Status: Alert not Alarmed
It was a relatively quite fortnight across the Australia and New Zealand cyber landscape from an open source perspective. What is of most interest is a possible leaking of data from RACV. A user on BreachForums has shared data they claim to be from RACV, which appears to be from Kineo platforms, which is a third-party training company with sample data provided showing emails, phone numbers and addresses of Kineo staff members and others.
The claimed site is racv.kineoplatforms - on review, that is a third-party who provides training to organizations. While this data is not highly sensitive, it does still compromise the integrity of RACV related private and personal information.
The actual website has two options, likely for staff members to log into to conduct training.
Hacktivist Activity - 3 Victims All Australian
5 April - Australia
Garuda Cyber Team defaced Manly Web Designs, related to Palestine.
23 March - Australia
Ethersec Team Cyber defaced the website of vine and grind.
23 March - Australia
StarX Team claimed a breach of the core true organization in Australia.
Ransomware - 5 Victims All Australian.
5 April - Australia
Aussizz Group, an Australian company that helps immigrants with education and relocation support to Australia was posted to the Dragonforce leak site. This unfortunately will have some sensitive personal information in the leaked data, including passport information.
27 March - Australia
Cafe De Vilis was posted by Black Basta ransomware to their leak site. The company has reported IT issues in the weeks preceding to the post.
26 March - Australia
Lockbit posted Regency Agency to their leak site. Lockbit has been posting old victims often as they attempt to remain relevant after law enforcement shutdowns of their operations in the early part of 2024.
25 March - Australia
Akira ransomware posted Calida projects to their leak site.
25 March - Australia
Dragonforce posted Dunbier Marine Products to their leak site.
Underground posts/mentions of Note
3 April - Australia
A user on breach forums claims to have data from the RACV, one of Australia’s largest car insurance companies. The user offered the data up for a small forum fee. The sample data shows the information has email, phone numbers and addresses of possible RACV staff or customers.
1 April - New Zealand
A user on and underground forum claimed to have access to over 1 million new Zealand individuals data for sale.
28 March - Australia
Initial Access of an Australian consumer services organization was placed online for sale - it has not sold at time of this update.
For regular updates or for more information: https://twitter.com/Cyberknow20