Melbourne-based fleet management firm Netstar Australia has been hit by the Blackshrantac ransomware group in a data extortion attack, underscoring rising cyber risks in the telematics sector that handles sensitive GPS data for government and critical infrastructure operators.
The Rhysida ransomware group has targeted Harbour Town Doctors, a Queensland medical centre, threatening to leak sensitive patient data. The attack highlights the persistent threat of ransomware to the Australian healthcare sector.
One of the largest lead generation datasets ever compiled has been found exposed online, containing 4.3 billion professional records in a 16 terabyte unsecured database.
Melbourne-based fleet management firm Netstar Australia has been hit by the Blackshrantac ransomware group in a data extortion attack, underscoring rising cyber risks in the telematics sector that handles sensitive GPS data for government and critical infrastructure operators.
Cyber News Centre's cyber update for 18th December 2025: Melbourne-based fleet management provider Netstar Australia has been targeted by the Blackshrantac ransomware group in a data extortion attack.
Netstar Australia is a Melbourne-based technology company specialising in GPS telematics and fleet management solutions. The company provides services to a diverse range of sectors across Australia, including government and critical infrastructure operators, with over two decades of experience in the industry.
Update: The Blackshrantac ransomware group, a data extortion actor first seen in September 2025, has claimed responsibility for a cyberattack on Melbourne-based Netstar Australia. The incident, discovered on December 17, 2025, is a data extortion attack, where the primary threat is the public release of stolen sensitive information rather than data encryption.
Blackshrantac operates as a data broker, using double extortion tactics to pressure victims into paying a ransom. The group has been linked to over 30 attacks globally since its emergence. While the full extent of the data compromised in the Netstar breach has not been disclosed, the company's services involve collecting and managing extensive telematics data, including real-time vehicle location, driver behaviour, and operational intelligence for its clients.
This attack follows a pattern of recent strikes by the group against various international targets, indicating a rapid and aggressive operational tempo. The incident places Netstar Australia among a growing list of victims as the threat actor continues to expand its activities, targeting organisations across multiple sectors and geographies. The attack was first reported by cybersecurity intelligence firm HookPhish, which tracks ransomware group activities.
Why it Matters: The attack on Netstar Australia highlights a significant and growing threat to the telematics and fleet management sector. These companies are custodians of highly sensitive data, including the real-time location of vehicles and assets for government agencies and critical infrastructure operators. A breach in this sector does not just represent a corporate data loss; it creates a national security risk. Compromised GPS tracking data could expose operational details of sensitive convoys, disrupt supply chains, and provide hostile actors with intelligence on the movement of critical assets.
The incident underscores vulnerabilities common in the automotive and telematics industry, where interconnected systems and third-party contractor dependencies create a broad attack surface. As threat actors like Blackshrantac focus on data extortion, the value of telematics data as a leverage point for ransom demands increases, making providers like Netstar a high-value target for cybercriminals.
Get the stories that matter to you.
Subscribe to Cyber News Centre and update your preferences to follow our Daily 4min Cyber Update, Innovative AI Startups, The AI Diplomat series, or the main Cyber News Centre newsletter — featuring in-depth analysis on major cyber incidents, tech breakthroughs, global policy, and AI developments.
The Rhysida ransomware group has targeted Harbour Town Doctors, a Queensland medical centre, threatening to leak sensitive patient data. The attack highlights the persistent threat of ransomware to the Australian healthcare sector.
One of the largest lead generation datasets ever compiled has been found exposed online, containing 4.3 billion professional records in a 16 terabyte unsecured database.
Melbourne-based broker ThinkMarkets has been hit by the Chaos ransomware group, which stole 512GB of data. The breach includes employee passports and customer KYC records, posing a major risk to the Australian financial services firm and its clients worldwide.
Inotiv has confirmed a major data breach after a Qilin ransomware attack exposed the personal, financial and health information of over 9,000 people. The hit on this large US research company highlights rising supply chain risks across the pharmaceutical and healthcare sectors.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
