Cyber Incident Victim: Australias Labor Party (New South Wales Branch)

On or around May 5, 2021, the Avaddon ransomware group claimed responsibility for a cyberattack against Australia’s Labor Party (New South Wales Branch), commonly referred to as NSW Labor. The threat actors alleged they had compromised the organization’s systems, exfiltrated sensitive data, and encrypted files. They issued a ransom demand and provided a 240-hour deadline for NSW Labor to cooperate, threatening to leak what they described as "valuable company documents" if their demands were unmet. As proof of the breach, Avaddon publicly posted samples of the stolen data, which included files containing personally identifiable information (PII). The group’s listing for NSW Labor featured a "DDOS" icon, suggesting they might deploy a distributed denial-of-service attack to disrupt the party’s online operations, though the website remained functional at the time of initial reporting. NSW Labor confirmed the incident was under investigation and had been reported to law enforcement authorities.

NSW Labor characterized the breach as a matter of "serious concern" and initiated a full internal investigation alongside notifying police. The NSW Police Force’s Sydney City Police Area Command commenced inquiries into the ransomware attack following the alert. Notably, the Australian Federal Police were not involved in the investigation at that stage. The attackers’ publication of data samples confirmed the compromise of sensitive information, though the full scope of impacted systems and data types was not publicly disclosed. Avaddon’s typical tactics—encryption, data exfiltration, and threats of leaks or DDoS—aligned with their historical operations against other victims. No further details regarding ransom negotiations, data restoration, or additional disruptions were confirmed in the immediate aftermath of the initial disclosure.