The Cl0p cyber extortion group has targeted nine Australian companies by listing them on its darknet leak site following alleged links to two specific IT service providers. While the group threatens to publish stolen data soon, there are indications that the hackers may be attempting extortion without having actually compromised any sensitive information.

The Cl0p cyber extortion group recently expanded its list of alleged victims by adding nine Australian companies to its darknet leak site. These listings, appearing in late January, suggest that the group is targeting businesses connected to two specific IT service providers located in Victoria and Western Australia. For each entry, the hackers posted their standard boilerplate message accusing the firms of neglecting customer security, a tactic typically used to pressure organizations into paying a ransom before any data is publicly released.

Among those listed are companies tied to Whole IT, a service provider based in Seaford, Victoria. The victims in this group include the trades supplier Roberts Designs and the plant hire firm Skye Excavations, the latter of which explicitly names Whole IT as its technical support partner. This clustering suggests the attackers may have identified a vulnerability within the service provider's infrastructure or are leveraging the association to create the appearance of a widespread breach.

A larger group of victims appears to be centered in Western Australia, specifically linked to the Perth-based IT support firm NextPhaze. This list covers a diverse range of industries, including the skincare brand Etto Australia, the MRA Group project management firm, and the Y Architecture Studio. Additionally, hospitality and finance entities such as The Hale Road Tavern, RMW Hospitality Group, and Ventnor were named on the leak site, indicating a broad geographic and sectoral reach in the group's latest campaign.

Despite the public threats, the actual severity of the situation remains unclear. When contacted for comment, all the listed companies declined to provide a statement regarding the incident. However, reports suggest that the threat actors might be engaged in a bluffing campaign, attempting to extort these businesses through intimidation despite potentially having no actual data in their possession. This strategy is not uncommon among ransomware groups looking to maximize pressure with minimal effort.

As of now, the cybersecurity community is waiting to see if Cl0p follows through with its promise to publish stolen files. If no data appears in the coming days, it will confirm suspicions that the group is merely trying to exploit the reputations of the IT service providers to scare their clients. For the moment, the affected companies are remaining silent as they navigate the threats and investigate the validity of the group's claims.

Source: Cl0p Cyber Extortion Group Targets Australian IT Providers And Their Clients