The Vice Society ransomware group today claimed responsibility for a December 2022 attack on an Australian state fire department that led to a widespread IT outage. Fire Rescue Victoria warned current and former employees and job applicants of data leak.
Vice Society did not share many details about the leak or its negotiations with the fire department, it released a data set as proof of its claims. The leaked data includes budget documents, job applications and other sensitive information.
The Fire Rescue Victoria, which operates 85 fire stations in Melbourne and surrounding areas, also informed the Office of the Australian Information Commissioner of a possible data breach and is currently analysing the data set shared by the threat actors on the dark web.
The analysis is a complex task, but the fire department has engaged unnamed cybersecurity specialists and will provide further information as it becomes available. Since the mid-December outage, the FRV has reinstated several systems, including access to telephone and email, but the overall IT infrastructure is not fully operational. Daily operations continue using offline resources such as dispatch crews, mobile phones, pagers, and radios.
The fire department cautioned citizens not to download the data set from the dark web. Buying stolen credentials is a crime, punishable by up to 10 years in prison.
Attack timeline
- On Dec.15, 2022, FRV said that firefighting crews and trucks remained operational to incident response and that community safety was not compromised.
- On Dec. 24, the FRV was able to recover some affected systems including phones with the help of external cybersecurity experts and Australian state and federal government partners.
- On Jan. 6, FRV notified the OAIC of a possible data breach stemming from Dec. 15 cyberattack. It said that the attack affected several FRV’s internal servers including the email system and it was reasonable to believe that personal information may have been accessed or stolen, in the process.
