CFOtech Australia - Technology news for CFOs & financial decision-makers
Australia

Guides

#
artificial intelligence
#
data analytics
#
digital transformation
#
fintech
#
health technologies

Search

Australian city skyline ominous shadowy figures threat vulnerability
#
Cybersecurity
#
HealthTech
#
Telstra

Australian organisations face rising threat from top ransomware groups

Wed, 12th Nov 2025
Author image
By Shannon Williams, Journalist

Four major malware groups have heavily targeted Australian organisations over the past year, according to a new report from Opentext Cybersecurity naming the six most damaging threat actors globally.

Australian impact

Qilin, Akira, Scattered Spider, and ShinyHunters feature among the top six groups believed to have orchestrated significant attacks in Australia. Recent victims include companies such as Metricon Homes, Office National, Malibu Boats Australia, and JKC Australia LNG, as well as educational and sporting organisations. Large-scale operations have also been attributed to these groups, with Scattered Spider and ShinyHunters reportedly collaborating in attacks on Qantas and Telstra.

Qilin dominance

Qilin tops the list of active malware groups after a year of persistent attacks focused on hospitals, laboratories, and local governments worldwide. The group carried out over 200 confirmed incidents, bringing notable disruption and forcing affected entities to the brink in some cases. The incidents in Australia have included high-profile attacks on both public and private sector targets.

One of Qilin's recent features is a 'Call Lawyer' option in its ransomware control panel. This function provides criminals with access to a Qilin negotiation advisor, who guides them through the ransom process, calculates potential payments, and drafts documentation indicating data deletion. Such capabilities highlight the increasing professionalisation of malware operations.

Strategic shifts

Akira, another group prominent in the report, has adjusted its targeting strategy in 2025. Known for attacks on healthcare and education in 2024, Akira has shifted focus to high-value enterprises and managed service providers to reduce global scrutiny and law enforcement attention. Australian companies affected are believed to include LeasePLUS, Consonic, Thornton Engineering, and Regency Media.

Collaboration and tactics

Scattered Spider and ShinyHunters have developed tactics including the use of deepfake voice calls and help-desk impersonation. Scattered Spider gained notoriety following UK arrests that identified several operators as teenagers. Their ability to infiltrate systems rapidly and act as access brokers has led to recurring attacks that copy their techniques.

Elsewhere, Play Ransomware and Lumma Stealer complete the main groupings, with additional threats such as LockBit 5.0, AsyncRAT, and ClickFix still significantly affecting both public and private sector operations.

Ransomware market

The ransomware landscape has grown more stable but remains high-risk, with groups treating operations as business activities. Qilin and Akira use negotiation portals and affiliates to manage extortion, even maintaining custom-built platforms for victim communication. While the rate of attacks may not be breaking financial records, extortion remains lucrative, relying more on data theft and pressure tactics than mere encryption.

Professionalisation of crime

Threat actors now collaborate, create alliances, and share exploit kits. Malware-as-a-Service offerings and customer support-like features are increasingly common, allowing unskilled actors to deploy advanced malware campaigns. The sector is structured, with alliances and business models mirroring legitimate enterprise practices.

OpenText Cybersecurity (APAC) Regional Vice President Steve Stavridis said:

"New technology has lowered the technical barrier to creating and deploying malware. Criminals can even purchase malware products from other groups and access customer support-like features."

"We are at the point of a viable 'malware sector', with increasingly sophisticated and organised groups that are pivoting strategies, developing negotiation 'playbooks', forging alliances, and creating innovative approaches," said Stavridis.

"The impact of these groups is not merely financial. Patient treatment may be delayed at compromised hospitals, projects may be stalled for engineering and construction companies, and students' futures may be jeopardised if their educational institution's records are made public," said Stavridis.

"Cybersecurity today is not just about the impenetrability of your walls, but the engagement of your employees. This is due to tools like AI making social engineering attacks bigger, faster, and more sophisticated," said Stavridis.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Castles opens Melbourne hub to drive Pacific growth
Driving the future of Australia’s fleet management in 2026 and beyond
Enterprises race to modernise asset management as digital demands rise
US banks dominate AI patents as Europe falls behind
UiPath & Talkdesk unite agentic AI for healthcare CX

Top stories

AI reshapes supply chains as disruption becomes the norm
Ecommpay gains full DAC approval for accessible site
National AI plan to turbocharge Australia’s AI uptake
Tenable hack of Copilot AI agent exposes fraud risks
Networking as a financial catalyst: Unlocking true cost efficiency