cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Sydney’s Cross City Tunnel attacked by Russian state-sponsored hackers

An attack on Australian critical infrastructure has been launched by Russian-state backed hackers, with the operator of Sydney’s Cross City Tunnel reporting that it had been sent ransomware demands.

user icon Daniel Croft
Wed, 14 Jun 2023
Sydney's Cross City Tunnel attacked by Russian state-sponsored hackers
expand image

It is believed that the Kremlin-backed hacking gang Lockbit breached the systems of a previous Cross City Tunnel operator by hacking a legacy computing and data storage system. The data, which includes invoices and consultants’ notes, date between 2008 and 2013.

The current operator, Transurban, took over the road in 2014. It is also the owner or part owner of several other major toll roads across the country including Sydney’s M2, M5, M7 and more, as well as roads in the US and Canada.

According to a Transurban spokesperson, the attack will not affect the operations of the road and the 35,000 motorists that use it every day.


“The Cross City Tunnel’s business operations are unaffected, and the road continues to operate as normal,” said the company.

The spokesperson went on to reaffirm that the data that was stolen belonged to a previous third-party service provider and that current customers of Transurban’s Linkt tolling brand are not at risk.

“Linkt customer services and data, including websites and apps, have not been impacted and customers do not need to take any action.”

Despite this, Lockbit has given Transurban a deadline of 26 June to meet ransom demands. It is currently not known how many people will be affected, nor what the ransom demands entail.

Critical infrastructure attacks like this are expected to grow in frequency and volume in Australia and around the world.

According to the Australian Cyber Security Centre (ACSC), approximately 8 per cent of all cyber incidents (95 cases) that it responded to related to critical infrastructure.

While the ACSC implemented a number of amendments to the Security of Critical Infrastructure Act 2018 in April last year, concerns of hackers creating a “dystopian future” in which entire structures and cities are held to ransom have been raised by Home Affairs and Cyber Security Minister Claire O’Neil.

“[A future where] our interconnected cities are held hostage through interference in everything from traffic lights to surgery schedules,” Minister O’Neil said last month.

Regional director for ANZ at Claroty, Leon Poggioli says that cases like the Cross City Tunnel hack prove that now more than ever amid the Russia/Ukraine conflict, cyber-attacks against critical infrastructure are likely to reap havoc and create risks to public health as well as causing disruption.

“People are more and more becoming aware that every piece of critical infrastructure in Australia is a potential target for a cyberattack, whether it’s our power grid, hospitals, transport networks, water utilities or more.

"Critical infrastructure often eludes the public’s attention as a major source of cyber risk, yet the impact of a breach of these systems has the potential to impact human life.

"We see hackers are getting more creative and sophisticated with their attack methods, and the consequences can be far reaching.

"In this instance, the attack appears to be a simple case of extortion but future incidents could disrupt essential services, and cause severe impact to public safety.”

Lockbit, which has a trend of targeting critical infrastructure — having brought the British Royal Mail’s worldwide distribution network to its knees months ago, extorting $200 million from victims — says that it plays on the distrust, fear, and anger of the West towards Russia.

“We benefit from the hostile attitude of the West.

“It allows us to conduct such an aggressive business and operate freely within the borders of the former Soviet countries.”

According to Ben Gestier, senior analyst at Flashpoint, formerly of the Australian Federal Police (AFP) and the Australian Defence Force (ADF), critical infrastructure attacks on Australia are set to grow, with “Flashpoint analysts [observing in the last four months] Lockbit as having the highest number of victim posts by [a] ransomer, including May with a total of 96 victim posts that shows without question that critical infrastructure is being targeted.”

Comments powered by CComment

cd intro podcast

Introducing Cyber Daily, the new name for Cyber Security Connect

Click here to learn all about it
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.