A newly emerged ransomware group has claimed responsibility for a cyber security incident impacting Australian testing firm ALS Global, which earlier this month revealed it was responding to “malicious cyber activity” on its network.
The Aur0ra group, which was first observed in April 2026, shared details of the incident in a 19 June leak post, which included details of the compromised data and several sets of sample files.
According to the hackers, the complete dataset includes the home directories of up to 500 employees (which include cached credentials and personal data), hundreds of plaintext password files, passport scans, bank account details, payroll data, and workplace injury records.
In addition, client laboratory results, analytical data, and internal research are also allegedly impacted.
The sample data includes several administrator passwords, bank account data, and the details of a salary negotiation process.
Aur0ra is threatening to publish the full data set within three days.
ALS Global has said it is aware of the hackers’ post.
“ALS is aware that a threat actor has published information online claiming it was obtained from ALS systems during the cyber incident identified in May 2026, and previously disclosed to the market,” an ALS spokesperson told Cyber Daily.
“On identifying the incident, we engaged cyber security experts to contain and investigate and have taken steps to further strengthen security controls and enhance monitoring across our environment.
“ALS has notified the Australian Cyber Security Centre (ACSC) and relevant regulators across applicable jurisdictions, and we will continue to meet all regulatory obligations.”
Who is Aur0ra?
The Aur0ra group was first observed in April 2026 and has claimed attacks against at least 19 organisations since then, with victims located in the United States, Canada, Australia, Belgium, the Maldives, France, Qatar, the United Arab Emirates, and Pakistan.
Little else is known about the group; however, it is believed that the group makes use of a Go-based malware that has been used by several threat actors since 2022, and that it is active on several underground hacking forums.
Who is ALS Global?
The company dates back to 1863, when it began life as a small Australian chemical firm, but now operates in more than 70 countries around the world, including in Europe, North and South America, Asia, and Africa.
The company had previously revealed it was responding to a cyber incident in an 11 June filing to the Australian Stock Exchange, which had caused “temporary disruption to parts of the group’s operations”.
ALS Global provides testing solutions to a wide range of industries with a focus on sustainability. It is headquartered in Brisbane and employs more than 22,000 staff.
Want to see more stories from trusted news sources?Make Cyber Daily a preferred news source on Google.
David Hollingworth
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.