Threat Intelligence Warns of Growing Initial Access and Ransomware Activity in Australia and New Zealand

Cybercriminal activity targeting Australia and New Zealand is increasingly being fuelled by the sale of initial network access and the expansion of ransomware campaigns, according to recent threat intelligence findings.

Security researchers say threat actors are exploiting compromised websites, web applications, and remote access systems to gain entry into corporate networks, before selling that access to ransomware operators and other criminal groups.

Initial Access Brokers Enable Ransomware Operations

Initial access brokers (IABs) specialise in gaining unauthorised entry into organisations and selling that access on underground forums. In Australia and New Zealand, attackers have increasingly targeted:

• Vulnerable websites and web applications
• Exposed Remote Desktop Protocol (RDP) services
• Stolen credentials obtained through phishing campaigns
• Unpatched internet-facing software

Once access is established, it is often sold to ransomware groups, significantly lowering the barrier for large-scale attacks.

Ransomware Campaigns Expand Across the Region

Ransomware groups have continued to target organisations across both countries, affecting sectors including:

• Professional services
• Healthcare and education
• Manufacturing and logistics
• Government-linked service providers

Threat actors typically move laterally from compromised web-facing systems into internal networks, deploying ransomware after conducting data exfiltration and reconnaissance.

Web Applications Remain a Key Entry Point

Analysts say insecure web applications and content management systems remain a major risk factor, particularly where:

• Security patches are delayed
• Authentication controls are weak
• Monitoring of application activity is limited

Compromised web infrastructure is often used as a foothold to access backend systems, databases, and cloud environments.

Increased Sophistication of Threat Actors

Security teams have observed attackers using more advanced techniques to evade detection, including:

• Living-off-the-land tools
• Encrypted command-and-control traffic
• Legitimate cloud and hosting services
• Blending malicious activity into normal web traffic

These methods make early detection more difficult, especially in organisations with limited visibility into website and application behaviour.

Ongoing Risk for Regional Organisations

Threat intelligence teams warn that cyber activity targeting Australia and New Zealand remains active and evolving, with no indication of a slowdown. Organisations operating public-facing websites and web applications are considered at elevated risk.

Experts note that preventing initial access remains one of the most effective ways to reduce exposure to ransomware and large-scale cyber incidents.

About Entivel
Entivel develops secure websites, web applications, and custom software solutions, providing cybersecurity, penetration testing, and web application security services for organisations operating in Australia, New Zealand, and beyond.