The Anubis ransomware operation has listed Western Australia-based Shine Aviation on its darknet leak site in a post dated 4 April.
The hackers are claiming to have exfiltrated 57 gigabytes of data, totalling more than 68,000 files.
Anubis is never one to shy away from an overly dramatic leak post, and this one is no exception.
“For years, any incident involving aviation or airports has carried a particular weight – and for good reason,” Anubis said.
“More than two decades have passed since the September 11 attacks, a defining moment in the history of civil aviation security. While systems have improved dramatically since then, no technology has yet been able to eliminate the human factor.
“Today, we will examine one such potential vulnerability.”
What follows is a highly editorialised depiction of the Anubis attack and the nature of the data compromised by the incident.
“The leaked data includes a wide range of information, from details about aircraft and flights to access credentials for network infrastructure and various corporate systems used by the company,” the hackers said.
Anubis shared several documents to prove its claim, including scans of employee security cards, login credentials, and more in its leak post.
Cyber Daily has reached out to Shine Aviation but has yet to receive a comment.
Who is Anubis?
The Anubis ransomware operation was first observed in February 2025, when it listed its first four victims, one of which was the Pound Road Medical Centre in Victoria.
Since then, the group has claimed a total of 69 victims – with five of those victims hailing from the ANZ region – and earning itself a reputation for particularly vicious negotiation tactics along the way.
In the case of Pound Road Medical Centre, Anubis listed in detail what it alleged was serious malpractice, saying it had uncovered evidence of “expired vaccines, loss of morphine ampoules, vaccinating patients without their consent, defrosting refrigerators with medicines and other cases”.
Speaking to Cyber Daily at the time, Matt Green, then principal threat analyst at Rapid7, outlined the group’s tactics.
“Anubis’s extortion methods appear to involve writing investigative-style reports about victims, publishing hidden blog posts, and notifying regulatory bodies to apply pressure,” Green said.
“This structured approach to cyber extortion suggests a high level of organisation.”
Anubis is also not above contacting media outlets to add weight to their extortion efforts.
The group’s most recent Australian victim was Queensland-based medical clinic Laidley Family Doctors, which was listed by Anubis in late December 2025.
Who is Shine Aviation?
Shine Aviation is based in Geraldton, Western Australia, and offers chartered flights and tours, training and engineering, and aircraft rental and maintenance services. The mainstay of the business, however, is fly-in, fly-out services for the mining industry.
“In 2011, Shine Aviation added a Beechcraft 1900D to its fleet. The 19-seat aircraft services midwest mining companies to access remote mine sites,” the company said on its website.
“Whilst operating predominantly in the midwest region of Western Australia, Shine Aviation offers flights and aviation services to anywhere in Australia.”
The company operates a fleet of 15 aircraft capable of carrying between five and 19 passengers.
Want to see more stories from trusted news sources?Make Cyber Daily a preferred news source on Google.
David Hollingworth
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.