Cyber Incident Victim: Schepisi Communications
Date:
Apr 2021
Location:
Australia
Summary
The Avaddon ransomware gang targeted Schepisi Communications, a Telstra service provider, through cyberattacks including a data breach and DDoS attacks, compromising tens of thousands of SIM card records and allegedly accessing customer phone numbers, addresses, financial information, contracts, and banking data. Telstra acknowledged that high-level business customer information may have been exposed but disputed claims of sensitive personal data theft, though hackers leaked excerpts containing phone numbers and addresses to support extortion demands. The attackers threatened to release company documents unless a ransom was paid, causing the victim's website to go offline; impacted clients included Nestle, a financial services firm, a radio station, and a property management company.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 3 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or around April 27, 2021, Melbourne-based telecommunications service provider Schepisi Communications, a platinum partner of Telstra, suffered a cyberattack claimed by the Avaddon ransomware gang. The attackers deployed distributed denial-of-service (DDoS) attacks and infiltrated Schepisi’s data systems, exfiltrating what they described as "tens of thousands" of SIM card records along with financial information, contracts, and banking data. Following the breach, Schepisi’s website became inaccessible for multiple days, displaying a message confirming the hackers’ infiltration and their ransom demands. Avaddon posted a ransom note on the dark web containing a countdown timer set to expire the weekend following the attack, threatening to leak "valuable company documents" unless Schepisi cooperated. The note explicitly referenced compromised mobile device data and corporate financial records. Telstra, Australia’s largest telecommunications company, acknowledged the incident through a spokesperson, confirming that "high-level" business customer information—including mobile phone numbers—from Schepisi’s order fulfillment system may have been accessed. Telstra emphasized its own systems remained uncompromised and stated its cybersecurity team was assisting Schepisi in resolving the incident.
Despite Telstra’s initial assertion that no sensitive personal information was breached, excerpts of leaked data published by Avaddon on dark web forums contradicted this claim, revealing customer phone numbers and physical addresses among the stolen records. The attackers’ dark web posts explicitly cited financial and contractual documents as leverage for extortion. Schepisi’s client base impacted by the breach included multinational corporation Nestlé, a Victoria-based financial services provider, a Melbourne radio station, and an Australian property management firm. Telstra maintained that its business partners adhered to strict data access protocols but did not disclose whether Schepisi’s compliance with these protocols was verified prior to the attack. No further public updates from Schepisi Communications were reported in the immediate aftermath, though Telstra continued to downplay the severity of the data exposure while collaborating on containment efforts. The incident highlighted risks to third-party vendors in telecommunications supply chains, particularly regarding centralized SIM card management systems.