Southern Design RV Hit by Data Breach as New Cybercrime Group CMD Organization Auctions Stolen Customer Data Southern Design RV, a Ballarat, Victoria-based dealer specializing in new and used Australian-made caravans, has been listed as a victim by the emerging cybercrime group CMD Organization. The threat actor claims to have exfiltrated sensitive customer data, including names, addresses, emails, phone numbers, and purchase details, which it has posted as a sample on its leak site. CMD Organization is auctioning the stolen data for 5 Bitcoin (at the time of reporting), with the sale set to expire in just over five days. Southern Design RV has not commented on the incident. First observed in March 2024, CMD Organization has rapidly expanded its victim list, now totaling 19 organizations, including Tasmania’s Goodstone Group, which previously confirmed a cyberattack. The group markets itself as a "legitimate" security firm, claiming to specialize in identifying corporate vulnerabilities while operating under the guise of improving cybersecurity. However, cybersecurity firm Beazley Security describes CMD Organization as a low-maturity but well-networked operator, likely relying on initial access brokers (IABs) and minimal custom tooling. A key tactic involves public auctions for stolen data, allowing multiple bidders to drive up prices potentially increasing pressure on victims to pay. By selling exclusive access to a single buyer, the group ensures the winner can exploit the data before competitors gain access. The incident highlights a growing trend in public extortion auctions, where cybercriminals monetize breaches through competitive bidding rather than traditional ransom negotiations.