Russian hackers threaten to release masses of private data stolen from Irish communications regulator

ComReg was targeted by group in May and refused to say if data has been published

The group, which is known as Cl0p, said on Tuesday it has 143 gigabytes of ComReg data. Photograph: iStock
The group, which is known as Cl0p, said on Tuesday it has 143 gigabytes of ComReg data. Photograph: iStock

A notorious Russian cybercriminal gang has threatened to publish masses of private information stolen from ComReg, the Irish communications regulator.

The group, which is known as Cl0p, said on Tuesday it has 143 gigabytes of ComReg data which was stolen in a ransomware attack on the Government agency in May.

Neither ComReg or the National Cyber Security Centre (NCSC), which is responding to the attack, would confirm yesterday if the data belongs to the agency or if it has yet been published.

ComReg is responsible for regulating communications companies, including internet service providers, broadcasters and mobile phone providers. It holds large amounts of sensitive data relating to the telecommunications industry.

READ SOME MORE

The agency was one of many organisations targeted in a cyberattack by the Cl0p ransomware group which is based in Russia. The group carried out the attack by exploiting a weakness in Moveit, a file transfer system used by ComReg.

ComReg said last month a “relatively small number” of its files were impacted. “Of these, an even smaller proportion concerned either personal data or confidential commercial information that had been provided to ComReg by regulated entities.”

It is understood the agency has drafted in a private cyber security company to help respond to the attack. The Garda National Cyber Crime Bureau is also investigating and the Data Protection Commission has been notified.

Last month, ComReg wrote to various telecommunications companies to inform them their data had been stolen.

“The NCSC is aware of the recent cyberattack on the secure file transfer platform ‘MoveIt’. The NCSC does not comment on operational issues,” said a spokesman for the Department of Communications, which oversees the NCSC.

Review sets out 18 actions to strengthen country’s cyber securityOpens in new window ]

Cl0p is the name of the ransomware used in the attack but it is also used to refer to the loose network of cybercriminals which control it.

Almost two million individuals and 369 organisations have been impacted so far including Siemens Energy, Deutsche Bank and many United States educational institutes.

The criminals threatened to publish victims’ data if they did not receive a ransom payment in cryptocurrency. The deadline to begin the process of paying the ransom was June 14th.

Brett Callow, a cybersecurity expert, said Cl0p’s targeting of a Government agency is unusual as it claims it does not go after public bodies.

“If you are a Government, city or police service do not worry, we erased all your data. You do not need to contact us. We have no interest to expose such information,” the group states in the ransom instructions it send to victims.

As well as ComReg, the group also appears to have targeted its equivalent agency in the UK, Ofcom. It claims to have 62 gigabyte of data from the organisation.

It is Irish Government policy not to pay ransoms to cybercriminals, as demonstrated following the ransomware attack on the HSE in 2021 by Russian based criminals.

Cl0p is one of the oldest cybercrime gangs still in existence. As well as operating from Russia, many of its members are believed to have operated from Ukraine and other eastern European countries.

Conor Gallagher

Conor Gallagher

Conor Gallagher is Crime and Security Correspondent of The Irish Times