Hexicor

Summary

Brisbane-based IT services firm Hexicor was targeted by the KillSec ransomware gang in early April 2025. The attackers listed Hexicor on their darknet leak site and shared screenshots of customer folders, digital certificates, hashed passwords, and backup data, offering to sell the stolen information to either Hexicor or other bidders.

What Happened

On 1 April 2025, the KillSec ransomware gang listed Hexicor as a victim on its darknet leak site. The attackers shared evidence of the breach including screenshots showing alphabetically organised customer folders, digital certificates, lists of hashed passwords, and backup data. KillSec offered to sell the allegedly stolen data to either Hexicor or other interested parties. Hexicor was one of 14 victims listed by KillSec on the same date.

Impact on Individuals

The breach potentially affects Hexicor's extensive client base of over 1,500 business customers and more than 1,000 government customers across Queensland, South Australia, and the Northern Territory. The incident is particularly concerning as Hexicor provides cyber security, unified communications, and network services to its clients, raising risks of supply chain compromise.

Organisational Response

Hexicor has not made public statements regarding the incident. The company, which employs staff across Queensland, South Australia, and the Northern Territory, continues to operate whilst the breach remains under investigation.