One of the most prominent Russian-speaking ransomware gangs has claimed responsibility for an assault on an Australian energy provider that serves millions of people over the weekend.
On Monday, Australian media claimed that Chinese government hackers were responsible for the intrusion at CS Energy, which is controlled by Queensland state in northeast Australia.
These claims, which occurred when Australia and China were at odds, caused the utility to release a statement on Tuesday.
According to CS Energy CEO Andrew Bills, there is “now no indication that the cyber event was a state-based strike.”
Meanwhile, the Conti ransomware gang has identified CS Energy on its website for humiliating victims and occasionally revealing personal data.
“Conti included CS Energy on their leak site, which certainly would imply that one of its affiliates was involved for the assault,” said Brett Callow, a threat analyst at Emsisoft.
The Australian, Daily Mail, and other media outlets directly implicated China for the assaults.
Callow, on the other hand, stated that “Conti is thought to be a Russia-based cybercrime organisation, not a China-based APT, therefore the attack on CS Energy appears to be merely an addition to the ever-expanding list of financially driven ransomware strikes.” APT is a security industry abbreviation for Advanced Persistent Threat organisations, which are frequently supported by governments.
Conti, like several other ransomware outfits, divides profits with affiliates who breach into targets before downloading its malware to encrypt computer files and directing victims to Conti to negotiate bitcoin payments.
In the last year, Conti and other gangs have expanded their attacks on utilities, hospitals, and other important infrastructure. Some of these groups, according to Western officials and experts, have links to Russian intelligence services, but no similar charge has been levelled against the Chinese.