Ransomware Attack on Australian Utility Claimed by Russian-Speaking Criminals

The ransomware group known as Conti, meanwhile, named CS Energy on its website for shaming victims and sometimes leaking their data.

Updated: 9 December 2021 12:07 IST

Ransomware Attack on Australian Utility Claimed by Russian-Speaking Criminals

Australian media reported on Monday that Chinese government hackers were behind the breach at CS Energy

Highlights

The Daily Mail and other media directly blamed the attacks on China
Conti is believed to be a Russia-based cybercrime operation
Conti and other gangs have increased their attacks on utilities

One of the most prolific Russian-speaking ransomware gangs has claimed credit for a weekend attack on an Australian electric utility serving millions of people.

Australian media reported on Monday that Chinese government hackers were behind the breach at CS Energy, which is owned by the Queensland state in northeast Australia.

Those reports, which came amid high tensions between Australia and China, prompted the utility to issue a statement on Tuesday.

Russia Excluded From 30-Country Meeting to Fight Cybercrime

There is "currently no indication that the cyber incident was a state-based attack," the statement cited CS Energy CEO Andrew Bills as declaring.

The ransomware group known as Conti, meanwhile, named CS Energy on its website for shaming victims and sometimes leaking their data.

"Conti listed CS Energy on its leak site which, obviously, would indicate that one of its affiliates was responsible for the attack," said Brett Callow, a threat analyst at security firm Emsisoft.

FBI Seizes Cryptocurrency Worth $2.3 Million From Hacker Group

The Australian, the Daily Mail, and other media directly blamed the attacks on China.

But Callow said that "Conti is believed to be a Russia-based cybercrime operation, not a China-based APT, so it would appear that the attack on CS Energy is simply an addition to the ever-expanding list of financially motivated ransomware attacks." APT is security industry shorthand for Advanced Persistent Threat groups, which are often backed by governments.

Like some other ransomware groups, Conti splits proceeds with affiliates who break into targets before installing its program for encrypting computer files and referring victims to Conti for negotiating payments in cryptocurrency.

Conti and other gangs have increased their attacks on utilities, hospitals, and other critical infrastructure in the past year. Western officials and researchers have said some of those groups have ties to Russian intelligence agencies, but no such accusation has been levelled against the Chinese.

Will Snapdragon's new 2022 chips make it more prominent as a brand? We discuss this on Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.

Affiliate links may be automatically generated - see our ethics statement for details.

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.