Ransomware leaks data on dark web of Crown Resorts


The ransomware gang which is behind a string of cyberattacks affecting the likes of Rio Tinto and the Tasmanian government has recently leaked more data onto the dark web related to Australia’s largest gaming and entertainment group – Crown Resorts. Last week, Crown Resorts revealed it was investigating a potential data breach stemming from a third-party incident at the file transfer service GoAnywhere.

Spokesperson of Crown Resorts told media, it was contacted by a ransomware group which claimed to have illegally obtained a limited number of Crown files.

According to a Crown Resorts spokesperson, the company was contacted by a ransomware group which claimed to have “illegally obtained a limited number of Crown files”.

“We can confirm no customer data has been compromised and our business operations have not been impacted”, the spokesman said.

“We are continuing to work with law enforcement and have notified our gaming regulators as part of the ongoing investigation and will provide relevant updates, as necessary”.

It comes as Australian fintech company Latitude Financial Services revealed it had identified 14 million customer details had been stolen in a hack two weeks ago.

CyberCX Chief strategy officer Alastair MacGibbon – who has been advising Latitude on the hack – said Australia needs to adapt to get on top of what is becoming a “daily” occurrence.

“When I speak to crowds of people, I get them to put their hands up if they were affected by Optus and Medicare,” MacGibbon told the Today show.

After a week of near-silence from the gambling conglomerate, a collection of highly sensitive data may have been dumped onto a dark web blog.

Ransom gang Cl0p’s dark web blog displayed a sample of data said to include employee salary information and reports from casino slot machines.

According to the post, the allegedly stolen data contains information on “how much played” and “how much won/lost” from casino slot machines – the post also mentioned “player ID” values, though it is unclear whether any players are actually identifiable.

Furthermore, the Russia-linked hacker group claims to have stolen and leaked some highly sensitive security files from the gaming and entertainment giant – those being KNX files, which are typically used in commercial building automation to manage things like lighting, air conditioning, energy management and security systems; and PGP files, which are widely used for encryption and authentication purposes.

The dark web post surfaced, alongside a caption from Cl0p reading “the company doesn’t care about its customers, it ignored their security!!!”

While a Crown Resorts spokesperson initially reported no customer data had been compromised, the company released an update on Wednesday confirming some files have been released on the dark web.

“Today we can confirm that a small number of files have been released on the dark web, including employee time and attendance records and some membership numbers from Crown Sydney”, a spokesperson said.

“We can confirm that no personal information of customers has been compromised as part of this breach.

“We are proactively notifying all impacted individuals and are updating membership numbers of those affected out of an abundance of caution”.

Cl0p’s recent attacks stem from a zero-day vulnerability found in file transfer software GoAnywhere.

While the vulnerability was eventually patched on February 7, 2023, the Cl0p group claims it has stolen data from more than 130 organizations – including mining giant Rio Tinto and the Tasmanian government – after exploiting the bug.

Tasmanian government says bank account details at risk

The Tasmanian government, which relies on GoAnywhere as a third-party file transfer service, has discovered sensitive financial data including names, addresses, invoices and bank account numbers may have been accessed in a developing cyber security breach.

For over a week, the Tasmanian government has been investigating a security incident which may have resulted in the loss of government-held data.

Technology Minister Madeleine Ogilvie indicated no government-held data appeared to have been compromised in Cl0p’s hack of the third-party service.

In an update, however, Ogilvie said investigations had found a risk that financial data held by the Department for Education, Children and Young People had been accessed.

“I understand reports such as this may cause concern in the community”, she said.

“That’s why we will continue to keep the Tasmanian community updated and advise where support can be accessed”.

Ogilvie stressed there was “no confirmation” that the information had been stolen, and further emphasized “no Tasmanian government IT systems have been hacked”.

She also advised Tasmanians to regularly check their bank accounts, and pointed those with potential concerns to their financial provider or the Australian Cyber Security Centre, which is now handling the ongoing investigation.


Please enter your comment!
Please enter your name here