{ "id": "266b7880-f08d-4c4b-8263-5ab270d04b31", "created_at": "2026-04-06T00:21:53.674094Z", "updated_at": "2026-04-10T03:29:39.890191Z", "deleted_at": null, "sha1_hash": "802007237bc6d2c3009a4f4e36a72002d7713bdb", "title": "Australian Law Firm Hack Affected 65 Government Agencies", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 108305, "plain_text": "Australian Law Firm Hack Affected 65 Government Agencies\r\nBy Mihir Bagwe\r\nArchived: 2026-04-05 20:16:02 UTC\r\nFraud Management \u0026 Cybercrime , Geo-Specific , Ransomware\r\nAustralian Federal Police, Department of Home Affairs Reportedly Among the Victims (MihirBagwe) •\r\nSeptember 18, 2023    \r\nImage: Shutterstock\r\nAn April ransomware attack against one of Australia's largest law firms swept up the data of 65 Australian\r\ngovernment agencies, the country's newly appointed national cybersecurity coordinator said Monday.\r\nSee Also: OnDemand | North Korea's Secret IT Army and How to Combat It\r\nThe Russian-speaking Alphv hacking group - also known as BlackCat - claimed responsibility earlier this year for\r\nhacking HWL Ebsworth, publishing in late May what it said was 1.45 gigabytes of stolen law firm data. HWL\r\nEbsworth in June acknowledged the hack and said it had obtained a court injunction against further dissemination\r\nof confidential firm data.\r\nIn a Monday announcement, Air Marshal Darren Goldie, the first person to occupy the position of national\r\ncybersecurity coordinator, said a 16-week-long investigation had revealed that data from dozens of Australian\r\ngovernment entities was caught up in the attack. A \"large number\" of private sector clients of the law firm were\r\nalso affected, Goldie said.\r\nhttps://www.bankinfosecurity.com/australian-law-firm-hack-affected-65-government-agencies-a-23110\r\nPage 1 of 2\n\n\"I stress that these agencies were clients of HWL Ebsworth and did not suffer a cyber incident themselves,\" he\r\nsaid. Speaking at a conference Monday, Goldie said the Australian federal police and the Department of Home\r\nAffairs were among the victims of the hack, The Guardian reported.\r\nAlphv is known to target high-profile organizations that hold highly sensitive data. The Australian Cyber Security\r\nCenter in April 2022 released an advisory alerting Australian organizations to be on the lookout for Alphv attacks.\r\nHWL Ebsworth initially learned about the attack as early as April 26, through emails initially classified as spam.\r\nIn one email from a sender claiming to be part of Alphv, a managing partner was urged to connect and warned not\r\nto contact authorities, according to court documents obtained by the Australian Financial Review. Alphv\r\ndemanded an extortion payment of AU$4.6 million, the paper reported.\r\nOn May 8, the law firm informed the Office of the Australian Information Commissioner about the incident.\r\nSource: https://www.bankinfosecurity.com/australian-law-firm-hack-affected-65-government-agencies-a-23110\r\nhttps://www.bankinfosecurity.com/australian-law-firm-hack-affected-65-government-agencies-a-23110\r\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://www.bankinfosecurity.com/australian-law-firm-hack-affected-65-government-agencies-a-23110" ], "report_names": [ "australian-law-firm-hack-affected-65-government-agencies-a-23110" ], "threat_actors": [ { "id": "6e23ce43-e1ab-46e3-9f80-76fccf77682b", "created_at": "2022-10-25T16:07:23.303713Z", "updated_at": "2026-04-10T02:00:04.530417Z", "deleted_at": null, "main_name": "ALPHV", "aliases": [ "ALPHV", "ALPHVM", "Ambitious Scorpius", "BlackCat Gang", "UNC4466" ], "source_name": "ETDA:ALPHV", "tools": [ "ALPHV", "ALPHVM", "BlackCat", "GO Simple Tunnel", "GOST", "Impacket", "LaZagne", "MEGAsync", "Mimikatz", "Munchkin", "Noberus", "PsExec", "Remcom", "RemoteCommandExecution", "WebBrowserPassView" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434913, "ts_updated_at": 1775791779, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/802007237bc6d2c3009a4f4e36a72002d7713bdb.pdf", "text": "https://archive.orkl.eu/802007237bc6d2c3009a4f4e36a72002d7713bdb.txt", "img": "https://archive.orkl.eu/802007237bc6d2c3009a4f4e36a72002d7713bdb.jpg" } }