30 September 2022

6 min read

Optus cyber attack fallout | Cyber Intelligence Briefing: 30 September

Cyber Briefing News


Top news stories this week

  1. Optus under fire. Australian telecoms company faces government and public ire after data leak.

  2. LockBit leak. Developer leaks LockBit’s newest ransomware builder, lowering the barrier to entry for would-be attackers.

  3. Shields up. Ukraine warns of Russian cyber attacks against critical infrastructure, while META tackles Russian disinformation campaign.

  4. Public figures’ data leaked. Ransomware attacks on luxury food company Daylesford Organic and TAP Air Portugal lead to the data of celebrities and politicians being leaked.

  5. Freezing and seizing ransomware payments. New UK bill takes aim at misuse of cryptocurrency.

  6. You’re nicked! Police arrest 17-year-old hacker believed to be behind GTA 6 and Uber breaches.

1. Optus cyber attack fallout

Amid rising public anger, the Australian government has come down hard on telecommunications company Optus after the personal data of 10,000 customers were leaked on the dark web. Cyber security minister Clare O’Neil refuted Optus’ claims that it was the victim of a sophisticated hack, and the Australian Prime Minister has insisted that the company pay for new passports for data leak victims.

Confusingly, several hours after the leak, the threat actor apologised and deleted the data. However, victims have already received threatening text messages from scammers demanding payment.

So what?

Threat actor behaviour can be highly unpredictable. Companies should carefully consider their engagement and communication strategies in the event of a breach to manage the public’s reaction and minimise reputational damage.


2. LockBit 3.0 ransomware builder leaked

Last week, a disgruntled developer formerly employed by the ransomware gang LockBit leaked the group's latest ransomware builder on Twitter. The leaked builder – which includes an encryptor, decryptor, and various other specialised tools – contains everything necessary to launch a sophisticated and targeted ransomware attack. 

One ransomware gang has already started to use the leaked LockBit builder to launch attacks against vulnerable companies.

So what?

All organisations, large and small, should be prepared for a ransomware attack. Adopt a defence-in-depth approach by implementing multiple security controls, including a strong patch management programme, multi-factor authentication (MFA), and an endpoint detection and response solution. Critically, ensure you have viable backups stored offline to facilitate a quick recovery if you do suffer a ransomware attack.

3. Ukraine warns allies of Russian cyber attacks

According to Ukrainian military intelligence, the Russian government is planning a large-scale cyber operation aimed at critical infrastructure including the energy sector. Ukraine's allies, primarily Poland and the Baltic States, will likely face intensified distributed denial of service (DDoS) attacks.

Elsewhere, Meta took down a network of Facebook and Instagram accounts associated with a Russian disinformation campaign targeting Europe.

So what?

Western governments and cyber security experts have long warned that Russian state-sponsored cyber attacks against Ukraine could spill over. Although the evidence of such impacts so far has been limited, organisations must remain vigilant to such threat

4. Public figures' data leaked

A ransomware attack on Oxfordshire-based luxury organic farm shop Daylesford Organic has led to the personal data of several high profile UK celebrities, including Jeremy Clarkson and Sir David Attenborough, being leaked on the dark web. Meanwhile, the personal information of Portuguese president Marcelo Rebelo de Sousa and other Portuguese politicians was leaked following last month’s attack on Portuguese airline TAP Air Portugal.

So what?

High profile individuals can fall victim to data leaks, potentially leading to additional security risks. Anyone who is listed in a data breach should be wary of unsolicited communications and avoid sharing any sensitive information.

5. Freezing and seizing ransomware payments 

New legislation introduced to the House of Commons last Thursday, named the Economic Crime and Corporate Transparency Bill, aims to stem the rise in cryptocurrency use by cybercriminals. The bill will provide UK law enforcement agencies with a legislative framework to quickly and easilyseize, freeze, and recovercryptocurrency associated with ransomware attacks or other illicit activity such as fraud and money laundering.

So what?

Law enforcement agencies around the world have had occasional success in seizing and returning ransomware payments, but organisations should continue to assume that any such payment cannot be recovered.

6. Teenage GTA 6 hacker arrested in Oxfordshire

City of London Police have arrested a 17-year-old suspected of orchestrating last week’s high-profile attacks on Rockstar Games and Uber, which were attributed to the hacking group Lapsus$. The unnamed teenager had prior hacking convictions, and plead not guilty to charges of computer misuse in court on Monday. The arrest came following collaboration with the FBI.

So what?

Organisations should be prepared to handle complex public relations challenges following a cyber incident. Table top exercises and practical run throughs can be invaluable in stress testing incident response plans.


The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cyber security news, trends, and indicators, curated by our intelligence specialists.

To discuss this briefing or other industry developments, please reach out to one of our experts.


James Tytler
James Tytler
Associate, Cyber Security

James Tytler is a cyber security associate in S-RM’s incident response team. In addition to responding to a wide range of cyber security incidents, he also supports clients with cyber threat intelligence services.

Before joining S-RM’s cyber security team, James worked at a London-based corporate intelligence firm, where he specialised in Middle Eastern subjects.

James has a BA in Arabic and Persian from the University of Cambridge, and an MA in International Security from Sciences Po Paris. He speaks fluent French.

Miles Arkwright
Miles Arkwright
Associate, Cyber Security
James Tytler
James Tytler

Associate, Cyber Security

Miles Arkwright
Miles Arkwright

Associate, Cyber Security

Share this post

Subscribe to our insights

Get industry news and expert insights straight to your inbox.