CYBERSECURITY authorities in Oceania warn that the INC ransomware group has intensified its focus on healthcare, affecting Australia, New Zealand, and Tonga. The Australian Cyber Security Centre, CERT Tonga and New Zealand’s National Cyber Security Centre released a joint advisory on 6 March 2026 outlining INC’s targeting of critical networks, with healthcare among the leading sectors.
In Australia, the ACSC reported 11 INC ransomware attacks between July 2024 and December 2025, most often involving access gained via compromised credentials or phishing, followed by encryption and data exfiltration in some cases. The campaign expanded into New Zealand and Tonga in 2025, including a June 15 2025 disruption of Tonga’s MoH information and communications networks.
Authorities say INC joined the fray in May 2025 by stealing data and encrypting servers at a healthcare organisation before publishing the stolen data on its Dark Web site. They have also identified a named hacker behind the Tonga attack—Roman Khubov, online as “blackod.”