Australia’s Cybersecurity Chief Confirms ‘Sensitive Government Information’ Stolen by Russian Hackers

Australia’s Cybersecurity Chief Confirms ‘Sensitive Government Information’ Stolen by Russian Hackers
National cybersecurity coordinator air vice-marshal Darren Goldie at a press conference at Parliament House in Canberra, Australia on June 23, 2023. AAP Image/Mick Tsikas
Henry Jom
Updated:

Australia’s newly appointed national cybersecurity coordinator, Air Vice-Marshal (AVM) Darren Goldie, has confirmed that Australian government entities embroiled in the HWL Ebsworth cyberattack have had their “sensitive personal and government information” stolen by Russian cybercriminals.

This comes as over 40 Australian government agencies are feared to have been impacted by the database hacking, including Australia’s four major banks.

AVM. Goldie said that he is working with the law firm EWL Ebsworth to understand the full extent of the data breach.

“I am actively engaging with HWL Ebsworth to understand the complete picture of this incident, including how their private industry clients have been impacted, as the data analysis continues,” AVM. Goldie said in a statement on July 5.

“Impacted entities are commencing the process of notifying affected individuals about the impacts the data breach has had on their information.

“We will work to ensure the lessons from this incident are shared so that we can continue to collectively bolster our responses to cyber incidents.”

As the cyber security chief’s first order of business, AVM. Goldie was tasked to seek briefings from the Department of Home Affairs and HWL Ebsworth on the status of the cyberattack, which occurred in April.

Of the four terabytes that were stolen by Russian cybercriminal BlackCat, approximately 1.45 terabytes of sensitive information were published by the hacking grouping on the dark web on June 8.

The Department of Home Affairs previously told The Epoch Times in an email that the government continues to actively engage HWL Ebsworth “as it investigates the extent of the breach, including impacts on Commonwealth information.”

While announcing AVM. Goldie’s appointment on June 23, Home Affairs Minister Clare O'Neil said the cyber hacking was “significant.”

“I would place it in the realm of the most significant cyber incidents that we’ve experienced as a country over the last year, along with Latitude, Optus and Medibank,” Ms. O’Neill said.

Departments such as Home Affairs, the Australian Taxation Office, the Office of the Australian Information Commissioner (OAIC), the Defence Department, and the Australian Federal Police have been impacted by the database hacking of HWL Ebsworth.

Other governmental departments include the Prime Minister and Cabinet, Treasury, Education, Agriculture, Fisheries and Forestry, Industry, Science, and Resources, the Department of Foreign Affairs (DFAT), ASIC, the Parliamentary Budget Office, the Fair Work Ombudsman, and the Aged Care Quality and Safety Commission.

National Security Potentially At Risk

Shadow Minister for Home Affairs and Cybersecurity, Senator James Paterson, said that sensitive information related to defence and national security may have been taken during the cyber breach.
“HWL Ebsworth is a law firm that acts for a number of government clients; it represents a number of government agencies, including in the national security sphere,” Mr. Paterson told Sky News on June 22.

“It appears that it held on their behalf ... sensitive information of a sometimes classified nature.

“The risk that has spilled out into the public is a very serious thing indeed.”

On June 12, HWL Ebsworth was granted an injunction by the Supreme Court of NSW to prevent the hacking group from disclosing the stolen data online. The hacking group was also ordered to take down the data immediately. The injunction order was served using the contact information provided in three emails that demanded a ransom payment, which HWL Ebsworth had previously said it would not be paying.

However, Mr. Paterson said the injunction also meant anyone concerned that they may have been a victim of the cyberattack would commit an offence if they searched for the data.

“Because of this injunction, it’s potentially a crime for you, or I, to go and look at that information or to try and download it,” Mr. Paterson said.

“We’re not exempt because we’re a victim or a journalist or anyone else who’s looking at this.”

However, HWL Ebsworth managing partner Juan Martinez admits there are “practical limits” to enforcing the injunction.

“However, we have taken this step with a view to preventing, as far as possible, any further broader access to or dissemination of the data. This includes seeking to prevent the media from accessing or publishing any of the data, or indeed any party,” Mr. Martinez said, reported the Australian Financial Review (AFR).
Martinez said he believes this to be the first time in Australia “that an injunction has been granted against cyber hackers in circumstances such as these.”

No Detail Released on Ransom Demands Yet

Both HWL Ebsworth and the government have not yet released any information on the ransom demands or whether they will meet them

The Russian cyber hacking group has claimed that it has taken over four terabytes of HWL Ebsworth data that, includes internal company credentials, financial and insurance data, credit card information, agreements, client documents, and legal advice provided to the agencies.

AVM. Goldie said HWL Ebsworth is working to address the impacts of the cyberattack.

“HWL Ebsworth is also working with the Office of the Australian Information Commissioner to meet relevant obligations under the Privacy Act 1988,” he said.

In a statement, HWL Ebsworth said it engaged in “containment and remediation actions” after becoming aware of the hack.

“The investigation indicates the threat actor had accessed and exfiltrated certain information on a confined part of the firm’s system, but not on our core document management system,” the company said.

“We continue to be engaged in a comprehensive investigation into the nature and extent of the impact of the incident with the assistance of leading external cyber security experts.

Henry Jom
Henry Jom
Author
Henry Jom is a reporter for The Epoch Times, Australia, covering a range of topics, including medicolegal, health, political, and business-related issues. He has a background in the rehabilitation sciences and is currently completing a postgraduate degree in law. Henry can be contacted at [email protected]
twitter
Related Topics