Gridware Logo

Perth OT firm allegedly breached by Akira ransomware

Share:

The Akira group uses this style of ransom note to pressure organisations into payment.

Who was targeted

Akira ransomware operators have listed Intellect Systems, a Perth-based operational technology (OT) and engineering provider, on their leak site.

The gang claims to have stolen 10 gigabytes of corporate and personal data, including employee passports, medical files, contracts, and financial information. No samples of the data have been shared, and Intellect Systems has not confirmed the breach as of writing.

Why target Intellect Systems?

Intellect Systems designs and manages OT solutions across Australia and international markets. The company recently became part of Quanta Services, a Fortune 200 contractor involved in energy and pipeline infrastructure. A ransomware breach at this level raises concerns about the exposure of both sensitive employee records and industrial project information.

How Akira is breaking in

The listing comes as Akira increases activity in Australia. The ACSC issued an advisory last week warning that the group is exploiting SonicWall devices.

Akira is also using more than one weakness:

  • Devices with unchanged or weak passwords.
  • SSLVPN misconfigurations that allow broader access than intended.
  • Abuse of the Virtual Office Portal, which in some setups lets attackers configure MFA if they already have valid usernames and passwords.

Together, these gaps give them multiple paths into networks, making it even harder for defenders to block them outright.

What’s at risk

For operational technology firms, the stakes are high. A ransomware breach can also disrupt industrial systems that communities and industries rely on. If Akira follows through with its claim, the data leak could include sensitive designs, contracts and identity documents of staff.

What defenders should do

Australian organisations running SonicWall need to act quickly:

  • Apply all available patches, including fixes for CVE-2024-40766.
  • Review VPN and portal settings to close off risky configurations.
  • Rotate passwords and enforce stronger credential policies.
  • Monitor login activity for anomalies that could point to compromise.

Akira’s not stopping here

Akira’s activity in Australia is picking up pace.

The group has been chaining SonicWall flaws to gain persistent access. The alleged breach of Intellect Systems shows us that ransomware gangs are moving into operational technology firms that sit behind energy, pipelines and industrial systems.

These environments are becoming as attractive to attackers as corporate networks, and the impact of a breach here causes the most disruption and chaos out of any industry.

Picture of Ahmed Khanji
Ahmed Khanji

Ahmed Khanji is the CEO of Gridware, a leading cybersecurity consultancy based in Sydney, Australia. He is recognised for his insights into offensive security and emerging technologies such as blockchain, and often contributes to broader cybersecurity conversations across the country. With an extensive background as a security advisor to major Australian enterprises, Ahmed helps organisations navigate the evolving threat landscape with clarity and confidence.

Related Articles​

What Is a Managed Security Service Provider (MSSP)?

Managed Security vs In-House Security Team: Which Makes More Sense for Your Business?

How to Build a Cyber Incident Response Plan for Your Australian Business

Our services

We partner deeply with clients to understand their needs, working closely and iteratively to provide robust, best-in-class security solutions

Learn more about the team at forefront of the Australian Cyber Security scene.

Gridware team
Learn more about our renowned partners and awards.

Expert penetration testing

Incident investigation & remediation

Governance, Audits & Strategy

Simulate real attacks

Security-as-a-service

24x7x365 Security Operations Centre

Comprehensive & proactive security

Harness the benefits of cloud technology

End-to-end security suite

Swift, expert-led incident resolution

Resources

A collection of our published insights, whitepapers, customer success stories and more.

Resources

Customer success stories from real Gridware customers. Find out how we have helped others stay on top of their Cyber Security.

RSPCA logo
Nikon logo

Download our Cyber Governance Factsheet

Network Penetration Testing

Get a quote

Please fill out the form so we accurately can quote your project:

Emergency Assistance

Under Attack?

Please fill out the form and we will respond ASAP. Alternatively, click the button to call us now.

Download our Incident Response Factsheet