Menu
Browse

Cyber Threat Actor: Abdilo

Actor Type Location Known Incidents
 Icon
Sensationalist
Australia
3 incidents
Profile

The threat actor known by the alias Abdilo has been identified as operating from Australia, with specific references to Queensland in some reports. The actor first came to public attention through a data breach affecting the University of Sydney’s Online Recruitment System for Economic Experiments in February 2015. In that incident, an unauthorized party accessed personal details of approximately five thousand students, including names, contact information and gender. The actor’s alias appears in multiple sources describing separate incidents.

Abdilo’s activities have focused on Australian entities across several sectors, notably education, insurance, finance and government. The actor claimed responsibility for an SQL injection attack on the private travel insurer Aussie Travel Cover in December 2014, which resulted in the exfiltration of over seven hundred seventy thousand customer records containing personal and policy information. In addition, Abdilo stated that they had targeted government websites such as those of the Australian Communications and Media Authority, the Australian Nuclear Science and Technology Organisation, Victoria Police and the Australian Public Service Commission, although the affected agencies reported that only public‑facing portals without sensitive data were accessed. The actor also reached out via Twitter to insurance and finance firms such as GIO Insurance and investsmart_au, indicating an interest in those industries.

The actor’s reported tactics rely primarily on web application vulnerabilities rather than malware. Both the Aussie Travel Cover breach and the University of Sydney incident involved exploitation of an SQL injection flaw or a software vulnerability to gain unauthorized access to databases. Abdilo used Pastebin to publish claims of responsibility and to list alleged targets, and employed Twitter to notify organizations of supposed vulnerabilities. No references to specific malware families, custom tools or exploit kits appear in the available sources.

Public attribution does not link Abdilo to any state‑sponsored group or established criminal consortium. While the actor’s online moniker has been mentioned in discussions of the LizardStresser project and the LizardSquad collective, Abdilo has stated that the LizardStresser.su domain was created by another LizardSquad member and has not claimed formal membership in either group. Authorities such as the Australian Federal Police have acknowledged awareness of the activity but have not confirmed any investigative details or affiliations.

Representative operations attributed to Abdilo include the December 2014 breach of Aussie Travel Cover, which exposed a large volume of customer data, and the February 2015 intrusion into the University of Sydney’s ORSEE system that compromised student information. The actor’s public statements also describe attempts to probe government portals and to contact private sector firms about potential SQL injection issues, though those efforts did not result in confirmed data theft according to the targeted organizations. These incidents illustrate a pattern of exploiting web‑application flaws to obtain data and then publicizing the findings through social media and text‑based platforms.

Incidents
Attributed incidents available to members
3 incidents
Sources
Sources available to members
2 sources