The Kairos ransomware group has named Pyrmont-headquartered Strata Republic on its darknet leak site, claiming exfiltration of 441 gigabytes of data from the New South Wales strata management firm. The listing, published on April 17, 2026, was first reported by Cyber Daily and includes claims of stolen internal correspondence, driver's license scans, and personal photographs.

What Happened

On April 17, 2026, the Kairos ransomware group added Strata Republic to its darknet-based victim leak portal. The post alleges the attackers successfully compromised the company's environment and exfiltrated 441GB of corporate and customer data before posting proof samples intended to coerce payment.

Strata Republic operates across NSW providing strata and building management services, meaning any compromise of its systems risks cascading effects across the residential and commercial properties it administers. The company has not publicly confirmed the incident at the time of writing, and the breach remains categorized as "alleged" pending verification.

Kairos is a relatively young but increasingly active double-extortion operation that has appeared on threat intelligence radars over the past year, primarily targeting mid-market organizations across healthcare, professional services, and property sectors.

What Was Taken

According to Kairos's leak post, the stolen archive totals 441GB and reportedly includes:

The presence of government-issued identity documents significantly raises the risk profile of this breach. Driver's license data can be weaponized for synthetic identity fraud, SIM-swap attacks, and account takeovers across Australian financial and government portals.

Why It Matters

Strata management firms sit on an unusually concentrated trove of high-value personal information: identity documents for thousands of unit owners and residents, banking details for levy collections, building access credentials, and insurance records. A single compromise can expose residents of hundreds of buildings.

For Australian defenders, this incident reinforces a growing trend of ransomware operators focusing on property-adjacent service providers where data sensitivity is high but security maturity often lags larger enterprise targets. It also continues Kairos's pattern of shaming victims with embarrassing non-business material (such as party photos) alongside operational data to amplify pressure.

The Attack Technique

Initial access vector, dwell time, and encryption behavior have not been publicly disclosed. Kairos has historically relied on a combination of exposed remote access services, phishing with credential harvesting, and exploitation of unpatched perimeter appliances. The group operates a double-extortion model, exfiltrating data prior to deploying ransomware and using the leak site as a payment pressure lever.

Organizations operating in the same vertical should assume similar tradecraft is in use and prioritize detection coverage accordingly.

What Organizations Should Do

  1. Audit external attack surface for exposed RDP, VPN, and management interfaces; enforce MFA on all remote access and privileged accounts.
  2. Patch perimeter devices (firewalls, VPN concentrators, file transfer appliances) on an accelerated cadence, as these are frequent Kairos-style entry points.
  3. Segment identity document repositories and apply strict access controls, encryption at rest, and data loss prevention rules on outbound traffic.
  4. Deploy EDR with behavioral detection for credential dumping, lateral movement, and archiving utilities (7zip, WinRAR, Rclone) commonly staged before exfiltration.
  5. Maintain offline, immutable backups and regularly test restoration to reduce ransomware leverage.
  6. Prepare an incident communications plan that addresses notification obligations under the Australian Privacy Act's Notifiable Data Breaches scheme, particularly where identity documents are involved.

Sources: Exclusive: NSW-based Strata Republic allegedly breached by Kairos ransomware group - Cyber Daily