New Zealand property developer Hopper Developments has reportedly been listed on the dark web leak site of the Qilin ransomware group, drawing attention to cyber exposure and incident visibility in the local market.
Cyber Daily reported that the Orewa-based firm, known for its civil engineering and property development projects, appeared on Qilin’s leak portal this week. The listing indicates that threat actors are claiming to have accessed the company’s systems or data, although no technical details have been publicly verified. The Qilin site also carried the group’s standard ultimatum that data would be published “unless a company representative contacts us via the channels provided.”
Hopper Developments has not issued a public statement on the matter. Cyber Daily reported that it had contacted the firm for comment but had not received a response at the time of publication. For now, the incident remains an allegation originating from a criminal group’s infrastructure rather than from a confirmed corporate disclosure.
Qilin operates under a ransomware-as-a-service (RaaS) model, in which core operators provide malware and infrastructure to affiliates who carry out attacks and share ransom proceeds. The operation was first identified in August 2022 and has since been linked in open-source reporting to more than 1,200 claimed victims worldwide.
The group’s activity has spanned multiple regions, with recent reporting indicating a strong focus on North America and Australia. In 2025, Qilin has claimed 11 Australian victims, indicating recurring attacks in that market. The US has been described as its most targeted jurisdiction, with hundreds of victim listings attributed to the group.
A global study commissioned by security vendor Arctic Wolf found that 85% of surveyed organisations in Australia and New Zealand had experienced at least one cyber incident in the previous year, compared with 76% globally. The same survey indicated that nearly three-quarters of local respondents who faced ransomware demands paid at least one ransom to prevent data exposure, and 91% of those who paid used external negotiators. Fewer than half reported achieving a reduction in the initial ransom demand. These findings are relevant for cyber underwriters and intermediaries seeking to calibrate pricing, coverage terms, and sublimits, particularly around extortion, business interruption, and incident response costs.
Beyond statistics and high-profile cases, New Zealand’s cyber risk landscape is characterised by a gap between incidents that become public and those handled out of view, according to industry practitioners. That gap has implications for insurers, reinsurers, and brokers who depend on incident and claim data to price, structure, and monitor cyber portfolios. Market commentary points to a significant volume of incidents that are either resolved internally or managed with external response firms without public disclosure or regulatory notification. Some events may also be settled through direct ransom payments that do not appear in official reporting channels.
According to NSP, the subset of attacks that attract media attention represents only a fraction of actual events affecting New Zealand businesses. Geordie Stewart, chief information security officer at NSP, described the scale of the underreporting. “For every cyber incident that makes the news, we believe at least 10 more occur quietly. Some are handled internally, some resolved with external incident responders, and others are settled through ransom payments that never see daylight. Which means business leaders are making decisions about their security posture based on about 10% of the actual data,” he said, as reported by IT Brief.
For insurers, this dynamic complicates exposure modelling and makes it harder to rely on public incidents as a proxy for true loss experience in the market. Without a fuller picture of incident frequency and severity, carriers may face challenges in setting terms and limits, while brokers and risk advisers may have fewer reference points when guiding clients on coverage adequacy.
