Australia’s Court Services Victoria (CSV) has warned that video recordings of court hearings were exposed after it suffered a cyber security incident in December. In a statement published this week, CSV said the incident led to unauthorized access, causing disruption to the audio visual in-court technology network, affecting video recording, audio recording and transcription services. It said that recordings of some hearings in courts may have been obtained between November 1 and December 21, 2023. It is possible that some hearings before November 1 may also be affected.
CSV did not specify who it believes is behind the attack, but sources are speaking ABC News Report that the Killin ransomware gang carried out the hack.
It said CSV took immediate action to isolate and disable the affected networks and made arrangements to ensure continued operations in the courts. As a result, the hearing will proceed in January.
CSV is working with authorities and cyber security experts
CSV has informed the relevant authorities about the incident, including Victoria Police, whose cyber crime squad is investigating. “We are working closely with cyber security experts at the Victorian Department of Government Services. We have also received support from IDCARE, Australia’s national identity and cyber support community service,” CSV said.
The courts are informing the parties whose hearing may be affected. “CSV is not currently aware of any recordings being released, but will notify the relevant authorities if this happens. Maintaining the safety of court users is our top priority and we understand the distress this incident has caused and apologize.”
What is Qilin Ransomware Group?
Qilyn is a Ransomware-as-a-Service (RaaS) affiliate program that uses Rust-based ransomware to target its victims. Killin’s operators use a double extortion technique, meaning they extort the victim’s sensitive data in addition to encrypting it. They then demand payment for the decryptor and non-release of the stolen data even after the ransom has been paid. Cybersecurity firm Group-IB wrote that the Quillin ransomware has various encryption modes, all of which are controlled by the operator.
Read: How ransomware extortion is evolving
Killin is known to target its victims via phishing emails that contain malicious links to gain a foothold in the victim’s network and exfiltrate sensitive data. Once the killin completes initial access, they typically move further into the victim’s infrastructure, searching for the data they need to encrypt.
