Hack Of Australian Logistics And Healthcare Firm Peacock Bros

Once again, an Australian company finds itself targeted by a ransomware gang, and this time, the victim is the family-owned firm Peacock Bros, headquartered in Victoria.

On September 19th, the Cactus ransomware group made the hack public, listing Peacock Bros alongside several other victims, including a UK home furnishing company, a Californian law firm, and a Canadian insurance broker.

Peacock Bros boasts a substantial client base, with “over 12,000 active customers” as per their website. They also have more than 1,000 resellers spanning across Australia, New Zealand, south-east Asia, the US, and Europe. Some of their well-known clients include TNT, Toll, Amazon, Alfred Health, and Coca Cola.

The extent of the ransom demanded by the Cactus group remains undisclosed, as does the deadline for payment. However, the group has provided evidence of their intrusion into Peacock Bros’ internal networks. This proof includes a non-disclosure agreement (NDA) between Peacock Bros and another company, a 2019 land sale contract, a 2021 income statement, and the driver’s license of a Victorian individual. A scanned passport belonging to a Colombian national is also among the documents, all of which appear to be genuine.

The exact volume of data in Cactus’s possession remains unknown.

Cactus is a relatively new player in the ransomware landscape, first surfacing in May 2023 and seemingly active since March. The group is notable for exploiting vulnerabilities in Fortinet VPN appliances and employs encryption to shield its ransomware payload from early detection.