cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Cactus ransomware gang claims hack of Australian logistics and healthcare firm Peacock Bros

An Australian company has been once again struck by a ransomware gang, this time the family-owned, Victoria-headquartered firm Peacock Bros.

user icon David Hollingworth
Thu, 21 Sep 2023
Cactus ransomware gang claims hack of Australian logistics and healthcare firm Peacock Bros
expand image

The Cactus ransomware group posted limited details of the hack on 19 September, alongside a tranche of other victims, including a UK home furnishing company, a Californian law firm, and a Canadian insurance broker.

Peacock Bros has over “12,000 active customers”, according to its website, and more than 1,000 resellers in Australia, New Zealand, south-east Asia, the US, and Europe. Its clients include TNT, Toll, Amazon, Alfred Health, Coca Cola and more.

“Today, we are one of the largest providers of enterprise mobility and healthcare technology solutions across Australia and New Zealand,” the company said on its website. “Backed by an expert team, we collaborate with over 12,000 customers, providing sustainable and innovative packaging and labelling industry solutions.”

The Cactus group has not shared how much ransom money it is demanding, nor when it plans to publish the data it claims to have if payment is not received.

However, it has shared some material by way of proof of its access to Peacock Bros’ internal networks. It has posted a non-disclosure agreement (NDA) between Peacock Bros and another company, a 2019 land sale contract, an income statement from 2021, and the driver’s licence of a Victorian individual.

The scanned passport of a Colombian national is also included in the proof-of-hack documents. All the documents appear to be legitimate.

Cactus has also not disclosed how much data it has in its possession.

Cactus appears to be a relative newcomer to the ransomware scene. It first appeared in reporting in May 2023, and it appears to have been active since March. The group is known to take advantage of vulnerabilities in Fortinet VPN appliances and uses encryption to protect its ransomware payload from early detection.

Cyber Security Connect has reached out to Peacock Bros for comment. As of writing, there is no notice of the hack on the company’s website.

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

cd intro podcast

Introducing Cyber Daily, the new name for Cyber Security Connect

Click here to learn all about it
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.