Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
The Canberra-based university is working with the Australian Cyber Security Centre following FSociety ransomware claims.
The Australian National University is investigating an alleged ransomware attack after the institution was listed as a victim on the darknet leak site of FSociety hacking group.
As a rule, FSociety does not attribute its victims directly, but rather just the first and last letters of each word in the victim’s name.
However, in this case, the victim is relatively easy to guess.
“To the board of A********n N******l U********y,” FSociety said in a 16 February leak post.
“We have took over the servers A*u.edu.au and before encryption we extracted all data, we will give you (seven) days before any leak. All Student and Teacher Leak in this field will hurt future image, if you comply we will be willing to make this all go away. We will be waiting for your response.”
No ransom amount was given; however, society is threatening to publish the data within seven days. At the time of writing, the group has not disclosed how much data was allegedly stolen.
A spokesperson for the Australian National University told Cyber Daily it is investigating the hackers’ claims.
“We are investigating and are working with the Australian Cyber Security Centre,” the spokesperson said.
“We have no further updates at this stage.”
FSociety – at least in its current incarnation – has only been active since May 2024, but a group with the same name was first observed in 2016 when it was found to be developing a new ransomware variant. Both that operation and the current one use the same logo as the fictional FSociety hacking group featured in the television program Mr Robot.
The gang is a ransomware-as-service provider with a dedicated page for affiliates on its leak site. In January of 2025, FSociety began a collaboration with fellow hacking group FunkSec.
There are currently just victims listed on FSociety’s leak site, with ANU being the group’s first Australian victim.
ANU, based in Canberra, had a total student enrolment in 2022 of 18,934 and employs more than 4,000 staff. The university suffered a data breach in 2019 that impacted 19 years’ worth of personal data from both students and teachers. According to comments from intelligence officials at the time, China was thought to be behind the incident.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
