GoKawiilCybersecurity authorities in Oceania are warning that the INC ransomware operation has been ripping through healthcare organizations in the region.
Healthcare — particularly 24/7 patient care facilities — has always been foremost among targets for ransomware actors, ever since they collectively decided that morality wasn't really their forte. INC embodies this trend, targeting the industry at a higher clip than almost any other ransomware group.
In the last couple of years, it has spread those operations globally. On March 6, the Australian Cyber Security Centre (ACSC), the Kingdom of Tonga's National Computer Emergency Response Team (CERT Tonga), and New Zealand's National Cyber Security Centre (NCSC) released a joint advisory about it. It ostensibly covered INC's "targeting of critical networks" in the region, but in practice focused almost entirely on its threat to this one sector.
INC Incorporates Oceania Into its Targeting
Related:Chinese Cyber Threat Lurks In Critical Asian Sectors for Years
Sometimes, organized cybercrime outfits execute full frontal offensives in specific industry verticals or geographic regions, indicating forethought and a clear plan of attack.
Last week's advisory paints a picture of a cybercrime outfit that initially had other plans, but gradually realized the opportunity in Oceania's healthcare sector over time.
INC's initial focus was in the US and the UK, the authorities noted. Only a year or so into its run, in the summer of 2024, it began targeting Australian companies in the professional services and healthcare industries.
That activity seems to have picked up steam in 2025, and expanded into neighboring New Zealand and Tonga. Tonga, in particular, suffered a significant attack at INC's hands, which caused disruptions to national health services.
INC Incidents in Australia, New Zealand, and Tonga
... continue reading