Anubis Ransomware Group Targets Shine Aviation in 57GB Data Breach
On 4 April, the Anubis ransomware operation listed Shine Aviation, a Western Australia-based aviation services provider, on its darknet leak site, claiming to have exfiltrated 57GB of data over 68,000 files. The hackers allege the stolen data includes aircraft and flight details, network access credentials, employee security card scans, and corporate system logins, which they partially published as proof.
Anubis framed the attack as an exposé of vulnerabilities in aviation security, invoking the legacy of 9/11 in a dramatic post. The group has a history of aggressive extortion tactics, including regulatory notifications, media outreach, and public shaming of victims. Since emerging in February 2025, Anubis has claimed 69 victims, five in the ANZ region, with a reputation for targeting healthcare and critical infrastructure.
Shine Aviation, headquartered in Geraldton, WA, specializes in charter flights, FIFO (fly-in, fly-out) services for mining operations, pilot training, and aircraft maintenance, operating a fleet of 15 aircraft with capacities of 5 to 19 passengers. The company primarily serves Western Australia’s midwest mining sector but provides services nationwide.
This incident follows Anubis’s December 2025 breach of Queensland’s Laidley Family Doctors and its February 2025 attack on Victoria’s Pound Road Medical Centre, where it publicly accused the clinic of medical malpractice, including expired vaccines and unauthorized vaccinations. Security analysts, including Rapid7’s former principal threat analyst Matt Green, describe Anubis as highly organized, combining data leaks with regulatory and media pressure to maximize leverage.
Shine Aviation has not yet responded to requests for comment. The full scope of the breach and its operational impact remain under investigation.
Mediteam cybersecurity rating report: https://www.rankiteo.com/company/mediteamaustralia
Shine Aviation Services cybersecurity rating report: https://www.rankiteo.com/company/shineaviation
"id": "MEDSHI1775701489",
"linkid": "mediteamaustralia, shineaviation",
"type": "Ransomware",
"date": "4/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Aviation',
'location': 'Geraldton, Western Australia',
'name': 'Shine Aviation',
'type': 'Company'}],
'data_breach': {'data_exfiltration': True,
'number_of_records_exposed': '68,000 files',
'personally_identifiable_information': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Aircraft and flight details',
'Network access credentials',
'Employee security card scans',
'Corporate system logins']},
'date_detected': '2025-04-04',
'date_publicly_disclosed': '2025-04-04',
'description': 'On 4 April, the Anubis ransomware operation listed Shine '
'Aviation, a Western Australia-based aviation services '
'provider, on its darknet leak site, claiming to have '
'exfiltrated 57GB of data over 68,000 files. The hackers '
'allege the stolen data includes aircraft and flight details, '
'network access credentials, employee security card scans, and '
'corporate system logins, which they partially published as '
'proof. Anubis framed the attack as an exposé of '
'vulnerabilities in aviation security, invoking the legacy of '
'9/11 in a dramatic post.',
'impact': {'brand_reputation_impact': 'High',
'data_compromised': '57GB (68,000 files)',
'identity_theft_risk': 'High'},
'investigation_status': 'Under investigation',
'motivation': ['Extortion', 'Public shaming', 'Regulatory pressure'],
'ransomware': {'data_exfiltration': True, 'ransomware_strain': 'Anubis'},
'references': [{'date_accessed': '2025-04-04',
'source': 'Anubis darknet leak site'}],
'threat_actor': 'Anubis ransomware group',
'title': 'Anubis Ransomware Group Targets Shine Aviation in 57GB Data Breach',
'type': 'Ransomware'}