The external provider affected in the ransomware attack on ForceNet, a service used by the Australian Department of Defence, is ICEMEDIA, a company owned by the IT services company Dialog Information Technology which is itself owned by Singtel.
As iTWire reported, Dialog was hit by an attack which used the Agenda ransomware that runs only on Windows. The group behind the attack announced it on the dark web on 19 September.
According to the company’s website, ICEMEDIA recently launched an app for ForceNet. ICEMEDIA’s parent, Dialog Information Technology, was listed by a ransomware operation called Qilin last month. 1/3 pic.twitter.com/1DeH0XtuY6
— Brett Callow (@BrettCallow) October 31, 2022
The defence department has been contacted for comment. The ABC quoted Defence Personnel Minister Matt Keogh as saying ForceNet held up to 40,000 records.
Emsisoft threat researcher Brett Callow tweeted on Monday that ICEMEDIA had recently launched an app for ForceNet.
|
“ICEMEDIA’s parent, Dialog Information Technology, was listed by a ransomware operation called Qilin last month,” he said, adding that Qilin was also known as Agenda.
Among Dialog’s other customers in Australia are the NSW Electoral Commission, the Department of Human Services, Queensland Health, Virgin Australia, NAB, Suncorp, Alfred Health, University of Tasmania, and Rio Tinto. The company was bought by Singtel in April for $325 million and employs more than a thousand IT specialists.
ForceNet’s DNS records refer to Dialog. 2/3 pic.twitter.com/g4jxd4FBWm
— Brett Callow (@BrettCallow) October 31, 2022
Apart from Defence, ICEMEDIA lists the Australian Taxation Office, the Digital Transformation Agency, Transport NSW and the Local Government Association of Queensland as clients.
Callow also provided a graphic showing that ForceNet’s DNS record referred to Dialog.
Of itself ICEMEDIA says: “[We are] a leading Australian Digital Services agency that provides the full spectrum of digital services. We work with leading government organisations at all levels and corporate organisations to support them in implementing digital solutions to transform the way they interact with their customers and business processes.
The announcement on the dark web about the Dialog breach.
“We work with leading open source and enterprise level web content management systems such as Drupal, Kentico, Umbraco, GovCMS, Sitecore and SharePoint to solve our clients’ business challenges through digital solutions that simply work.
“We offer a potent mix of strategic, creative and technical skills, all under the one roof. Our team’s collective industry experience, creative problem solving abilities and capabilities with the latest information technologies and management practices stand behind our reputation for excellence.”
A defence spokesperson said: “Defence has recently been informed a 2018 ForceNet dataset (the dataset), containing personal information of current and former Australian Defence Force Members (ADF) and Australian Public Servants (APS), may have been part of a ransomware attack on an external ICT service provider (the provider).
“This is not an attack on Defence ICT or the ForceNet application.
“Defence is taking this matter very seriously and is working with the provider to determine the extent of the attack.
“Initial discussions with the service provider indicate there is no evidence that the data of current and former APS staff and ADF personnel has been compromised.
“Defence is examining the contents of the 2018 ForceNet dataset and what personal information it contains.”
Australia has recently witnessed nine data breaches in a little over a month, these being at Optus, Telstra, G4S, Costa Group, Dialog, MyDeal, EnergyAustralia, Medibank Group and Medlab.
Read More: news.google.com