider Ventia says a cyberattack on the weekend of July 8 and 9 is contained. The attack on the Sydney-headquartered essential infrastructure services provider caused it to take key systems offline. However, in a July 12 statement, Ventia says its key internal systems have been safely re-enabled and external-facing networks are systematically being restored. Ventia is giving little away about the nature of the cyberattack, but the company’s decision to shut down its systems is a characteristic response to a ransomware-style attack.

An APAC Analyst Technical Director at DarkTrace says some of Ventia’s systems were offline for at least three days and switching off services would significantly impact customers. “Ventia are an important pillar in the management of critical infrastructure. They operate sites across Australia and New Zealand on behalf of defence, electricity, gas, and water companies,”

read more

Energy One Suffers Attack

August 18, 2023

Wholesale energy software provider Energy One suffered a cyberattack last week that hit systems in Australia and the United Kingdom.
The 15-year-old business provides software and services to Australia, New Zealand and other Pacific islands and European companies.
Once Energy One detected the attack August 18 and it took “immediate steps to limit the impact of the incident, engaged cyber security specialists, CyberCX, and alerted the Australian Cyber Security Centre and certain UK authorities,” the company said in a statement to the Australian Securities Exchange dated Monday.

read more

Accellion-related Data Breach Reported by QIMR Berghofer

December 25, 2020

The QIMR Berghofer Medical Research Institute has also announced today a data breach caused by the Accellion FTA service and has provided more detailed information regarding what information was accessed.

According to the research institute, the data breach appears to have occurred on December 25, 2020, when threat actors accessed approximately 4 percent, or 620MB, of data stored on the Accellion FTA service.

QIMR Berghofer states that they received their first notification to install Accellion’s patch on January 4th, 2021. It wasn’t until February 2nd, 2021 that Accellion notified them that they had suffered a data breach.

“The first notification QIMR Berghofer received from Accellion was on 4 January 2021, when the company advised the Institute to apply a security patch. The Institute immediately took the software offline and applied the patch.”

“Accellion notified QIMR Berghofer on Tuesday 2 February 2021 that it believed the Institute had been affected by the data breach, which has also affected a number of Accellion’s other Australian and international clients,” QIMR Berghofer disclosed in a data breach notice on their website.

read more

Large Australia Energy Provider Hit by a “Cyber Incident” Impacting Small Percentage of Customers

November 30, 2022

One of Australia’s largest energy providers has been hit by a “cyber incident” as a wave of data breaches impact big companies across the nation. AGL reported “elevated levels of suspicious activity” on its “My Account” platform on December 1. 9News understood a small percentage of customers – about 6000 – have been impacted. “Based on current analysis it appears malicious actors have used stolen credentials acquired externally (such as usernames and passwords used elsewhere by customers) to log into a number of customer accounts,”

read more

Overly Delayed Disclosure of Ransomware Attack at Australian Clinical Labs

February 12, 2022

On October 31, Australian Clinical Labs (ACL) disclosed a February 2022 data breach that impacted its Medlab Pathology business. The breach exposed the medical records and other sensitive information of 223,000 people.

Quantum ransomware gang took responsibility for the attack. 86GB stolen files were uploaded on its Tor site on June 14, 2022. Leaked data included patient and employee details, financial reports, invoices, contracts, forms, subpoenas, and other private documents. According to Quantum ransomware’s website, the data leak page for MedLab has been accessed 130,000 times.

read more

Ransomware Attack on ForceNet Communication Platform used by Australian Military

September 10, 2022

Hackers attacked ForceNet’s communications platform used by Australian military personnel and defense staff. The ForceNet service is run by Dialog Information Technology. The Australian Dept. of Veteran Affairs’ website states: “Defence has announced that it has been informed that an external ICT service provider which facilitates ForceNet has been subject to a ransomware attack. ForceNet is a Defence e-communications platform used to connect registered users within secure online communities. To be clear, this is not an attack on Defence ICT”
ITWire in Australia reports on 31 October that Dialog was hit by an attack which used the Agenda ransomware that runs only on Windows. The group behind the attack, Qilin, announced it on the dark web on 19 September.

This is the 9th attack in little over a month, affecting Australia’s biggest companies, likely exposing the details of millions of customers.

read more

Australian Health Insurance Firm Medibank Hit by Ransomware Attack

October 12, 2022

Major Australian health insurance provider Medibank Private Limited disclosed being hit by a ransomware attack on October 12. The attack resulted in a temporary service outage, which has since been resolved. The company claim that no systems were encrypted during the attack.

UPDATE 07Nov22: Medibank Says Hacker Accessed Data Of 9.7 Million Customers, Refuses To Pay Ransom

read more