Court Services Victoria, an independent body that runs court services in Victoria, Australia, has been struck by a ransomware attack, with court recordings allegedly stolen.

Officially described as a “cyber security incident” by CSV, the attack is said to have been detected on Dec. 21 and involved unauthorized access leading to a disruption of the audio-visual in-court technology network. It affected video recordings, audio recordings and transcription services. Immediate action was taken to isolate and disable the affected network and arrangements were put in place to ensure continued operations.

Records of some hearings between Nov. 1 and Dec. 21 may have been accessed, along with some before Nov. 1. No other court records or systems were accessed. CSV is working with cybersecurity experts, has notified relevant authorities and is working on notifying people affected.

While not disclosing the form of attack, the Australian Broadcasting Corp. reported today that staff at CSV were locked out of their computers just before Christmas and had the message “YOU HAVE BEEN PWND” appear on their computers. The message is said to have directed court staff to a text file in which the hackers threatened to publish the stolen records unless a payment was made.

According to a cybersecurity expert referenced by the ABC, Qilin ransomware was used in the attack, with the same expert claiming that this makes the attack Russian in origin. It’s certainly possible the attack was Russian, except for one part: The ransomware is offered on a ransomware-as-a-service basis, meaning that an affiliate is likely to have been behind the attack and the Qilin affiliate could have been from anywhere.

Also known as “Agenda,” Qilin, named after a hooved chimerical creature in Chinese mythology, was first documented by Trend Micro Inc. in August 2022. Initially operating as Go-based ransomware, Qilin switched to using the Rust programming language in December 2022 because of Rust’s evasion detection capabilities and the ability to target a broader range of systems, including Windows, Linux and VMware ESXi servers.

Ransomware attacks using Qilin typically involve the use of phishing emails with malicious links to gain initial access to targets, followed by the encryption and theft of sensitive data using a double extortion model. The group primarily targets entities in critical infrastructure, education and healthcare across various countries, including Australia, Brazil, Canada, Colombia, France, Japan, the Netherlands, Serbia, the U.K. and the U.S.

Photo: Supreme Court of Victoria