At least one Ukrainian government organization
March 1, 2026
•[ spear-phishing, malware, cyber espionage ]
Ghostwriter, also tracked as FrostyNeighbor, UNC1151, UAC-0057, TA445, PUSHCHA, Storm-0257, and related names, conducted a March 2026 spear-phishing campaign against Ukrainian government organizations. The campaign used malicious PDF lures impersonating Ukrtelecom, geofenced delivery to Ukrainian IP addresses, JavaScript PicassoLoader, host fingerprinting, and selective delivery of Cobalt Strike Beacon. Although no specific Ukrainian government agency was publicly named, reporting described successful compromise activity against Ukrainian government targets; no stolen data volume was reported.
Hutt City Council
March 1, 2026
•[ phishing, unauthorized access, email compromise ]
Hutt City Council experienced a malicious phishing attack in March 2026 that resulted in unauthorized access to a number of email accounts. The council determined that five individuals had identity information compromised and 732 people may have had financial information exposed through email correspondence.
Adelante Soluciones Financieras
March 1, 2026
•[ data leak, unauthorized access, PII ]
Addi identified unauthorized activity on its platform in March 2026 and advised customers that personal information may have been compromised. ShinyHunters later claimed responsibility and published a large trove of personal data allegedly obtained from Addi. DataBreach indexed 67,979,172 rows tied to the breach, while HIBP reported approximately 34 million exposed email addresses and credit-related data points. Public sources did not confirm encryption, data destruction, operational disruption, or a precise intrusion vector.
BadeSaba
February 28, 2026
•[ hacking, hacktivism, propaganda ]
BadeSaba, a religious calendar app with more than 5 million downloads, was hacked to display anti-regime messages to users. The compromised app showed propaganda urging armed forces to surrender and join the people.
IRNA
February 28, 2026
•[ hacktivism, website defacement, political messaging ]
IRNA was hacked to display political messages during the same campaign that affected BadeSaba. Reporting says multiple Iranian news websites were compromised, and this row captures IRNA as one named victim.
Murata Manufacturing Co., Ltd.
February 28, 2026
•[ unauthorized access, data leak, IT environment breach ]
Murata Manufacturing confirmed unauthorized third-party access to its IT environment and improper access to data, with later updates identifying possible leakage of employee, associated-person, customer, supplier, stakeholder, and business partner information.
Roskomnadzor
February 27, 2026
•[ DDoS attack, multi-vector attack, traffic scrubbing ]
A multi-vector DDoS attack targeted Roskomnadzor online resources. Traffic peaked at 33 Gbps and 36.9 million packets per second before malicious traffic was redirected to scrubbing servers and access was restored.
Ministry of Defence of the Russian Federation
February 27, 2026
•[ DDoS attack, multi-vector attack, cyber attack ]
A multi-vector DDoS attack targeted online resources associated with the Russian Ministry of Defense. Traffic peaked at 33 Gbps and 36.9 million packets per second before mitigation restored access.
Federal State Unitary Enterprise Main Radio Frequency Center
February 27, 2026
•[ DDoS attack, network infrastructure, cyber security ]
A multi-vector DDoS attack targeted infrastructure operated by the Main Radio Frequency Center. Traffic peaked at 33 Gbps and 36.9 million packets per second before malicious traffic was redirected to scrubbing servers and access was restored.
Wilhelmsen Ship Management (Norway) AS
February 27, 2026
•[ ransomware, data leak, operational disruption ]
A ransomware incident affected systems on a single Wilhelmsen-managed ship and disrupted that vessels operations. Later reporting said passport and next-of-kin information relating to personnel on that ship was also compromised.
Dienst Justitiële Inrichtingen
February 27, 2026
•[ data leak, vulnerability exploit, internal network access ]
Hackers exploited an Ivanti Endpoint Manager Mobile flaw to access the internal network of the Dutch prisons agency and view staff contact details and security certificates; they also gained access to phones, tablets, and laptops.
KPMG Israel
February 27, 2026
•[ hacktivism, DDoS, website defacements ]
Industrial Cyber summarized Intel 471 analysis that USIsrael strikes on Iran triggered a surge of hacktivist activity and claims of DDoS, website defacements, and breach allegations. The most impacted regions during Feb 27Mar 6, 2026 were reported as Israel, Kuwait, and Jordan, with Bahrain, Qatar, and the UAE also in the top ten; the most targeted industries included national government, aerospace/defense, and technology. The article describes broad, multi-actor retaliation dynamics (including pro-Russian and pro-Iranian collectives) rather than one discrete confirmed cyber event against a single named target.
Wagon Mound Public Schools
February 27, 2026
•[ ransomware, virus, extortion ]
Wagon Mound Public Schools said a virus infected its systems and shut down access across the network, and later outside reporting tied the incident to an Interlock ransomware extortion claim alleging theft of 80 GB of staff and student data.
Boston Mountain Rural Health Center
February 27, 2026
•[ hacking, IT incident, network server ]
Boston Mountain Rural Health Center reported a hacking/IT incident involving a network server on February 27, 2026, affecting 4,800 individuals and potentially exposing sensitive personal health information; specific exposed data fields were not publicly reported.
Mexico City Civil Registry
February 26, 2026
•[ data leak, unauthorized access, exfiltration ]
Attackers gained unauthorized access to Mexican government civil registry databases and exfiltrated sensitive records. Stolen data reportedly includes birth certificate information and national identification numbers from Mexico Citys civil registry.
Monterrey Water Utility
February 26, 2026
•[ unauthorized access, data leak, billing information ]
Attackers gained unauthorized access to Monterreys municipal water utility databases and stole internal and customer records. The exposed data reportedly includes billing and account information linked to utility customers.
Mexico Tax Authority
February 26, 2026
•[ data leak, unauthorized access, government ]
Attackers accessed Mexican tax authority systems and exfiltrated taxpayer information. The compromised data reportedly includes tax records and taxpayer identification details.
Michoacán State Government
February 26, 2026
•[ data breach, citizen identification data, government registry records ]
Attackers accessed databases belonging to the Michoacn state government and stole sensitive administrative records. The compromised information reportedly includes citizen identification data and government registry records.
Tamaulipas State Government
February 26, 2026
•[ data leak, citizen records, government registry information ]
Attackers accessed databases belonging to the Tamaulipas state government and exfiltrated sensitive citizen records. The stolen data reportedly includes government registry information and personal identification numbers.
National Tax Service Korea
February 26, 2026
•[ data leak, cryptocurrency, seed phrase exposure ]
South Koreas National Tax Service accidentally published a hardware wallet recovery phrase in a press photo announcing seized assets. An unknown attacker used the exposed seed phrase to transfer roughly $4.8 million in cryptocurrency from the wallet.
