Report an incident

Get 24/7 incident response assistance from our global team

Talk to sales

Just fill out the form, and our representative will contact you soon.

Join the Cybercrime Fighters Club

Please review the following rules before submitting your application:

1. Our main objective is to foster a community of like-minded individuals dedicated to combatting cybercrime and who have never engaged in Blackhat activities.

2. All applications must include research or a research draft. You can find content criteria in the blog. Please provide a link to your research or research draft using the form below.

ANZ Threat Landscape — May 2026
← Research Hub

ANZ Threat Landscape — May 2026

Actionable threat intelligence and sharp insights into the threats, attack trends and adversaries shaping the Australia & New Zealand cybersecurity landscape.

Report Highlights (Key Stats to Feature)

26 ransomware incidents recorded in ANZ — down 3.70% from April 202626 ransomware incidents recorded in ANZ — down 3.70% from April 2026

390,967 compromised accounts — up 32.96% from April, led by RedLine Stealer (146,021 credentials)390,967 compromised accounts — up 32.96% from April, led by RedLine Stealer (146,021 credentials)

61,894 compromised bank cards — a 1,044% spike from April, driven by the B1ack's Stash darkweb dump (49,791 Australian cards + 4,498 NZ cards)61,894 compromised bank cards — a 1,044% spike from April, driven by the B1ack's Stash darkweb dump (49,791 Australian cards + 4,498 NZ cards)

Most targeted industries: Commerce & Shopping (6), Education (3), Healthcare (2), Financial Services (2)Most targeted industries: Commerce & Shopping (6), Education (3), Healthcare (2), Financial Services (2)

New threat actor Bavacai emerged and immediately targeted Australian businesses (Strategic Imports, Palmers Relocations)New threat actor Bavacai emerged and immediately targeted Australian businesses (Strategic Imports, Palmers Relocations)

Most Active Threat Actors Section

Most Active Threat Actors Section

Adversary of the Month

TrickMo — Android banking trojan (variant TrickMo.C) confirmed targeting Australian financial services users in 2026. Designed to intercept OTPs and bypass 2FA on banking apps including ANZ bank, Telstra, Optus, PayPal, and cryptocurrency platforms.

Local Incidents Highlighted

B1ack's Stash card dump (May 18): ~54,000 ANZ cards leaked on darkwebB1ack's Stash card dump (May 18): ~54,000 ANZ cards leaked on darkweb

Australian Medical Council attacked by ransomware group 3AM (May 27)Australian Medical Council attacked by ransomware group 3AM (May 27)

VSP Solutions attacked by STORMOUS (May 23)VSP Solutions attacked by STORMOUS (May 23)

5 hacktivism incidents — DXPLOIT targeted healthcare (#OpAustralia), Z-Pentest compromised SCADA systems in Perth5 hacktivism incidents — DXPLOIT targeted healthcare (#OpAustralia), Z-Pentest compromised SCADA systems in Perth

Relevant reports

We see the full picture of the evolving cyber threat landscape thanks to unique tools for monitoring the infrastructure used by cybercriminals and data from battlefields:

Intelligence Insights Report, May 2026
New
Trend Report
Intelligence Insights Report, May 2026
Explore the most notable cybersecurity events in the region and the best practices
Learn more
Intelligence Insights Report, April 2026
New
Trend Report
Intelligence Insights Report, April 2026
Explore the most notable cybersecurity events in the region and the best practices
Learn more
Fake Investments, Real Consequences: Uncovering Investment Scams Targeting USA and Australia
New
Trend Report
Fake Investments, Real Consequences: Uncovering Investment Scams Targeting USA and Australia
Learn more
Inside Europe’s Manufacturing Cyber Threat Landscape
New
Trend Report
Inside Europe’s Manufacturing Cyber Threat Landscape
Why the biggest risks to industrial operations begin outside the factory
Learn more