The Office of the Australian Information Commissioner (OAIC) says some of its files were stolen in a ransomware attack on law firm HWL Ebsworth https://hwlebsworth.com.au.
One of the largest law firms in Australia, HWL Ebsworth, says in an incident notice on its website that it became aware of the incident on 28 April 2023, after the ALPHV_BlackCat ransomware gang boasted about the hack, and that it immediately informed the Australian authorities and started investigating the incident.[1]
See: https://redskyalliance.org/xindustry/the-blackcat-is-back
BlackCat, aka ALPHV, is used in Ransomware-as-a-Service (RaaS) operations. BlackCat is the first ransomware group to breach organizations using Rust3 successfully. The ransomware leverages previously compromised user credentials to gain initial access to the victim's system. ALPHV has developed its ransomware that compiles information about the people it has previously targeted online into a searchable database. “The investigation indicates the threat actor had accessed and exfiltrated certain information on a confined part of the firm’s system, but not on our core document management system,” the law firm explains. On 09 June 2023, HWL Ebsworth says, the ransomware group published some of the data allegedly stolen from its systems on their leak site, suggesting that the firm did not cave into the gang’s ransom demands. The law firm says it has yet to determine the full impact of the data breach and will notify all individuals whose personal information might have been compromised.
A full-service commercial law firm and the largest partnership among Australian law firms, HWL Ebsworth, serves organizations across multiple sectors, including dozens of federal or state government departments. OAIC, the Australian privacy and freedom watchdog, is one of HWL Ebsworth’s clients to have disclosed the impact of the data breach. “On Saturday, 10 June 2023, HWL Ebsworth advised the OAIC that a document or documents relating to a limited number of OAIC files were included in the breach experienced by HWL Ebsworth,” OAIC said in a statement.
The incident reportedly impacted the NDIS Quality and Safeguards Commission, the Australian Federal Police, the Commonwealth Director of Public Prosecutions, the Department of Defense, the Department of Home Affairs, the Department of Foreign Affairs, and the Taxation Office.
The National Australian Bank (NAB), one of the four largest banks in the country, also disclosed some impact from the incident, stating that a small percentage of its customers might have been affected. “We are aware that HWL Ebsworth, a law firm engaged by NAB for some legal services, has been impacted by a cyber-attack. NAB’s systems were not impacted and remain secure. We are working with HWLE as they continue to get more information in relation to the content of these matters,” NAB said.
The ALPHV ransomware gang has leaked roughly 1.5 terabytes of data from the roughly 3.6 terabytes it allegedly stole from HWL Ebsworth. Last week, the law firm was granted an injunction restricting everyone, including the media, from discussing what information was stolen.
This article is presented at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225, or feedback@redskyalliance.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www.redskyalliance.org/
- Website: https://www.redskyalliance.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
[1] https://www.securityweek.com/australian-government-says-its-data-was-stolen-in-law-firm-ransomware-attack/
Comments