Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Threat actors have claimed a cyber attack on a South Australian wine freight and logistics firm, claiming to have stolen both customer and business data.
Established in 2004, WineWorks Australia is a freight and logistics company servicing the booming South Australian wine industry, with temperature-controlled warehouses and solutions that allow wine to be transported to its destination “in the same condition that your winemaker intended”.
On 25 August, the company was listed on the dark web leak site of the Dire Wolf ransomware gang, which claimed to have exfiltrated 22 gigabytes of data, including customer information, sales data and financial data.
Dire Wolf also posted a link to a list of exfiltrated files and said it would “publish all documents” by 10 September.
According to the file list, data includes log-in passwords, vehicle service histories, licenses, wine-picking slips and many other business documents, the contents of which are unknown.
Cyber Daily has reached out to WineWorks Australia and is awaiting a statement.
Dire Wolf is a relative newcomer to the ransomware space, first appearing in May when it listed six victims at once, including the Legal Practice Board of Western Australia.
In a post on 26 May, the group claimed to have exfiltrated 300 GB of data, including limited contact details and correspondence and bank account information.
Within the post, the hackers shared some details of the data exfiltrated; however, due to an injunction, Cyber Daily is unable to report on the contents of what has been published.
Alongside links to sample data, Dire Wolf has published its intended timeline for publishing the dataset. Sample data was published on 26 May, and the gang planned to publish half the files on 15 June, with the remaining on 30 June.
The Legal Practice Board of Western Australia confirmed it is aware of the actor’s claims.
“The Legal Practice Board (the board) is currently investigating a cyber incident which has resulted in some of its systems being taken offline, including the board’s online services,” a spokesperson for the board told Cyber Daily.
“The board is working to restore access to systems as soon as possible and has implemented manual workarounds to ensure that we can continue to deliver key services, including processing applications and renewals for Australian practising certificates. We apologise for any inconvenience caused while this work is underway.
“We are also investigating the nature and extent of this incident as a priority, with support from external experts.”
According to the board, limited correspondence and contact details have already been disclosed by the incident, including operational and resourcing information. “Bank account details for the board and some legal practices” have also been compromised.
“We would like to assure our stakeholders that we have not detected any impact to sensitive information at this time. We will provide further updates as we know more,” the spokesperson said.
Be the first to hear the latest developments in the cyber industry.
