Harbin Asian Winter Games Organizing Committee
February 7, 2025
•[ cyberattack, state-sponsored attack ]
China accuses US of launching 'advanced' cyberattacks, names alleged NSA agents
Beverly Hills Oncology Medical Group
February 7, 2025
•[ data leak, unauthorized access ]
Beverly Hills Oncology Medical Group in California identified and blocked unauthorized access to parts of its network between February 7 and February 11, 2025, then engaged third-party cybersecurity experts to investigate. The review confirmed that an external actor had accessed and potentially removed files containing patient information. On October 13 the practice confirmed that exposed data included names, Social Security numbers, government ID numbers, financial account and credit/debit card details, health insurance information, and diagnostic, treatment, prescription and other clinical data, and on October 31 it filed breach notices and began notifying affected individuals while offering 12 months of complimentary credit monitoring.
Multiple Organizations in South Korea
February 6, 2025
•[ cryptomining, malware, trojan ]
ASEC analysis shows CoinMiner/XMRig variants delivered through trojanized removable media using DLL sideloading and PowerShell to mine cryptocurrency on compromised endpoints across Korea (the Republic of)n organizations.
Users of fake DeepSeek sites
February 6, 2025
•[ phishing, data leak ]
Phishing campaign using dozens of fake DeepSeek-branded websites to steal user credentials and cryptocurrency through fraudulent login and wallet interfaces.
Islamic Emirate of Afghanistan – Ministries and Agencies
February 6, 2025
•[ data leak ]
Hackers breached Taliban-run Afghan government systems (TalibLeaks) and published tens of gigabytes of confidential records from 21 ministries online.
PrivatBank
February 6, 2025
•[ phishing, malware, data leak ]
A criminal group identified as UAC-0006 used phishing emails with password-protected attachments to deliver SmokeLoader malware targeting PrivatBank customers. The campaign aimed to steal credentials and financial data, active since November 2024.
Multiple Organizations in Asia
February 6, 2025
•[ espionage, backdoor, credential theft ]
Evasive Panda, a Chinese state-sponsored group operating under the Ministry of State Securitys Guangdong State Security Department / Technical Reconnaissance Bureau, deployed a custom SSH backdoor across enterprise network devices to exfiltrate credentials and maintain long-term covert access in espionage operations identified by Cisco Talos in February 2025.
IMI plc
February 6, 2025
•[ data leak ]
IMI plc disclosed unauthorised access to its systems, engaged external cybersecurity experts, and stated it will provide further updates; no details on data stolen, systems impacted or threat actor identified were included.
Bohemia Interactive
February 6, 2025
•[ DDoS, service disruption ]
Bohemia Interactives DayZ and Arma servers experienced a distributed denial of service attack beginning 2025-02-06, disrupting connectivity for players. Some claims attributed the incident to the group Xiangjang_zhi, though no official confirmation exists.
Users of Steam game PirateFi
February 6, 2025
•[ malware, data leak ]
Free-to-play game PirateFi on Steam removed after being discovered to install Vidar infostealer; victims urged by Valve to scan or reformat their systems.
Franklin County Government
February 6, 2025
•[ ransomware ]
On February 6 2025, Franklin County, Maine, experienced a sophisticated ransomware attack that briefly disrupted county computer systems. Officials confirmed no permanent data loss, no evidence of exfiltration, and rapid restoration using backups within 24 hours. The incident caused minor service delays but did not result in data exposure or financial loss beyond restoration costs.
MacKay Memorial Hospital
February 6, 2025
•[ ransomware, data leak ]
Ransomware attack by Chinese actor CrazyHunter encrypted hospital systems and exfiltrated 32.5 GB of patient data; over 500 computers crashed, disrupting clinical services for several days; attacker linked to other Taiwanese targets.
American Israel Public Affairs Committee (AIPAC)
February 6, 2025
•[ data leak, third-party breach ]
AIPAC reported that a criminal cyberattack on a third party led to unauthorized access to files on its own information systems from October 2024 through February 2025 and a review later determined that personal identifiers for 810 individuals had been taken prompting notification letters and additional security controls
St. Anthony Hospital (Chicago)
February 6, 2025
•[ data leak, healthcare, unauthorized access ]
St. Anthony Hospital in Chicago reported that on February 6, 2025 it discovered a data breach involving a small number of employee email accounts that had been accessed by an unauthorized actor. The compromised mailboxes contained personal and medical information such as names, addresses, dates of birth, Social Security numbers, medical record and account numbers, prescription details, and medical histories for roughly 6,679 individuals. The hospital engaged outside cybersecurity experts, reset credentials, and began notifying potentially affected patients and staff while offering guidance on credit monitoring. Officials said there was no evidence of misuse yet but warned people to remain vigilant for fraud or identity theft.
Islamic Emirate of Afghanistan – Ministries and Agencies
February 6, 2025
•[ data leak, confidential records, government breach ]
Hackers breached Taliban-run Afghan government systems (TalibLeaks) and published tens of gigabytes of confidential records from 21 ministries online.
Saint Anthony Hospital
February 6, 2025
•[ unauthorized access, email account compromise, healthcare data breach ]
Saint Anthony Hospital reported that on February 6 2025 an unauthorized party accessed two employee email accounts, exposing personal and health information of approximately 146,108 patients; the breach was confirmed in February 2026 and notifications were sent in March 2026.
University end-users via cloned site
February 5, 2025
•[ malvertising, phishing, malware ]
Malvertising campaign cloning a German university website to distribute a fake Cisco AnyConnect installer which installed NetSupport RAT on victim machines.
Chemical, Food, and Pharmaceutical Enterprises in Russia
February 5, 2025
•[ infostealer, phishing, data leak ]
Nova Infostealer campaign led by Rezet, also known as Rare Wolf, targeted Russian chemical, food, and pharmaceutical firms, harvesting credentials and internal documents through phishing and malicious installers.
Russian Organizations Across Various Industries
February 5, 2025
•[ malware, phishing, data leak ]
Nova Infostealer malware campaign targeting Russian organizations across multiple industries collected credentials and files via phishing and malicious installers.
Russian Industrial Facilities
February 5, 2025
•[ infostealer, phishing, malware ]
Nova Infostealer was deployed by the threat group NGC4020 in Russian industrial facilities, stealing host credentials and files from infected endpoints through phishing and malicious installer packages.
