Share this article on:
A ransomware gang claims hack on Castle Hill RSL Group, as the CHRG warns customers of a February attack.
The 8Base ransomware gang has claimed another Australian victim, this time CHRG, previously known as the Castle Hill RSL Group.
The gang added CHRG to its leak site overnight, though the entry is dated as “downloaded” on 28 February, with a ransom deadline of 6 March. The deadline counter on the post is marked “expired”, but despite the gang claiming to have data ready to download, the link is currently dead.
8Base has included its usual boilerplate description of the data it exfiltrated as containing invoices, receipts, accounting documents, personal data, a huge amount of confidential information, and more.
For its part, CHRG has published an advisory on its website, warning its members of a “cyber incident” that was first detected on 17 February.
“Our ongoing forensic investigations have not identified any indications that our sign-in credentials, membership database, or point-of-sale systems were impacted by the incident,” a CHRG spokesperson said.
“While our investigations are ongoing, we wanted to emphasise that our membership database, which is the central source of membership data, has not been impacted. In this context, and to address queries our members have raised, we wanted to clarify how we handle personal information of members when they attend our venues.”
The advisory then goes on to note that CHRG collects membership data so as to facilitate the club’s services and provide members with club benefits. The clubs under the CHRG umbrella – Castle Hill RSL, Club Parramatta, Castle Hill Fitness & Aquatic Centre, Lynwood Country Club, and Lynwood Golf Club, to name a few – are also required to check photo ID of guests by law, CHRG said, but those details are not saved to the membership database.
“While we are confident, from our investigations to date, that our membership database and other systems mentioned above have not been impacted, we continue to encourage our members to remain vigilant and be cautious in all interactions with organisations and online platforms,” CHRG said.
“Your proactive engagement plays a vital role in maintaining the integrity of security measures.”
CHRG has said it “will reach out” to any impacted members and individuals, and it has provided an email for concerned members to raise any specific concerns: [email protected].
Cyber Daily contacted CHRG for more details on the incident and received the following reply.
“On 17 February 2024, we identified a cyber security incident and immediately engaged cyber security and forensic experts to guide our investigations and respond accordingly. This included taking immediate steps to contain and deploy a range of tools to respond to the threat,” a CHRG spokesperson said via email.
“The Australian Cyber Security Centre has been informed, and we will collaborate closely with regulators, including the Office of the Australian Information Commissioner.
“We continue to work methodically and diligently to progress investigations, which is a complex and ongoing process. This includes identifying, as a priority, the extent to which any personal information has been accessed.
“We remain committed to working swiftly and communicating transparently. It is unfortunate that no organisation is immune to cyber incidents, and [we] apologise for the concern this has caused.”
When asked if they were aware of 8Base’s claims, the spokesperson said that to “avoid impacting or compromising the ongoing investigations, we cannot provide further specifics about the incident at this time”.
Cyber Daily will continue to monitor 8Base’s leak site for any further activity.
UPDATED 13/3/24 to add further commentary from CHRG.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.