AUNZ Intelligence Insights Report, April 2026

Key Threat Trends (March vs. April 2026)

Ransomware:

Incidents decreased by 26.67% to 121, with "The Gentlemen" remaining the most active group. Manufacturing remains the most impacted industry.

DDoS & Hacktivism:

Incidents increased by 25%, with South Korea, China, and India experiencing the most activity. Government and military sectors were the primary targets.

Compromised Accounts:

Leaked data events surged by 143.38%, totaling over 5.3 million records. Redline Stealer was the most prevalent malware.

Compromised Bank Cards:

Leaked card instances decreased by 41.47%. Telegram remains the primary distribution channel.

Initial Access Brokers (IAB):

IAB events dropped by 44.44%, with 15 incidents recorded.

Notable Global & Regional Incidents

Supply Chain Attacks:

SAP’s Cloud Application Programming Model was targeted by a supply chain attack using malicious info-stealing packages. Additionally, a malicious package impersonating the Bitwarden CLI was published to npm by TeamPCP.

Data Leaks & Breaches:

FulcrumSec leaked corporate data from LexisNexis; a database from Chongqing Fumin Bank containing over 4 million records was advertised for sale; and the Russian Infrastructure Destruction Squad claimed breaches at the FAA and several South Korean government institutions.

Attacks on Critical Infrastructure:

Unauthorized access was reported to OT systems in India’s water supply and 30 American camera systems by Anonymous Switzerland.

Scams:

Group-IB researchers identified the alleged sale of 82 million Agoda records as a fabrication by a known scammer.

Adversary of the Month

Coinbase Cartel:

This group specializes in data exfiltration without encryption. They conducted 11 attacks in APAC during 2026, including targets like the Tokyo Institute of Science and Pacific Airlines.

AUNZ Intelligence Insights Report, April 2026

Key Threat Trends (March vs. April 2026)

<img src="https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/check-icon--lbg.svg" alt="Ransomware:">Ransomware:

<img src="https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/check-icon--lbg.svg" alt="DDoS & Hacktivism:">DDoS & Hacktivism:

<img src="https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/check-icon--lbg.svg" alt="Compromised Accounts:">Compromised Accounts:

<img src="https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/check-icon--lbg.svg" alt="Compromised Bank Cards:">Compromised Bank Cards:

<img src="https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/check-icon--lbg.svg" alt="Initial Access Brokers (IAB):">Initial Access Brokers (IAB):

Notable Global & Regional Incidents

<img src="https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/check-icon--lbg.svg" alt="Supply Chain Attacks:">Supply Chain Attacks:

<img src="https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/check-icon--lbg.svg" alt="Data Leaks & Breaches:">Data Leaks & Breaches:

<img src="https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/check-icon--lbg.svg" alt="Attacks on Critical Infrastructure:">Attacks on Critical Infrastructure:

<img src="https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/check-icon--lbg.svg" alt="Scams:">Scams: