The Cross City Tunnel in Australia has allegedly been attacked by the notorious LockBit ransomware gang, in a stream of 24 victims on 24 hours since June 5.
The threat actor has shared a post on their dark web website stating that the stolen files will be published on 26 June 2023 at 10:44:46 (UTC).
The deadline is intended for the authorities to pay the ransom amount before the files while the threat actor takes over the data. This is the 24th attack being announced by the LockBit ransomware group in 24 hours, making it one of the fastest attack sprees by an online hacker group.
Other victims in the crime spree include Pittsburg Unified School District, Dalvíkurbyggð, a municipality in Iceland, Newark Academy in Livingston, New Jersey, and a healthcare center in Fredericksburg, Virginia.
Security researcher Dominic Alvieri shared the information on the alleged tunnel breach on Twitter on June 7, followed by posts from other cybersecurity entities trailing the attack pattern created by the LockBit ransomware gang.
Responding to Alvieri’s Tweet, several users posted comments on the post, sharing their views on the alleged breach spree.
One of the users named vk2tds posted a comment stating, “It will be interesting to see what systems have been attacked, be it admin PCs or back end and SCADA. If the latter, this is VERY serious, and IMHO could have issues with regard to safety systems.”
The “first ever” tunnel service to be breached
According to Alvieri, the Cross City Tunnel in Australia is the first tunnel service to be breached. The Cyber Express has reached out to Cross City Tunnel in Australia to confirm the cyber attack.
However, at the time of writing this, no official response has been received, leaving the attack claims unverified.
As for the remaining victims, cybercrime analyst, VX-Underground, posted on Twitter that the Lockbit ransomware group has listed 23 victims in their latest cyber attack, which aligns with the pattern shared by Alvieri’s Tweet.
Apart from this confusing saga of 24 alleged cyber attacks in 24 hours including the Cross City Tunnel, Australia has found itself steering on the edge of a “dystopian future” as digitally interconnected cities become increasingly vulnerable to malicious interference.
Highlighting the severity of the increasing number of cyber attacks in the country, Australia cybersecurity minister Clare O’Neil cautioned earlier that the recent data breaches in Medibank, Optus, and Latitude were merely the tip of the iceberg in terms of cyber threats looming over Australia.
With critical infrastructure under threat, the minister for home affairs and cybersecurity has taken a decisive step by launching a series of exercises aimed at bolstering the country’s ability to respond effectively to attacks on these vital systems.
The list of recent victims is a testament to the growing menace of hackers in Australia.
- Latitude – March 2023 (compromised data of 14 million customers)
- Optus – September 2022 (impacted 9.8 million customers)
- Medibank – December 2022 (details of 9.7 million people compromised)
While these attacks have had far-reaching implications, the Australia tunnel breach and other attacks in the last 24 hours pose a unique set of challenges and potential dangers.
Cybersecurity researchers and threat intelligence services are closely monitoring the threat actors’ posts as the last victim; Newark Academy marks the number 24 on the LockBit ransomware gang’s victim list.
The LOCKBIT ransomware group has evolved over the years, especially since the LOCKBIT Black or LOCKBIT 3.0 builder was leaked at the end of 2022.
“As reported earlier in February 2023, The LOCKBIT ransomware operation has recently progressed to a new version, referred to as “LOCKBIT Green”, the fourth iteration of their ransomware. It uses an encryptor that has been derived from the leaked source code of the Conti ransomware,” said a Cyble report.