Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
The Australian firm is actively investigating an incident after the Anubis ransomware group posts data to the dark web, and a hacker poses as a journalist to add pressure to the extortion attempt.
Australian hydraulics and processing firm Aussie Fluid Power has confirmed it is investigating claims of a data breach made by a ransomware actor days after the Anubis group published a swathe of company data to its darknet leak site.
“Aussie Fluid Power confirms that it has experienced a security incident involving unauthorised access by a third party to a limited number of its IT systems,” an Australian Fluid Power (AFP) spokesperson told Cyber Daily.
“We are investigating the matter as a priority and have engaged forensic IT experts to support the investigation.”
AFP’s spokesperson said its investigation is ongoing and that it appears “certain employee, customer and supplier information” was compromised by the threat actor.
“We take the security and privacy of our data very seriously. We have reported the incident to the Australian Cyber Security Centre and have acted immediately to secure our systems and are strengthening our security protocols as a priority,” the spokesperson said.
“We sincerely apologise and are contacting those stakeholders who may have been impacted as quickly as possible.”
AFP said its customers and suppliers should remain vigilant, but for now, they need to take no other action.
“We will provide further updates as more information is available,” AFP said.
Anubis claimed responsibility for the hack on 16 October in a post to its darknet leak site, complete with screenshots of file directories, company documents, and several contracts with other entities.
“The leaked data includes the company’s accounting records, which we will not delve into, although we are sure that there is also something worth looking at there,” Anubis said in a lengthy leak post that detailed the nature of the data it had stolen.
Unlike many ransomware actors, Anubis uses its leak posts to outline in detail the data stolen from its victims, focusing on exposing what it believes is sensitive data to further coerce and shame its victims.
Anubis is also not adverse to pursuing other tactics to apply pressure to its victims, including posing as journalists and offering exclusive access to stolen data.
“Good day, Cyber Daily team! I am working with the Anubis-RaaS group as a journalist,” the hacking group told Cyber Daily via email.
“Please note the leak in Australia: Aussie Fluid Power. More victims from Australia, law firms, and many others will be published in the near future. If you are interested, we can provide you with the information first.”
When asked about their motivation, the individual claimed to be the leader of the Anubis group, before admitting that it was an attempt to pressure its victim.
“The company suffers the most damage when we send information about the leak to various regulatory authorities,” the Anubis spokesperson said.
Anubis is a relative newcomer to the ransomware ecosystem, with only 20 victims listed on its leak site since it went live in February 2025. According to security researchers, the gang appears to be Russian speakers and is a ransomware-as-a-service operation.
Anubis’ only other Australian victim is the Pound Road Medical Centre in Victoria, which was one of the group’s first victims.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
