“We’ve found 191 Australian organisations affected by the ZircoDATA hacks,” said Sameer Pradhan, cybersecurity manager of Risk Associates who also works with Cyble.
The federal government’s National Cyber Security Co-ordinator revealed late on Friday that the breach had affected government entities that were ZircoDATA clients, but said they was still working with the company to identify impacted data, so were yet to notify all those affected.
On Saturday, the Department of Home Affairs could not confirm who was responsible for the hacks or which government agencies had been affected, saying it was still investigating.
The CSIRO told this masthead that it was a client of ZircoDATA, but it hadn’t been notified of any exposure through the breach. It said the company did not have access to its research because it was used only “for hardcopy file transfer and disposal”.
The Australian Pesticides and Veterinary Medicines Authority, also listed by ZircoDATA as a client, did not respond to questions.
Loading
A report by cybersecurity researchers last year found Black Basta, which emerged in 2022, has the fourth most active strain of ransomware online, and one of the most lucractive, with much of its revenue laundered through the sanctioned Russian cyrptocurrency exchange, Garantex.
“Since Australia started supporting Ukraine in its fight [against Russia’s invasion], we’ve seen attacks by Russian hacking gangs increase on companies here,” Barman said.
Russian cyber gangs often work with direct or indirect support of the Kremlin, but experts said it was too early to call the ZircoDATA breach state-sponsored.
Melbourne Polytechnic also revealed on Friday that enrolment details of about 60,000 current and former students had been snared from ZircoDATA, but the information taken was considered low risk and limited to names, student ID numbers, dates of birth and addresses.
Loading
ZircoDATA did not respond to requests for comment. In February, it released a statement saying it had discovered a hack, which it had worked “to contain” and reported to authorities.
Monash Health chief executive Professor Eugine Yafele said on Friday he was deeply sorry about the breach, which did not affect Monash’s internal systems.
The National Cybersecurity Co-ordinator called the disclosure of private details about sexual violence and assault victims “distressing”.