Australia, June 30 -- New South Wales Land and Environment Court issued text of the following judgement on May 29:
1. This is an application for leave to proceed and for default judgment against defendants who have not been personally named because their identities are unknown. I set out in the following paragraphs some background factual matters that have been established on evidence that has not been challenged.
2. The University of Notre Dame Australia is a national Catholic university. It is a body corporate established by the University of Notre Dame Australia Act 1989 (WA). The University has become the victim of an extortion attempt. In January this year, in excess of 60 GBs of data, comprising some 60,000 files, were stolen by unnamed extortionists. Many of the files contain confidential information concerning the University's internal operations, as well as the records of students, staff and faculty members.
3. The extortionists operate under the name "Fog", who I will refer to as the threat actor. It is not certain whether there is just one person who is seeking to extort money from the University or whether there are multiple persons involved. The evidence suggests there is more than one person. There is evidence that the members of Fog are likely to reside in the United States and countries throughout Europe.
4. On 25 January 2025, a ransom note was discovered on the University's computer system. The message included the following: "If you are reading this, then you have been the victim of a cyber-attack. We call ourselves Fog and we take responsibility for this incident". The note indicated that to contact Fog, so as to "communicate safely", it was necessary to have the TOR browser installed, to follow a link that was provided and then enter a particular code. There is evidence that a link in the ransom note leads to a data leak site run by Fog that is used to publish the names and captured data of victims if they fail to pay the ransom. The publication occurs on the "dark web", which is a part of the internet that is not readily accessible by everyday individuals.
5. The University engaged [redacted], a forensic investigation expert, and [redacted], a threat intelligence provider, to assist the University to address the cyber-attack.
6. With the assistance of the threat intelligence provider, the University opened the line of communication via the link provided by the threat actor. The forensic investigation expert was able to confirm that data had been exfiltrated from the University's computer servers by the threat actor, although it has not been able to verify what data has been exfiltrated.
7. On 4 February 2025, the threat actor communicated an initial ransom demand. It was in the following terms: "Bosses demand is 1.2mil usd. you lost many personal files".
8. On 12 February 2025, the threat actor posted on its data leak site, identifying the University as a victim. The post alleged that it had extracted 62.2 GBs of data, containing employee and customer contacts, student medical documents as well as confidential agreements, licenses and nondisclosure agreements.
9. The students who attend the University, and the faculty and staff who work there, entrust the University with confidential information and engage in confidential communications with the University about personal and educational matters. The University sought to curtail the damage, and prospective damage, that will be suffered by the University, students, faculty and staff by the unauthorised dissemination of confidential information by commencing proceedings in this Court on 18 February 2025.
10. The University obtained urgent ex parte interlocutory injunctive relief from the Court on 18 February 2025 against "persons unknown". The interlocutory injunction was extended by the Court on 20 February 2025 and it remains in place.
*Rest of the document can be viewed at: (https://www.caselaw.nsw.gov.au/decision/197190ab85945b7990751f15)
Disclaimer: Curated by HT Syndication.
