cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Australian accounting firm held to ransom by Hunters International

The Hunters International ransomware gang has claimed to have exfiltrated data from a Sydney-based accounting firm.

user icon Daniel Croft
Wed, 10 Apr 2024
Australian accounting firm held to ransom by Hunters International
expand image

The ransomware group listed T A Khoury & Co on its dark web leak site, claiming to have stolen 63.7 gigabytes worth of data.

Although the specifics of the data are unknown, Hunters International divided the files into two categories – “Client Files” and “Financial Data”.

While both sections have 63.7 gigabytes of data each, the exact same amount of data and the identical number of files (149,205) suggest that both categories hold the same data.


T A Khoury & Co is yet to issue a statement on the incident, but according to the VenariX threat feed, the firm’s website was inaccessible for some time. Cyber Daily has since observed that the website is back up.

Unlike some of its other listings, Hunters International has not put a countdown timer on the T A Khoury & Co listing.

Hunters International is a relatively young ransomware gang, having first appeared in October last year. In a short time, it has launched a number of high-profile attacks, including on the US subsidiary of Australian shipbuilder and defence contractor Austal.

While Hunters International’s origins are up for debate, several cyber experts have concluded that the group appeared out of the ashes of the Hive ransomware group, which was taken down by the FBI midway through last year.

Based on reports, Hunters International has been observed using the same malware code as Hive, with researchers noting a number of substantial code overlaps.

“It appears that the leadership of the Hive group made the strategic decision to cease their operations and transfer their remaining assets to another group, Hunters International,” wrote Bitdefender in a report.

“While Hive has been one of the most dangerous ransomware groups, it remains to be seen if Hunters International will prove equally or even more formidable.”

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

cd intro podcast

Introducing Cyber Daily, the new name for Cyber Security Connect

Click here to learn all about it
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.