Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Threat actors have allegedly breached a Sydney-based real estate agency, claiming to have exfiltrated data belonging to both agents and tenants.
The Property Business Australia is a real estate business specialising in corporate and executive rentals. The company said it works alongside “exclusive corporate clients, including relocation agencies, human resource departments, apartment services, government agencies and the consular industry”.
The Property Business was listed on the dark web leak site of the Kairos ransomware gang overnight (16 September), with claims that data had been exfiltrated and that it would be released in a week’s time.
While Kairos did not give details of the breach, nor list what data was impacted, the group posted a sample containing scans of tenancy agreements, salary increase documentation, partial credit card scans, and the passport and license scans of both tenants and agents.
Within this are full names, birth dates and locations, credit card numbers, tenancy agreement details such as the length of time spent at an address, signatures and more.
Many details in the sample have been censored by the threat actors, but include addresses, phone numbers, email addresses and additional credit card information like expiry dates.
Cyber Daily has reached out to The Property Business Australia, which declined to comment on the matter.
Kairos is a relative newcomer to the ransomware space, posting its first tranche of six victims on 13 November 2024. Since then, it has listed eight more victims, including Austin’s Financial Solutions.
According to threat intelligence firm CYJAX, Kairos is active on several Russian-language hacking forums and does not appear to be linked to other hacking groups. The group also provides some information on its operations on its leak site. According to Kairos, victims are initially given seven days to respond to its demands, and once that deadline is passed, the gang publishes its initial leak post.
Once that deadline passes, Kairos will publish the stolen data.
“If the situation remains unresolved after seven days, we will notify your partners, competitors, and customers and then publish your data in full,” Kairos said on its Rules page.
“This could lead to legal actions, termination of contracts, reputational damage, stock value drops, and potential closure of your organisation.”
The group’s ransom note said Kairos is not politically motivated and only seeks financial gain.
“The PUBLICATION of THIS DATA will lead to DISASTROUS CONSEQUENCES for your business,” the note said.
“We will also attack your partners and suppliers using info obtained from your network.
“It can lead to legal actions against you for data breaches.
“If you will not contact us in a timely manner we will start notifying your employees, clients, partners, subcontractors and any other persons that should know how you treat your own corporate secrets and theirs.”
Be the first to hear the latest developments in the cyber industry.
