AI is driving a rapid increase in sophisticated cyberattacks, and Australia’s high median wealth, abundant resources, and geopolitical influence make it a prime target for both cybercrime groups and advanced persistent threats (APTs).
Cyble has documented more than 50 threat groups active in Australia in 2025, including ransomware and cybercrime groups, hacktivists, and APTs linked to China, Russia, Iran, and North Korea.
Cyble dark web researchers have investigated 71 major cyber incidents in Australia this year through mid-August, up 13% from the same period in 2024 – in line with the growth in cybercrime for 2023-2024 reported by the Australian Signals Directorate’s Australian Cyber Security Centre (ASD/ACSC).
Facing such significant – and growing – cyber threats requires strong preparation and automation by organizations that may find themselves a target of financially or ideologically motivated threat actors.
The Growing Use of AI by Threat Groups
Threat groups are using AI for everything from making phishing and social engineering attacks more convincing to modifying malware to make it more difficult to detect. Uses include:
- Improved reconnaissance and scanning for vulnerable environments, particularly by APT groups
- More sophisticated phishing and spear phishing emails, and convincing deepfake audio and video
- Developing vulnerability exploits – and increasingly, discovering zero-day vulnerabilities
- Using malicious LLMs such as GhostGPT to develop and refine malware and to evade security defenses
- And increasingly, autonomous, self-adapting malware.
To meet those challenges, security teams will need to implement robust defenses and AI-driven, automated security defenses.
Sophisticated Cyberattacks Targeting Australia
The 71 major cyber incidents targeting Australian organizations that Cyble researchers have documented thus far in 2025 have been spread across many sectors, such as energy, IT, telecom, construction, political, insurance, financial, transportation, and healthcare organizations.
One of the more widely publicized recent incidents involved illicit access to a Qantas call center and third-party customer servicing platform that may have been part of a broader campaign targeting the airline industry by the Scattered Spider threat group. Scattered Spider is known for advanced social engineering strategies such as vishing, often impersonating help desk or IT staff to steal credentials.
Another recent incident is part of an alarming trend of growing software supply chain attacks. A threat actor on the English-language cybercrime forum DarkForums leaked source code belonging to an Australian SaaS company that offers a comprehensive Loan Management System (LMS) and an electronic document signing tool. According to the threat actor, the leaked source code included authentication modules, document generation components, administrative and dashboard interfaces, API endpoints, and database administration access. Such cyberattacks can be particularly hazardous because they can expose downstream customers of a company.
Another incident of note involved a threat actor (TA) on DarkForums who claimed to possess data belonging to a wholesale broadband network infrastructure project in Australia owned by the government. The TA claimed to be in possession of approximately 306 GB of data, consisting of network maps and designs, cable details, equipment documentation, information on implementation and installation methods, field inspection reports, drilling reports, work order forms and execution files, as-built checklists, and technical performance test reports. To corroborate their claims, the TA shared a few sample images comprising various network maps and designs.
Defending Against AI Cyberattacks
Defending against AI-powered attacks and other advanced threats can be daunting. Fortunately, cybersecurity best practices and good cyber hygiene can help, and they often don’t cost more than the time it takes to get them right.
Those best practices include:
- Having a strong risk-based vulnerability management program
- Knowing what your critical assets are, and segmenting and protecting them
- Removing or protecting web-facing assets
- Implementing Zero-Trust access principles and multi-factor authentication
- Having backups of critical data that are immutable and air-gapped
- Hardening endpoints, infrastructure, and configurations
- Monitoring and protecting network, endpoint, and cloud infrastructures
- Developing – and rehearsing – incident response plans
- Training employees to recognize phishing and other social engineering attacks – and ideally, filtering malicious emails before they ever get to employees
Getting the basics right can limit the impact of any cyberattacks that do occur, but beyond that, the only thing that can keep pace with AI-powered threats is AI-powered cyber defenses, for continuous, adaptive monitoring, detection, and endpoint protection.
Cyble’s comprehensive attack surface management solutions can help by scanning network and cloud assets for exposures and prioritizing fixes, in addition to monitoring for leaked credentials and other early warning signs of major cyberattacks.
