Posted on December 18, 2021 at 5:34 AM
Finite Recruitment has announced that its network was recently breached, as the threat actors downloaded and published a “small subset” of the company’s data on the dark web.
According to the incidence response team of the IT recruitment company, the cyber attack occurred in October but no part of its business operations was affected.
“Our security monitoring systems identified and closed down the threat quickly,” the firm stated, adding that remedial works are in place and the entire business is still functioning normally.
Only A Small Number Of Users Were Affected
Finite Recruitment also stated that investigations into the situation have already started and the security team will contact any individuals or stakeholders that were impacted by the attack. The company also revealed that based on its investigations so far, only a small number of users were affected by the data breach.
Finite Recruitment offers casual support staff to several agencies across the NSW government. The threat actors allegedly responsible for the hacking incident have already listed the firm as one of the victims of the Conti ransomware for purposes of ransomware.
According to the listing, the threat actors claimed to have stolen over 300 GB of data, including customer databases, contacts with employees, mail correspondence, phone numbers, their contracts, financial data, and other details listed on the dark website.
An NSW Department of Customer spokesperson stated that the department has been informed about the hacking incidence and the impact it has had on Finite Recruitment’s IT environment.
However, the spokesperson stated that the incident did not affect any NSW government agencies or any of its services.
This is coming only one week after the South Australian government announced that a ransomware attack on payroll provider Frontier Software affected the state government employee data.
The report claimed that some of the stolen data have already been published online. The data breach affected about 80,000 government employees and 38,000 other employees.
The data, according to the announcement contained the names of the affected users, their home address, tax file number, remuneration, payroll period, employment start date, bank account details, date of birth, as well as payroll-related information.
CS Energy Still Faces Security Issues After Recent Attacks
In another development, Queensland-based energy generator CS Energy has been the subject of attack since November. The company has been dealing with a Conti infection on its computer network. CS Energy announced last week that it’s still in the process of restoring all its networks and systems to normalcy. It added that investigation into the incident is still ongoing and more details will be made available to the public.
On the day of the attack, some reports claimed that China was behind the CS Energy attack. However, the claims seemed to be unfounded after CS Energy appeared on a leak site listing victims of the Conti ransomware attack.
In September, the US Cybersecurity and Infrastructure Security Agency stated that the threat actors responsible for the CS Energy breach uses ransomware-as-a-service tools. However, while other similar groups pay their affiliates a percentage of their ransom payment, they instead pay the ransomware deployers a wage.
Director of cybersecurity at NSA, Rob Joyce, stated that the threat actors have been actively involved in the attack on critical infrastructure.
CS Energy said after discovering the hacking incident, it put layers of separation in place to make sure that other infrastructures are not affected.
The company stated that it has taken further serious action to physically separate the two environments.
CS Energy added that it steadily monitored its systems and currently working with cybersecurity experts as well as relevant agencies to find lasting solutions.
A few days after the hacking incident took place, the power generator informed retail customers that all systems have been restored and billings will resume based on the usual circle.
The company has also had issues this year, although not all are related to a hacking incident. Earlier this year, it reported a fire incident in its turbine hall at Callide power which resulted in outages across Queensland.
More Ransomware Groups Target Energy Companies
Ransomware gangs are increasingly targeting energy distribution companies, and security agencies have asked these firms to boost their cybersecurity infrastructure. Easier this month, it was the turn of Colorado’s Delta-Montrose Electric Association (DMEA), as the firm claimed it lost nearly 25 years of data during the attack. DMEA stated that the attack took down 90% of its internal systems and it’s still recovering from the incident.