Australian financial institution Firstmac recently fell victim to a cyber attack, suspected to be a ransomware variant. The Brisbane-based mortgage firm was targeted by the Embargo ransomware group, which encrypted its servers on April 30th, 2024, and exfiltrated approximately 500GB of sensitive data, including names, addresses, email credentials, and bank details.
Despite the demands of the hackers, Firstmac chose not to comply, prompting the ransomware gang to leak the stolen information onto the dark web on May 8th, 2024. Subsequently, the data fell into the hands of a third party willing to pay a hefty sum for access.
In response to the breach, Firstmac released a statement assuring stakeholders that its operations are running smoothly. The affected systems have been isolated, and efforts to recover the compromised data are underway. The company emphasized its commitment to not negotiating with cybercriminals and expressed confidence in its recovery plan.
In a separate incident concerning Europol, a threat actor known as “IntelBroker” has been actively selling stolen details related to the organization since the beginning of the month. The data purportedly includes classified information, with screenshots posted on various platforms, including X, revealing FOUO (For Official Use Only) source code.
IntelBroker is demanding payment in XMR cryptocurrency, known for its privacy features that shield transactions from crypto sensors and ensure anonymity. The accuracy of the stolen data remains unconfirmed by Europol, although the threat actor has also been peddling information related to Five Eyes Intelligence, allegedly stolen from tech provider Acuity.