The Cl0p cyber extortion group has listed a raft of alleged Australian victims on its darknet leak site, listing nine companies linked to a pair of Australian IT service providers.
The companies were listed on 29 January, with Cl0p stating that a page had been created for each victim and that data “will be published soon”.
Each of those newly created pages features the same boilerplate copy that Cl0p always uses ahead of a threatened leak:
“The company doesn’t care about its customers, it ignored their security!!!”
Who are the ‘victims’?
The victims appear to fall into two groups, based on connections to one of the two service providers.
Whole IT, based in Seaford, Victoria, is listed alongside two other Victorian companies, plant and truck hire firm Skye Excavations – which lists Whole IT as its support provider – and trades supplier Roberts Designs.
The rest of the victims are based in Western Australia, and likely linked to IT support firm NextPhaze, which is based in St Georges Terrace, Western Australia. These include skincare company Etto Australia, hospitality providers The Hale Road Tavern and RMW Hospitality Group, project management company the MRA Group, corporate finance firm Ventnor, and the Y Architecture Studio.
Cyber Daily contacted all the companies listed by Cl0p, and though all declined to comment, Cyber Daily understands that the threat actor may be attempting to extort the firms without having compromised any data.
It remains to be seen if Cl0p is bluffing, or if more details of any possible data breaches will be forthcoming.
Who is Cl0p?
Cl0p – also known as Clop – is well known for taking advantage of vulnerabilities in popular third-party software platforms. Most recently, it appeared to be linked to an email campaign sent to company executives claiming it had accessed data on their Oracle E-Business Suite platforms.
“We are CL0P team. If you haven’t heard about us, you can google about us on internet,” an alleged Cl0p spokesperson said in an email published last year by Dark Web Informer.
“We have recently breached your Oracle E-Business Suite application and copied a lot of documents. All the private files and other information are now held on our systems.”
Cl0p’s most recent Australian victim was Sydney-headquartered engineering firm Worley. In total, Cl0p has attempted to extort more than 1,100 victims since it first emerged in March 2020.
David Hollingworth
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.