NSW Rural Fire Service: Exclusive: Nova ransomware group takes responsibility for NSW RFS hack

NSW Rural Fire Service: Exclusive: Nova ransomware group takes responsibility for NSW RFS hack

Nova Ransomware Group Shifts Target from NSW Government to Rural Fire Service

In early June, the Nova ransomware operation claimed to have breached the New South Wales (NSW) government, threatening to leak sensitive data. NSW Chief Cyber Security Officer Marie Patane dismissed the claims, stating the provided sample contained only publicly available and historical information, with no evidence of a network intrusion.

However, on 25 June, the NSW Rural Fire Service (RFS) disclosed a separate cybersecurity incident, notifying members of potential exposure of historical data. Acting Commissioner Kelly Quandt confirmed that investigations found no evidence of sensitive personal information being accessed or misused, though technical analysis remains ongoing.

Over the weekend, Nova delisted the NSW government from its leak site and replaced it with the NSW RFS, revealing that the datasets primarily contour maps and emergency response project details were identical to those initially attributed to the government breach.

About Nova
Emerging in early 2025, Nova operates as a ransomware-as-a-service (RaaS) group, splitting profits with affiliates under performance-based tiers (ranging from 75/25 to 95/5 in favor of affiliates). The group provides tools, exploits, and guidance in Russian, Chinese, and English, targeting victims globally. The NSW RFS marks its first confirmed Australian victim, with Nova responsible for 140 leak posts, including 25 in May 2026 alone.

About the NSW RFS
The NSW Rural Fire Service is the world’s largest volunteer fire service, with 69,000 volunteers across 110 local government areas. In 2024–25, it responded to over 32,000 incidents, including bushfires, motor vehicle accidents, and structural fires. The extent of the exposed data and potential operational impact remains under investigation.

Source: https://www.cyberdaily.au/security/13817-exclusive-nova-ransomware-group-takes-responsibility-for-nsw-rfs-hack

NSW Rural Fire Service cybersecurity rating report: https://www.rankiteo.com/company/nsw-rural-fire-service

"id": "NSW1782700615",
"linkid": "nsw-rural-fire-service",
"type": "Ransomware",
"date": "6/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'industry': 'Emergency Services',
                        'location': 'New South Wales, Australia',
                        'name': 'NSW Rural Fire Service',
                        'size': '69,000 volunteers',
                        'type': 'Government Agency'}],
 'customer_advisories': 'Members notified of potential data exposure',
 'data_breach': {'personally_identifiable_information': 'None confirmed',
                 'sensitivity_of_data': 'Low (no sensitive personal '
                                        'information confirmed)',
                 'type_of_data_compromised': 'Historical data, contour maps, '
                                             'emergency response project '
                                             'details'},
 'date_detected': '2026-06-25',
 'date_publicly_disclosed': '2026-06-25',
 'description': 'The Nova ransomware group initially claimed to have breached '
                'the NSW government but later shifted focus to the NSW Rural '
                'Fire Service (RFS), revealing datasets including contour maps '
                'and emergency response project details. The NSW RFS confirmed '
                'a cybersecurity incident with potential exposure of '
                'historical data, though no sensitive personal information was '
                'found to be accessed or misused.',
 'impact': {'data_compromised': 'Historical data, contour maps, emergency '
                                'response project details',
            'operational_impact': 'Under investigation'},
 'investigation_status': 'Ongoing',
 'motivation': 'Financial gain',
 'ransomware': {'data_exfiltration': 'Yes', 'ransomware_strain': 'Nova'},
 'references': [{'date_accessed': '2026-06-25',
                 'source': 'NSW Rural Fire Service Disclosure'},
                {'date_accessed': '2026-06-25',
                 'source': 'Nova Ransomware Leak Site'}],
 'response': {'communication_strategy': 'Public disclosure to members'},
 'threat_actor': 'Nova Ransomware Group',
 'title': 'Nova Ransomware Group Targets NSW Rural Fire Service',
 'type': 'Ransomware'}
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.