AUNZ Intelligence Insights Report, April 2026

Key Threat Trends (March vs. April 2026)

Ransomware:

Incidents decreased by 26.67% to 121, with "The Gentlemen" remaining the most active group. Manufacturing remains the most impacted industry.

DDoS & Hacktivism:

Incidents increased by 25%, with South Korea, China, and India experiencing the most activity. Government and military sectors were the primary targets.

Compromised Accounts:

Leaked data events surged by 143.38%, totaling over 5.3 million records. Redline Stealer was the most prevalent malware.

Compromised Bank Cards:

Leaked card instances decreased by 41.47%. Telegram remains the primary distribution channel.

Initial Access Brokers (IAB):

IAB events dropped by 44.44%, with 15 incidents recorded.

Notable Global & Regional Incidents

Supply Chain Attacks:

SAP’s Cloud Application Programming Model was targeted by a supply chain attack using malicious info-stealing packages. Additionally, a malicious package impersonating the Bitwarden CLI was published to npm by TeamPCP.

Data Leaks & Breaches:

FulcrumSec leaked corporate data from LexisNexis; a database from Chongqing Fumin Bank containing over 4 million records was advertised for sale; and the Russian Infrastructure Destruction Squad claimed breaches at the FAA and several South Korean government institutions.

Attacks on Critical Infrastructure:

Unauthorized access was reported to OT systems in India’s water supply and 30 American camera systems by Anonymous Switzerland.

Scams:

Group-IB researchers identified the alleged sale of 82 million Agoda records as a fabrication by a known scammer.

Adversary of the Month

Coinbase Cartel:

This group specializes in data exfiltration without encryption. They conducted 11 attacks in APAC during 2026, including targets like the Tokyo Institute of Science and Pacific Airlines.