The Albanese government has established a crisis group in response to fears Commonwealth data may have been stolen in a Russia-linked hack against law firm HWL Ebsworth.
In what is being dubbed one of Australia's most prominent hacks, government officials are responding on high alert to reported data theft at the hands of prominent Russia-linked ransom gang BlackCat, also known as AlphV.
The gang revealed it had stolen four terabytes of data during its originating April hack at law firm HWL Ebsworth (HWL) – which has tens of millions of dollars in contracts across at least 40 government departments and agencies.
Information on the Albanese government's new crisis group is scant, but it is reportedly examining what Commonwealth data has been stolen as a result of the hack.
Among those agencies feared to have been caught up in the hack are the Australian Federal Police, the Australian Taxation Office, the Department of Defence, and Home Affairs.
The Defence Department has attracted particular concern after the hackers published an alleged online leak of monthly reports pertaining to defence matters.
"They're attacking organisations all over the West, so Australia hasn't been singled out," RMIT Professor of Cyber Security Matt Warren told 7News.
"If these criminal gangs do have access to defence information, it does raise questions on what information would a law firm actually have," he added.
According to The Australian, the Russia-linked hackers tied to the attack have obtained government files apparently related to the top-secret missile testing site in Woomera, as well as the navy’s attack helicopter replacement project and Australia's recently enhanced engagement in the Indo-Pacific.
Furthermore, two agencies have explicitly confirmed data loss as a result of the attack – the NDIS Quality and Safeguards Commission and the Office of the Australian Information Commissioner (OAIC).
"There are terrorism and other threats facing Australia, and foreign actors are launching cyber attacks against our country and agencies and businesses within it regularly," said Shadow Minister for Government Services and the Digital Economy, Paul Fletcher, on Thursday.
"Just today, we learned about the Office of the Australian Information Commissioner having had its own data accessed by hackers."
While government devices were not directly infiltrated, hackers are said to have accessed information provided to HWL by government agencies.
Meanwhile, the law firm has obtained an injunction from the Supreme Court of NSW aimed at preventing hackers from disclosing stolen information, but also preventing media from reporting details about the data.
HWL said it understood and acknowledged "the impact that this issue has had on all affected clients and we have maintained close contact with them”, and that it was working with the Australian Cyber Security Centre, the Office of the Australian Information Commissioner, and "all relevant government authorities and law enforcement."
Coalition pushes for action
The Coalition said it was "deeply concerned" by the reported government data theft, and urged the Albanese Government to take action.
"The Albanese Government must take every action necessary to secure the compromised data," said Shadow Minister for Cyber Security James Paterson.
"This requires complete transparency about what data has been stolen, the implications of the breach and measures being undertaken to inform and support affected third parties."
Prime Minister Anthony Albanese's responses have drawn ire for appearing tight-lipped and downplaying the hack as a "technical incident", but he did offer assurance that appropriate procedures are being followed.
"What I can say is that the Federal Government has been on the ground since day one at HWL Ebsworth," said Albanese.
"My government has established a proper system, a cyber incident response function, which is a multi-agency response," he added.
"I want to make it clear that this is not an attack on Defence ICT. It's an important thing for people to understand."
Meanwhile, the Coalition noted the Albanese government was yet to exercise its powers to "sanction individuals who engage in egregious, offensive cyber activity against Australia."
"Malicious cyber activity of this nature and scale cannot go unaccounted," said Paterson.
