Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Australia’s national carrier is actively investigating more than 150 gigabytes of data published online by Scattered Lapsus$ Hunters.
Hours after the hacking group responsible for breaching the data of more than 5 million Qantas customers posted their stolen trove to the internet, the Flying Kangaroo responded to the hackers’ actions.
“Qantas is one of a number of companies globally that has had data released by cyber criminals following a cyber incident in early July, where customer data was stolen via a third-party platform. With the help of specialist cyber security experts, we are investigating what data was part of the release,” Qantas said in an update to its incident advisory on 12 October.
“Through the NSW Supreme Court, we have an ongoing injunction in place to prevent the stolen data being accessed, viewed, released, used, transmitted or published by anyone, including third parties.
“We have also put in place additional security measures, increased training across our teams and strengthened system monitoring and detection since the incident occurred.”
Qantas said that it believes the nature of the compromised data has not changed since it first warned customers of the incident in July. The airline is also continuing to work with the Australian Federal Police, the Australian Cyber Security Centre, and several other government agencies.
Qantas also warned customers to be aware of scammers pretending to represent the airline via email, text messages, or telephone calls, and suggested customers enable two-factor authentication for their personal email and online accounts.
The group behind the hack, Scattered Lapsus$ Hunters, posted what it claims is 153 gigabytes of data consisting of more than 5 million records on the afternoon of 11 October. The data was published to the group’s darknet leak site on the Tor network, but that site appears to have crashed under the load. Soon after, however, the same data was published on a clearnet site.
US and French authorities took down the group’s established clearnet site on 10 October, but the new site is still live as of the time of writing.
Soon after publication, Scattered Lapsus$ Hunters posted a manifesto singling out Australia on its Telegram channel.
“Australia, I really hope for the love of god you’ve learned your lesson this time. When me and shanty dumped Optus a few years back we gave you multiple chances to comply with us. Australia government please get rid of the AFP or revamp the AFP. They are filled with ego and pride, so is the government of Australia itself,” a spokesperson for the group said.
Speaking to Cyber Daily regarding the law enforcement takedown of the group’s previous clear net site, Sophos’ field CISO APJ, Aaron Bugal, said it was merely “one small win in a long game”.
“These cyber criminals talk a big game. They posture, threaten, and demand ransoms. But their bravado doesn’t change the fact that global law enforcement, across agencies with three and four-letter acronyms, is watching – and closing in,” Bugal said.
“Groups like this live fast, but they’re now running out of places to hide. Their relentless disregard for the law and victimising of organisations has brought well-deserved heat. The mission now is clear: sustained disruption, and ultimately, the arrest of those pulling the strings.”
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
