Exclusive: Major Australian gold producer confirms cyber attack

While the threat actor provided little to no details of the incident, it did list the names of key company executives and their positions.

In response to Cyber Daily, Regis Resources confirmed that it was aware of an incident that occurred in November 2025, adding that it was currently investigating the matter.

“Like most large organisations, Regis is subject to ongoing, routine cyber scanning and attempted intrusions. We operate layered cyber security systems that continuously monitor our systems, identify potential threats, and isolate and neutralise them as required. These controls are designed to protect sensitive information and maintain business continuity,” the company said.

“In mid-November 2025, our systems identified a cyber intrusion. Our safeguards temporarily shut down and restricted access to our system as it was designed to do.

“A subsequent forensic investigation has indicated no data export occurred, and no ransom demands have been made.”

“The relevant authorities were notified. There was no operational or commercial impact.”

VIEW ALL

It is currently unclear if Lynx exfiltrated any data or if ransomware was deployed.

Who is Lynx?

Lynx claimed its first victim in July 2024 and has almost 400 victims to date, according to Ransomware.live.

In a “press release” published on the gang’s leak site in July 2024, Lynx said its “clear intention” is to avoid “undue harm” to the companies it targets.

“We recognise the importance of ethical considerations in the pursuit of financial gain and maintain a strict policy against targeting governmental institutions, hospitals, or non-profit organisations, as these sectors play vital roles in society,” Lynx said.

“Our operational model encourages dialogue and resolution rather than chaos and destruction. We believe that fostering an environment where businesses can engage in constructive problem-solving can lead to better outcomes for all parties involved.”