Joint advisory by Australian, New Zealand, and Tongan cyber authorities warns of rising INC Ransom attacks on critical infrastructure. The RaaS group has breached 11 Australian organisations, mainly in healthcare and professional services.
Microsoft’s March 2026 Patch Tuesday fixes 83 flaws, including three critical Office vulnerabilities exploitable through the Preview Pane that allow code execution without opening files, and a Copilot-linked Excel bug that could leak data. The ACSC urges immediate patching under the Essential Eight.
A Western Australian government audit has exposed critical Microsoft 365 security failures across seven state entities, leading to a data breach that leaked information on minors and a separate business email compromise incident resulting in the theft of $71,000 through fraudulent invoices.
Joint advisory by Australian, New Zealand, and Tongan cyber authorities warns of rising INC Ransom attacks on critical infrastructure. The RaaS group has breached 11 Australian organisations, mainly in healthcare and professional services.
Cyber News Centre's cyber update for 12th March 2026: Australian and Pacific cyber authorities have issued a joint warning on the INC Ransom group, citing ongoing ransomware and data-extortion activity affecting organisations across Australia, New Zealand, and Pacific island states.
The Australian Cyber Security Centre (ACSC) is Australia's lead federal government agency for cybersecurity, operating under the Australian Signals Directorate (ASD). It provides guidance, threat intelligence, and incident response support to government and private sector organisations. The ACSC works closely with international partners, including New Zealand's NCSC and CERT Tonga, to coordinate responses to cross-border cyber threats.
Update: A joint advisory from the Australian Cyber Security Centre (ACSC), New Zealand's NCSC, and CERT Tonga has highlighted a significant threat from the INC Ransom group, which has intensified its focus on the Pacific region since early 2025. Operating a Ransomware-as-a-Service (RaaS) model, the group's affiliates have compromised at least 11 Australian organisations between July 2024 and December 2025, primarily targeting the healthcare and professional services sectors.
The attackers gain initial access via spear-phishing, exploiting unpatched systems, or using purchased credentials. Once inside, they escalate privileges, move laterally, and exfiltrate sensitive data including medical records before deploying the ransomware.
This double-extortion tactic pressures victims to pay by threatening to publish stolen data on their dark web leak site. The advisory notes that INC Ransom's affiliates use legitimate tools like 7-Zip and rclone to blend in with normal network activity, making detection more difficult. The group, also known as Tarnished Scorpion and GOLD IONIC, has been linked to disruptive attacks on health networks in Tonga and New Zealand, demonstrating a clear pattern of targeting critical infrastructure where operational downtime carries severe consequences.
Why it Matters: The coordinated warning from three national cybersecurity agencies underscores the escalating and tangible threat that ransomware groups like INC Ransom pose to Australia's most sensitive sectors.
The specific targeting of healthcare is not accidental; it is a calculated strategy that leverages the immense pressure these organisations face to maintain continuous operations. For Australians, this means the potential for direct disruption to essential medical services, cancellation of appointments, and the exposure of highly personal health information.
The RaaS model lowers the barrier to entry for less sophisticated criminals, effectively franchising cybercrime and amplifying the threat. This incident serves as a stark reminder that the digital supply chain for critical services remains a vulnerable frontier, where a single breach can have cascading, real-world impacts on public safety and national security.
Get the stories that matter to you.
Subscribe to Cyber News Centre and update your preferences to follow our Daily 4min Cyber Update, Innovative AI Startups, The AI Diplomat series, or the main Cyber News Centre newsletter — featuring in-depth analysis on major cyber incidents, tech breakthroughs, global policy, and AI developments.
Microsoft’s March 2026 Patch Tuesday fixes 83 flaws, including three critical Office vulnerabilities exploitable through the Preview Pane that allow code execution without opening files, and a Copilot-linked Excel bug that could leak data. The ACSC urges immediate patching under the Essential Eight.
A Western Australian government audit has exposed critical Microsoft 365 security failures across seven state entities, leading to a data breach that leaked information on minors and a separate business email compromise incident resulting in the theft of $71,000 through fraudulent invoices.
Google's March 2026 Android update patches a critical zero-day (CVE-2026-21385) in Qualcomm chips used in hundreds of millions of devices. The flaw, under active exploitation, allows privilege escalation and system compromise, posing a significant risk to users.
Global legal intelligence giant LexisNexis has confirmed a significant cloud data breach after hackers exploited a vulnerable application, exfiltrating 2GB of data. The incident exposed details on enterprise clients, including law firms and government agencies, raising serious supply chain concerns.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
