Malibu Boats Australia, a company specialising in the production and sale of water sports towboats, has been identified as a victim in a recent ransomware event.
The Qilin ransomware group, which operates on a ransomware-as-a-service model, listed the Australian manufacturer on its dark web leak site on Oct. 29, according to an exclusive report by cyberdaily.au.
Qilin alleges that it obtained 160 gigabytes of data from Malibu Boats Australia, including more than 148,000 files.
Despite the claim that this information has been made public, the link provided by the group was not accessible at the time of reporting, and no sample files or further details were released.
Malibu Boats Australia is part of a broader company that originated in California in 1982 and holds a significant share of the global water sports towboat market.
The specific contents and sensitivity of the data allegedly taken from the Australian operations remain unverified.
The Qilin group has been active since August 2022 and is known for leasing its ransomware tools to affiliates in exchange for a portion of ransom payments.
The group has claimed responsibility for nearly 700 incidents worldwide, placing it among the more prolific actors in the ransomware space.
Earlier this year, Qilin targeted the Wyong Rugby League Club in Australia.
In a statement posted with the data leak, Qilin described the club’s network and claimed that membership card information was compromised.
“The company promised its customers that all this information would be completely confidential and would never be made public. And now this data, several thousand lines, has become available to everyone,” the group said, as reported by cyberdaily.au.
The Malibu Boats Australia incident comes amid a period of heightened cyber activity affecting Australian organisations.
According to WatchGuard Technologies, August 2025 saw more than 5,000 malware incidents and over 65,000 network attacks targeting Australian entities. This equates to an average of 179 malware events and 2,169 network-based attacks per day.
The majority of malware detected was comprised of previously known variants, while zero-day threats accounted for a smaller proportion.
Phishing and credential theft tools, including HTML:Beluga.5564 and JS:Trojan.Cryxos.14878, were among the most commonly observed, indicating continued reliance on social engineering by threat actors.
Australia represented just over 1% of malware detections in the Asia-Pacific region, but accounted for 57% of blocked network attacks, according to WatchGuard.
Malware incidents increased significantly from June to July before declining sharply in August. Network attacks also saw a downward trend over the same period.
