Incident: Russian ransomware gang AlphV breaches Core Desktop, a South Melbourne IT services company | ABC News (Australia)
Australian IT Services Ransomware Attack, 05 September 2023
Russian ransomware gang AlphV breaches Core Desktop, a South Melbourne IT services company
TissuPath, Strata Plan and Barry Plant Blackburn were all clients of Core Desktop
View more incidents from Managed Services sector, and Victorian incident reports.
This attack is one of the Australian Service Provider “Core Desktop” that was reportedly breached by the Russian cybercriminal group AlphV, which is also known as BlackCat, view the AlphV Australian Ransomware Attacks.
Core Desktop is the third-party supplier involved in last week’s TissuPath hack, which saw diagnostic and patient records posted on the dark web leak site of notorious ransomware gang LockBit.
TissuPath, Strata Plan and Barry Plant Blackburn were all clients of Core Desktop, a company based in South Melbourne which was hired to provide IT services.
The ABC has obtained a letter that Core Desktop sent to its clients which revealed it became aware of the hack on 22 August 2023.
“Our cyber forensic team do not have a firm understanding of the origins of the entry but initial suggestions are that it was from a targeted client-side phishing attack which infiltrated our control systems, impersonated privileged accounts and encrypted some servers,” the letter said.
“They appear to have acted in a focused fashion and threatened a small number of Core Desktop clients.”
Core Desktop’s managing director, Rod Bloom, confirmed his company was the victim of a cyber-attack.
“We’ve communicated with all of our clients about the attack,” he said.
“We’re not really aware of what information has been compromised … it’s not our data so we don’t know.”
Mr Bloom said the company had reported the data breach to the Office of the Australian Information Commissioner and the Australian Cyber Security Centre.
Core Desktop has since regained control of its systems after shutting down access to all affected accounts, resetting login details for administrators, resetting client passwords and hiring forensic cybersecurity specialists.
