Share this article on:
The Victorian courts have revealed that the cyber attack it suffered last year was much more substantial than first believed, with the date of the accessed data going back as far as 2016.
On 21 December 2023, Court Services Victoria (CSV) discovered it had been attacked, with the attackers gaining access to recordings of hearings between 1 November and 21 December 2023.
“On Thursday, 21 December 2023, Court Services Victoria (CSV) was alerted to a cyber security incident impacting Victoria’s courts and tribunals,” wrote Louise Anderson, chief executive officer of Court Services Victoria.
“The cyber incident led to unauthorised access leading to the disruption of the audio-visual in-court technology network, impacting video recordings, audio recordings and transcription services.”
CSV has since announced that the recordings accessed by the attackers date far earlier than initially believed, with some regional Supreme Court hearings in the County Court going back as far as 2016.
“The investigation remains ongoing, but CSV can confirm the recordings of some hearings in the Supreme Court, County Court and Coroners Court on the audio-visual system were prior to 1 November 2023,” said CSV in an update.
“At this stage, there is no change to the date ranges for the Magistrates Court and Children’s Court and VCAT remains unaffected.”
Affected hearings in Ballarat go as far back as April 2016, while the rest are from 2023 onwards.
CSV said it discovered the data discrepancy in early January 2024 after further investigation.
“The updated date ranges became apparent from Friday, 5 January 2024, when CSV was able to analyse devices it had disabled on the affected audio-visual network,” added CSV.
“It took time to collect, analyse and verify this detailed and coded information from devices located in courtrooms in Melbourne and around Victoria.”
While CSV has said it is not aware of any cases of the stolen recordings being published anywhere, the attack on the courts has been claimed by the Qilin ransomware gang, a Russia-based hacking group that originally launched in August 2022 under the name “Agenda”.
The incident was first discovered by CSV staff when several members were locked out of their devices, the screens of which went black with the simple message “YOU HAVE BEEN PWND.”
CSV has not named Qilin as responsible; however, cyber security expert Robert Potter told ABC News that evidence shows that the attack used Qilin commercial ransomware.
“It’s a double extortion approach,” said Potter.
“They take the data out, and then encrypt it. If you don’t pay, they leak your data, and you will never access it.”