Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Threat actors have allegedly breached a Sydney-based real estate agency, claiming to have exfiltrated data belonging to both agents and tenants.
The Property Business Australia is a real estate business specialising and corporate and executive rentals. The company says it works alongside “exclusive corporate clients including relocation agencies, human resource departments, apartment services, government agencies and the consular industry.”
The Property Business was listed on the dark web leak site of the Kairos ransomware gang overnight (September 16), with claims that data had been exfiltrated and that it would be released in a week's time.
While Kairos did not give details of the breach, nor listed what data was impacted, the group posted a sample which contained scans of tenancy agreements, salary increase documentation, partial credit card scans, and the passport and license scans of both tenants and agents.
Within this are full names, birth dates and locations, credit card numbers, tenancy agreement details such as the length of time spent at an address, signatures and more.
Many details in the sample have been censored by the threat actors, but include addresses, phone numbers email addresses and additional credit card information like expiry dates
Cyber Daily has reached to The Property Business Australia, who declined to comment on the matter.
Kairos is a relative newcomer to the ransomware space, posting its first tranche of six victims on 13 November 2024. Since then, it has listed eight more victims, including Austin’s Financial Solutions.
According to threat intelligence firm Cyjax, Kairos is active on several Russian-language hacking forums and does not appear to be linked to other hacking groups. The group also provides some information on its operations on its leak site. According to Kairos, victims are initially given seven days to respond to its demands, and once that deadline is passed, the gang publishes its initial leak post.
Once that deadline passes, Kairos will publish the stolen data.
“If the situation remains unresolved after seven days, we will notify your partners, competitors, and customers and then publish your data in full,” Kairos said on its Rules page.
“This could lead to legal actions, termination of contracts, reputational damage, stock value drops, and potential closure of your organisation.”
The group’s ransom note says that Kairos is not politically motivated, and only seeks financial gain.
“The PUBLICATION of THIS DATA will lead to DISASTROUS CONSEQUENCES for your business,” the note reads.
“We will also attack your partners and suppliers using info obtained from your network
“It can lead to legal actions against you for data breaches.
“If you will not contact us in a timely manner we will start notifying your employees, clients, partners, subcontractors and any other persons that should know how you treat your own corporate secrets and theirs.”
Be the first to hear the latest developments in the cyber industry.
