Russia-linked group could be behind Australian state court cyber attack

Ransomware stock image featuring a digitized red padlock with binary code in background
(Image credit: Getty Images)

Australia’s Victoria State court system suffered a ransomware attack affecting a database storing recordings of the court’s proceedings, officials have confirmed.

Hackers were able to access the database between 1 November and 1 December 2023. The attack also disrupted the audio-visual technology used in the state’s court system process, including the live transcription and recording services.

A statement from the CEO at Court Services Victoria (CSV) clarified the unauthorized access was limited to recordings stored on the network, and no other data such as employee or financial information was exposed.

“CSV took immediate action to isolate and disable the affected network and to put in place arrangements to ensure continued operations across the courts. As a result, hearings in January will be proceeding.”

The CSV is currently in the process of notifying individuals whose appearances in court were accessed during the attack and has set up a contact center for those affected.

The breach appears to be a double extortion attack, with court staff receiving messages laying out instructions on how they can recover the files.

An independent cyber security expert told local news outlet ABC the court was likely the victim of a Russian hacking group using the Qilin ransomware strain.

Australia facing elevated cyber risk

This latest attack follows a highly challenging 12 months for Australian organizations amid a period of heightened security threats. The Australian government’s annual ‘Cyber Threat Report’ found the country saw an increase in malicious cyber activity over the period between 2022 and 2023. 

In this timeframe the Australian Signals Directorate (ASD) received over 33,000 calls to its cyber security hotline, an increase of 32% from 2021-22. 

The ASD also received over 94,000 reports of cybercrime in the same period, an increase of 23%, which works out to one report being made every 6 minutes.

Ransomware accounted for the largest portion of the attacks, making up over 10% of the more than 1,100 cyber security incidents the ASD responded to across 2021-22.

The report highlighted threat actors are increasingly focused on critical infrastructure and how the interconnected nature of these systems provides opportunities for malicious agents to employ ‘living-off-the-land’ techniques.


Whitepaper cover with title over image of colleagues chatting in an office with red circular digital icons around them

(Image credit: Zscaler)

Discover how you can stop attackers with a zero trust strategy


DP World Australia, one the country’s largest port operators managing around 40% of goods coming in and out of the country, had to suspend operations for three days after a cyber incident in November 2023.

Australia’s Deputy Prime Minister and Minister for Defence Richard Marles, noted the region’s wider geopolitical climate of competition and that this will influence the threat landscape moving forward.

“Australia’s region, the Indo-Pacific, is also now seeing growing competition on multiple levels – economic, military, strategic and diplomatic – framed by competing values and narratives.”

“In this context, Australian governments, critical infrastructure, businesses and households continue to be the target of malicious cyber actors. This report illustrates that both state and non-state actors continue to show the intent and capability to compromise Australia’s networks. 

Solomon Klappholz
Staff Writer

Solomon Klappholz is a Staff Writer at ITPro. He has experience writing about the technologies that facilitate industrial manufacturing which led to him developing a particular interest in IT regulation, industrial infrastructure applications, and machine learning.