iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Australian engineering, construction and maintenance services company Goodline has confirmed with Cyber Daily that threat actors launched a cyber attack on its systems.
The incident reportedly occurred on 17 September, according to Goodline executive manager Catherine Kennedy, and was the result of threat actors using company credentials to access the network.
The cyber attack was claimed by the RansomHub threat group, which said that it had exfiltrated 600 gigabytes of data in the incident.
Kennedy confirmed that 600 gigabytes of data had been exfiltrated but that the data stolen was back-end data and that at this stage of the investigation, there has been no sign of any personal data of employees or clients having been exfiltrated.
Goodline has engaged the assistance of cyber security giant CrowdStrike in its investigation and is currently awaiting a report on the incident.
Kennedy also told Cyber Daily that major clients such as Rio Tinto had been made aware of the incident.
RansomHub provided little to no information about the nature of the incident but claims that data belonging to Goodline will be published in just over five days at the time of writing.
Kennedy commended her team on the response Goodline had and its ability to work around system outages, saying she “had a good team of girls” keeping things running. Payroll was being conducted on paper at one stage.
RansomHub has listed a number of Australian organisations in recent months, with Aussie interior solutions firm Nikpol appearing on the site in September.
RansomHub first listed the company on its darknet leak site on 18 September in a post that listed only a brief description of the company and nothing else.
No ransom amount was listed, but the company was given a seven-day deadline to pay.
The compromised data includes internal documents and data such as Nikpol’s annual financial budgets, details of the company’s bank accounts and statements, and several tax residency declarations. Details of company credit cards are included, as are contracts with several other Australian organisations, including a Melbourne-based immigration law firm.
Unfortunately, a large amount of employee data appears to have been compromised in the ransomware attack as well.
This includes annual PAYG statements featuring the home addresses and tax file numbers of Nikpol’s employees, as well as their salaries. Other documents include superannuation payments and salary sacrifice arrangements, and some employees have had details of their child support payments made public.
Be the first to hear the latest developments in the cyber industry.
