cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Cuba ransomware gang claims Port Adelaide FC hack

Gang claims to post data on leak site for free but deletes the post the next day.

user icon David Hollingworth
Thu, 16 Nov 2023
Cuba ransomware gang claims Port Adelaide FC hack
expand image

A ransomware operator with possible Russian links has claimed to have exfiltrated data belonging to the Port Adelaide AFL club.

The Cuba ransomware gang made the claim on 7 November, posting on its leak site that it had “financial documents, correspondence with bank employees, account movements, balance sheets, tax documents, compensation, source code”.

Included in the post was a link to the gang’s online repository, where data from many of its victims is hosted for download.


As of today, however, the post has been deleted, while other leaks remain online. Similarly strange is that Cuba uses that same description of exfiltrated data on all its leak posts, making it difficult to determine the validity of the original claim.

In the meantime, Port Adelaide is investigating the incident.

“The Port Adelaide Football Club has become aware of claims made online that a third party has obtained some data from our internal IT environment,” a club spokesperson said in a statement shared with Cyber Daily.

“The club is investigating these claims as a priority, but importantly can confirm that membership data is hosted on an external, separate system to our internal IT network.

“Following initial detection of this claim, the club immediately engaged external cyber security experts to facilitate the ongoing investigation.”

In a separate statement on its website, the club recommends that members remain vigilant nonetheless.

“In light of these recent claims, we recommend all our members remain vigilant against the potential risk of receiving phishing or other scam communications from any parties claiming to be from Port Adelaide Football Club,” the statement said. “Please do not respond to any email, telephone or social media communications that seem suspicious, and report it to [email protected].”

Who is Cuba?

The Cuba ransomware gang began operating in 2019 and had an impressive year in 2022 when it collected more than US$60 million in ransoms. It was even the subject of a specific flash alert from the FBI and CISA.

While the gang’s leak site features prominent Cuban imagery, security researchers believe the gang may be made up, at least in part, of Russian-speaking individuals. It’s also thought to have links to RomCom and Industrial Spy, two other ransomware gangs.

Cuba typically relies on big game hunting techniques to pick its targets, usually going after specific high-profile targets like financial services companies and healthcare organisations, as well as government agencies.

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

cd intro podcast

Introducing Cyber Daily, the new name for Cyber Security Connect

Click here to learn all about it
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.