Menu
Browse

Cyber Threat Actor: Australian Cybercrime Group

Actor Type Location Known Incidents
 Icon
Criminal
Australia
1 incident
Profile

The Australian Cybercrime Group, also known by the alias Australian Cybercrime Group, is a threat actor that has been observed operating from Australia. The only publicly documented activity attributed to this actor is a phishing campaign that targeted the Australian Catholic University on May 22, 2019. In that incident, the actor sent fraudulent emails that appeared to come from the university, directing recipients to a counterfeit login page designed to harvest credentials. Successful credential theft enabled unauthorized access to a limited number of staff email accounts, calendars, and associated bank account details. The university responded by resetting compromised passwords, notifying its financial institution, and informing relevant data protection authorities while pledging to improve cybersecurity awareness programs and IT system safeguards. No other incidents or operational details have been publicly linked to this actor at this time. The observed initial access vector relies exclusively on deceptive email messages that lure users to fake web pages for credential collection.

Based on the single reported case, the actor’s known targeting appears to focus on educational institutions within Australia. No malware families, exploit kits, or additional tooling have been described in the available reporting. Public sources do not indicate any state sponsorship, criminal consortium affiliation, or broader campaign beyond the 2019 university breach. Consequently, the actor’s strategic objectives and broader operational scope remain unspecified in the open record. The incident was reported by reputable technology news outlets, which provided the primary source of information about the actor's tactics. No public attribution to any specific individual or group has been made beyond the alias associated with the activity. As of the knowledge cutoff, the actor has not been linked to any subsequent operations or identified infrastructure.

Incidents
Attributed incidents available to members
1 incident
Sources
Sources available to members
0 sources