
Get 24/7 incident response assistance from our global team
- APAC: +65 3159 4398
- EU & NA: +31 20 890 55 59
- MEA: +971 4 540 6400
- LATAM: +56 2 275 473 79
Get 24/7 incident response assistance from our global team
Please review the following rules before submitting your application:
1. Our main objective is to foster a community of like-minded individuals dedicated to combatting cybercrime and who have never engaged in Blackhat activities.
2. All applications must include research or a research draft. You can find content criteria in the blog. Please provide a link to your research or research draft using the form below.

Group-IB‘s intelligence report for this quarter Q2 2026 maps exactly who is targeting the Australia and New Zealand (ANZ) region right now – and what they will do next.
Drawing on Group-IB’s proprietary Threat Intelligence, dark web monitoring, and incident response data, it details the advanced persistent threats (APTs), ransomware, fraud, mobile malware, initial access, and data leak activity shaping the region’s risk landscape between April and June 2026.
This quarter, the ANZ region sat squarely in the path of both financially driven cybercrime and geopolitical spillover. Australia ranked 16th globally for attacks, while nation-state actors, ransomware affiliates, and phishing-as-a-service operators all expanded their Australian and New Zealand targeting. The report gives security leaders a concise, evidence-based picture of the threats that matter, and a forward look at what Q3 2026 is likely to bring.
Every figure in this report is sourced from Group-IB’s own intelligence collection. It is written for defenders who need to prioritise, not just observe.
Download ANZ Threat Evolution in Q2 2026 for the full breakdown of threat actors, ransomware groups, fraud campaigns, and forward-looking forecasts – sourced from Group-IB’s Threat Intelligence.
The ANZ Threat Evolution in Q2 2026 report is a quarterly threat intelligence publication from Group-IB that analyses the cybercriminal and nation-state threats targeting Australia and New Zealand between April and June 2026. It covers ransomware, initial access brokers, mobile malware, fraud campaigns, compromised hosts, and data leaks, with forecasts for Q3 2026.
Group-IB identified Qilin as the most active ransomware group in the ANZ region with 11 attacks, followed by INC with 5 and The Gentlemen with 4. Globally, Qilin also led with 298 published attacks out of 2,202 total across 92 active groups.
Unlike aggregated threat feeds, Group-IB’s intelligence is built from first-hand dark web monitoring, incident response casework, and adversary tracking, then mapped to specific regional targeting. This report, for example, names the exact groups, campaigns, and industries active against Australia and New Zealand rather than reporting global averages, so defenders can prioritise the threats that actually apply to them.
Group-IB forecasts continued growth in supply-chain attacks, more mobile banking trojans maturing their Australian targeting, and follow-on attacks exploiting credentials harvested in the FortiBleed campaign — including lateral movement, privilege escalation, and potential ransomware deployment. Group-IB also anticipates evolving phishing methods that use enticement, such as discounted goods, rather than traditional fear-based lures.
Audit and secure internet-exposed edge devices — especially Fortinet FortiGate VPN gateways — and rotate any potentially compromised credentials. 2. Strengthen mobile banking and consumer fraud defences against overlay attacks and SMS-based one-time-password interception. 3. Review third-party and supply-chain exposure, since many regional data leaks originated from smaller connected vendors.
Group-IB detected 16 new incidents of Australian company data leaked into the public domain in Q2 2026, exposing more than 1.75 million user records across retail, e-commerce, financial services, education, and government sectors.
Yes. The ANZ Threat Evolution in Q2 2026 report is available as a free download by completing the form on this page.