The INC Ransom hacking group has listed Granville, NSW-based Mastercom as a victim on its darknet leak site and published a tranche of internal business and customer data.
The company was initially listed in an 11 April leak post, with the hackers claiming to have compromised customer, human resources, and financial data.
Soon after, INC Ransom published the full dataset, which also includes information from a company called Queensland Communications, which was acquired by Mastercom in 2013.
While the Mastercom data appears to include folders belonging to several employees and a selection of backup data, the Queensland Communications features a folder listing more than 100 customers of the company, in at least one case, including details of fault reports, with details of internal building layout, photos of cable runs, and locations of internal communications equipment.
MasterCom has said it is aware of the hackers’ claims.
“Thanks for contacting Mastercom. We are aware of the incident you are referring to,” Hamish Duff, Mastercom’s managing director, told Cyber Daily.
“Steps were taken when it occurred, and we won’t be commenting further.”
Who is INC Ransom?
INC Ransom has been active since 2023 and has claimed 760 victims since it first emerged.
The group operates under a ransomware-as-a-service model, hiring its malware out to affiliates in return for a cut of any ransom payments.
According to the Australian Cyber Security Centre (ACSC), the group has been increasingly targeting Australian victims, particularly in the healthcare sector.
“Between 1 July 2024 and 31 December 2025, the ACSC responded to a total of 11 reported INC Ransom related incidents in Australia, affecting predominantly professional services and healthcare,” the ACSC said in a 6 March advisory outlining the group’s operations.
“Since January 2025, the ACSC has observed INC Ransom affiliates target Australian healthcare sector entities using compromised accounts. Upon initial access, affiliates have conducted privilege escalation by creating admin-level accounts and moving laterally within victim networks. INC Ransom deployed malicious files with the file name win.exe. In some incidents, the ACSC has observed data exfiltration of personally identifiable and medical information.”
INC Ransom’s most recent Australian victim was the Bendigo & District Aboriginal Co-operative, which was listed at the same time as Mastercom.
Who is Mastercom?
Mastercom provides a range of communications services to customers in transport and logistics, local government, emergency services, and airports and ports.
The company, alongside several others, also operates the Orion Network, “Australia’s largest commercial two-way radio network”, according to Mastercom.
Mastercom’s local government clients include Newcastle City Council, Maitland City Council, and Penrith City Council. The company also provides two-way radio emergency response services to state and federal police, the SES, and fire services.
Want to see more stories from trusted news sources?Make Cyber Daily a preferred news source on Google.
David Hollingworth
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.