Australia Faces Rising Cyber Threats: Urgent Action Required

As cyber threats continue to evolve, this week’s intelligence paints a sobering picture of the global digital battlefield—and Australia is far from immune. From ransomware operations to industrial control system vulnerabilities, the risks are intensifying across sectors critical to national resilience.

Executive Snapshot

In the past week, a wave of sophisticated cyber threats emerged, targeting aviation, public-sector organisations, and critical infrastructure. The Charon ransomware, exhibiting advanced evasion tactics akin to nation-state actors, has been particularly aggressive. Crypto24 continues its global campaign against large enterprises, deploying custom tools to bypass endpoint detection.

Australia’s own vulnerabilities were exposed when the University of Western Australia initiated a mass password reset following unauthorised access—highlighting the persistent threat to education and research institutions.

Vulnerabilities in Focus

Several high-severity flaws demand urgent attention:

• Fortinet FortiSIEM (CVE-2025-25256): A critical RCE vulnerability actively exploited in the wild.
• Cisco Secure Firewall FMC (CVE-2025-20265): A CVSS 10.0 flaw enabling unauthenticated command execution.
• WinRAR (CVE-2025-8088): A zero-day vulnerability allowing remote code execution during archive extraction.
• Microsoft SharePoint Server 2019 (CVE-2025-53770): Unauthenticated RCE due to unsafe deserialisation.
• TETRA Protocol (CVE-2025-52941): Encryption weaknesses affecting emergency services and industrial systems.

Australian organisations using these platforms must act swiftly to patch and secure systems.

Industrial Control Systems Under Fire

Critical infrastructure is facing heightened risk. Siemens, Rockwell Automation, and Citrix products have all been flagged for vulnerabilities that could allow arbitrary code execution, privilege escalation, and persistent network access. Attacks on Erlang OTP and OPC UA protocols further threaten healthcare, mining, and agriculture sectors.

CISA’s mitigation guidelines and asset inventory strategies are essential reading for ICS owners, especially in Australia’s resource-heavy industries.

Ransomware and Cybercrime Escalation

The BlackSuit ransomware group, responsible for over 450 attacks since 2022, had its infrastructure disrupted by U.S. law enforcement. However, the threat remains as actors regroup. North Korean campaigns are shifting towards financial targets, while Charon’s tactics—DLL sideloading and BYOVD—mirror those of Chinese APTs.

Australia’s aviation and healthcare sectors are particularly vulnerable, and coordinated international defence efforts offer a blueprint for local response.

Software and Cloud System Risks

Cloud platforms and software systems are under siege:

• Citrix NetScaler ADC: Web shell attacks exploiting CVE-2025-5777.
• ServiceNow: RCE vulnerability (CVE-2024-4879) threatening sensitive data.
• Ghost CMS and JetBrains TeamCity: Multiple flaws enabling file access and authentication bypass.
• VMware vSphere Client and Grav CMS: XSS and plugin upload vulnerabilities.

Australian enterprises must prioritise patching, enforce access controls, and enhance monitoring to defend against these threats.

Final Thoughts

This week’s developments underscore the convergence of cybercrime and nation-state tactics, with adversaries leveraging advanced malware, exploiting critical vulnerabilities, and targeting sectors vital to Australia’s operational resilience. Proactive defence, timely patching, and cross-sector collaboration are no longer optional—they’re imperative.