cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Victorian court systems allegedly breached by Qilin ransomware gang

Victoria’s courts have been hit by a cyber attack allegedly at the hands of Russia-based hackers.

user icon Daniel Croft
Thu, 04 Jan 2024
Victorian court systems allegedly breached by Qilin ransomware gang
expand image

In a statement released by Court Services Australia, the attack occurred just before Christmas on 8 December and resulted in unauthorised users gaining access to recordings of hearings that occurred over a seven-week period, from 1 November to 21 December 2023.

“On Thursday, 21 December 2023, Court Services Victoria (CSV) was alerted to a cyber security incident impacting Victoria’s courts and tribunals,” wrote Louise Anderson, chief executive officer of Court Services Victoria.

“The cyber incident led to unauthorised access leading to the disruption of the audio-visual in-court technology network, impacting video recordings, audio recordings and transcription services.”


The accessed hearings include those in the Supreme Court, County Court, practice court, Coroners Court, the Court of Appeal’s criminal division, one hearing in the Children’s Court and regional hearings.

CSV added that some recordings pertaining to cases that occurred before 1 November may also be affected, but the access was limited to those recordings stored on its network. Additionally, other data, including financial data and employee details, remains safe.

The attack is believed to have been orchestrated by the Qilin ransomware gang, a Russia-based hacking group that originally launched in August 2022 under the name “Agenda”.

The incident was first discovered by CSV staff when several members were locked out of their devices, the screens of which went black with the simple message “YOU HAVE BEEN PWND.”

CSV has not named Qilin as responsible themselves; however, cyber security expert Robert Potter told ABC News that evidence shows that the attack used Qilin commercial ransomware.

“It’s a double extortion approach,” said Potter.

“They take the data out, and then encrypt it. If you don’t pay, they leak your data, and you will never access it.”

Following the breach, CSV said it immediately locked down the affected network and worked to ensure that court operations could continue. Hearings in January are, therefore, going ahead.

It also has said it is working with cyber security experts from the Victorian Department of Government Services and has alerted relevant authorities of the breach.

“Maintaining security for court users is our highest priority,” said CSV.

“Our current efforts are focused on ensuring our systems are safe and making sure we notify people in hearings where recordings may have been accessed.

“We understand this will be unsettling for those who have been part of a hearing. We recognise and apologise for the distress that this may cause people.”

Those looking for further assistance or information have been encouraged to contact CSV’s newly established Contact Centre. In addition, CSV has partnered with IDCARE for additional support.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.