Ransomware attack on Australian utility claimed by Russian-speaking criminals | Inquirer News
Close  

Ransomware attack on Australian utility claimed by Russian-speaking criminals

/ 12:23 PM December 09, 2021
FILE PHOTO: A hooded man holds a laptop computer as cyber code is projected on him in this illustration picture taken on May 13, 2017.  REUTERS/Kacper Pempel/Illustration/File Photo

FILE PHOTO: A hooded man holds a laptop computer as cyber code is projected on him in this illustration picture taken on May 13, 2017. REUTERS/Kacper Pempel/Illustration/File Photo

SAN FRANCISCO — One of the most prolific Russian-speaking ransomware gangs has claimed credit for a weekend attack on an Australian electric utility serving millions of people.

Australian media reported on Monday that Chinese government hackers were behind the breach at CS Energy, which is owned by the Queensland state in northeast Australia.

ADVERTISEMENT

Those reports, which came amid high tensions between Australia and China, prompted the utility to issue a statement on Tuesday.

There is “currently no indication that the cyber incident was a state-based attack,” the statement cited CS Energy CEO Andrew Bills as declaring.

FEATURED STORIES

The ransomware group known as Conti, meanwhile, named CS Energy on its web site for shaming victims and sometimes leaking their data.

“Conti listed CS Energy on its leak site which, obviously, would indicate that one of its affiliates was responsible for the attack,” said Brett Callow, a threat analyst at security firm Emsisoft.

The Australian, the Daily Mail and other media directly blamed the attacks on China.

But Callow said that “Conti is believed to be a Russia-based cybercrime operation, not a China-based APT, so it would appear that the attack on CS Energy is simply an addition to the ever-expanding list of financially motivated ransomware attacks.” APT is security industry shorthand for Advanced Persistent Threat groups, which are often backed by governments.

Like some other ransomware groups, Conti splits proceeds with affiliates who break into targets before installing its program for encrypting computer files and referring victims to Conti for negotiating payments in cryptocurrency.

Conti and other gangs have increased their attacks on utilities, hospitals and other critical infrastructure in the past year. Western officials and researchers have said some of those groups have ties to Russian intelligence agencies, but no such accusation has been leveled against the Chinese.

Subscribe to our daily newsletter

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.
Read Next
Don't miss out on the latest news and information.

Subscribe to INQUIRER PLUS to get access to The Philippine Daily Inquirer & other 70+ titles, share up to 5 gadgets, listen to the news, download as early as 4am & share articles on social media. Call 896 6000.

TAGS: Advanced Persistent Threat (APT), Australia, China, Conti, ransomware attack, Russian hackers
For feedback, complaints, or inquiries, contact us.

Subscribe to our daily newsletter

By providing an email address. I agree to the Terms of Use and
acknowledge that I have read the Privacy Policy.



© Copyright 1997-2022 INQUIRER.net | All Rights Reserved

We use cookies to ensure you get the best experience on our website. By continuing, you are agreeing to our use of cookies. To find out more, please click this link.