Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

INC ransomware healthcare targeting campaign across Oceania

Campaign
First reported
Last updated
Happening score
H score 47
1 unique sources, 1 articles

Summary

Hide ▲

The INC ransomware operation has expanded its targeting of healthcare organizations across Oceania, increasing the risk of service disruption and data theft. The activity has spread across Australia, New Zealand, and Tonga since summer 2024. Operators have used compromised accounts, spear-phishing, and known vulnerabilities to get in, then moved laterally and escalated privileges before deploying ransomware. In some cases, the group also stole PII and PHI, and one attack disrupted Tonga's Ministry of Health.

Related Happenings

Storm-1175 high-velocity zero-day and N-day intrusion campaign

Campaign
First: 07.04.2026 09:35 Last: 07.04.2026 09:35 Sources 1

About this happening: **Storm-1175** is running a **high-velocity intrusion campaign** that chains **zero-day** and **N-day vulnerabilities** to gain initial access to exposed systems, raising the risk...

Open Happening

INC New Zealand healthcare data leak

Data Leak
First: 12.03.2026 00:00 Last: 12.03.2026 00:00 Sources 1

How related: INC joined the fray in May 2025, when it stole a large amount of data and encrypted a number of servers and endpoint devices at a healthcare organization, and later published the stolen data on its Dark Web leak site.

About this happening: **INC** stole and later published data from a **healthcare organization in New Zealand**, exposing a large amount of information and escalating the event from intrusion to leak pu...

Open Happening

Romanian Waters (Administrația Națională Apele Române) hit by ransomware attack

Incident
First: 22.12.2025 17:25 Last: 22.12.2025 17:25 Sources 1

About this happening: **Romanian Waters** (**Administrația Națională Apele Române**) was hit by a **ransomware attack** that disrupted about **1,000 systems** across **10 of 11 regional offices**, whil...

Open Happening

Royal Borough of Kensington and Chelsea hit by cyberattack

Incident
First: 26.11.2025 11:20 Last: 26.11.2025 11:20 Sources 1

About this happening: The **Royal Borough of Kensington and Chelsea** and **Westminster City Council** were responding to a **cybersecurity incident** that disrupted **multiple shared systems**, includ...

Latest development: 01.12.2025 12:02

RBKC told residents on Friday 28 November 2025 that its cyber-attack on an IT service provider may have exposed historical resident, customer, and service-user data, saying evidence showed some data had been copied and taken away. The council warned about possible social engineering, said restoring services could take at least two more weeks, and noted that Westminster City Council and Hammersmith and Fulham Council were assessing shared-service impact.

Open Happening

Timeline

  1. 12.03.2026 00:00 1 articles · 2mo ago

    INC disrupts Tonga Ministry of Health networks

    Victim Impact Update

    On June 15, 2025, INC disrupted the Tonga Ministry of Health's information and communications networks, effectively shutting down core national services after the operation went directly at the ministry rather than individual facilities.

    Show sources
    Open in new tab
  2. 12.03.2026 00:00 2 articles · 2mo ago

    Oceania authorities warn on INC healthcare targeting

    Initial Disclosure

    On March 6, 2026, the Australian Cyber Security Centre, CERT Tonga, and New Zealand's National Cyber Security Centre warned that INC ransomware was targeting healthcare across Australia, New Zealand, and Tonga; the group had begun targeting Australian healthcare and professional services in summer 2024, expanded into New Zealand and Tonga in 2025, and used compromised accounts, spear-phishing, and known vulnerabilities. The same disclosure identified Roman Khubov, known online as blackod, as the hacker behind the Tonga attack.

    Show sources
    Open in new tab