Hackers claim to have made off with 1800 usernames, email addresses and hashed passwords held by the Tasmanian Government.
Emails are linked to state agencies including Departments of Premier and Cabinet; Treasury; Infrastructure, Energy and Resources; Health and Human Services; Primary Industries, Parks, Water and Environment; and Economic Development, Tourism and the Arts.
The attacker, alias Sp1d3r, gained root access on a media release server operated by the Department of Premier and Cabinet, and accessed user emails and administer credentials.
The media.tas.gov.au site has since been taken offline.
"We obtained full access to the entire system," the hacker, a member of group S4t4n1c S0uls, told SC.
Stolen details supplied to and redacted by SC
|
The Tasmanian Department of Premier and Cabinet disabled all logins to the site and patched the vulnerability used in the attack.
"We are satisfied that no information obtained from the media.tas.gov.au website could be used to access other sites on the State Government network," a department spokesman said.
“The login details that appear to have been obtained by the hackers were unique to the media distribution site and have since been disabled."
But the Portugal-based hacking group said in a translated response that the information it obtained could allow it to "access the web and email servers across the government".
"What do you think of this info? Can I get the email conversations of these accounts? And access the admin on the servers? I can? Haha [but it is] clear that I will not do this."
It also said the attack was launched under the auspices of the decade-old Anti Security online movement.
The group defaced the site, causing a media release with one of the group's logos to be sent to media.
"We showed the whole nation and the government that millions invested in technology and safety have not been enough, or were not actually invested," Sp1d3r said.
"We follow an ideology ... protesting against the lies and misrepresentations of corrupt governments, seeking information about where public money goes. We pay taxes and it's absurd that we do not always received the expected response of the state. This is our rotten world."
The group said it has not sought to "destroy or damage" systems that it had hacked, including the server owned by Tasmanian Government.
S4t4n1c S0uls comprises of six members including Sp1d3r, Az_lum, V3rin, S3th, ne0, Ch3z.
.png&h=140&w=231&c=1&s=0)
_page-0001.jpg&w=100&c=1&s=0)
Integrate Expo 2025
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
iTnews Benchmark Security Awards 2025
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
