Ransomware attack on Australian utility claimed by Russian-speaking criminals

The ransomware group known as Conti, meanwhile, named CSEnergy on its web site for shaming victims and sometimes leaking their data.

December 09, 2021 03:31 pm | Updated 03:32 pm IST - SAN FRANCISCO

The Australian, the Daily Mail and other media directly blamed the attacks on China.

The Australian, the Daily Mail and other media directly blamed the attacks on China.

One of the most prolific Russian-speaking ransomware gangs has claimed credit for a weekend attack on an Australian electric utility serving millions of people.

Australian media reported on Monday that Chinese government hackers were behind the breach at CS Energy, which is owned by the Queensland state in northeast Australia.

(Sign up to our Technology newsletter, Today's Cache, for insights on emerging themes at the intersection of technology, business and policy. Click here to subscribe for free.)

Those reports, which came amid high tensions between Australia and China, prompted the utility to issue a statement on Tuesday.

There is "currently no indication that the cyber incident was a state-based attack," the statement cited CS Energy CEO Andrew Bills as declaring.

The ransomware group known as Conti, meanwhile, named CS Energy on its web site for shaming victims and sometimes leaking their data.

"Conti listed CS Energy on its leak site which, obviously, would indicate that one of its affiliates was responsible for the attack," said Brett Callow, a threat analyst at security firm Emsisoft.

Also Read | U.S. State Department phones hacked with Israeli company spyware

The Australian, the Daily Mail and other media directly blamed the attacks on China.

But Callow said that "Conti is believed to be a Russia-based cybercrime operation, not a China-based APT, so it would appear that the attack on CS Energy is simply an addition to the ever-expanding list of financially motivated ransomware attacks." APT is security industry shorthand for Advanced Persistent Threat groups, which are often backed by governments.

Like some other ransomware groups, Conti splits proceeds with affiliates who break into targets before installing its program for encrypting computer files and referring victims to Conti for negotiating payments in cryptocurrency.

Conti and other gangs have increased their attacks on utilities, hospitals and other critical infrastructure in the past year. Western officials and researchers have said some of those groups have ties to Russian intelligence agencies, but no such accusation has been leveled against the Chinese.

0 / 0
Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in

Comments

Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.