Orthopaedic Specialists of Connecticut
March 2, 2025
•[ data leak, unauthorized access, personally identifiable information ]
Names, dates of birth, Social Security numbers, insurance and medical information for 22,541 individuals were exposed after an unauthorized third party accessed the practices network on March 2, 2025, per the provider notice and HHS filing.
Multiple U.S. Targets (Law Firms, SaaS, Tech Firms)
March 1, 2025
•[ espionage, malware, technology ]
Chinese APT UNC5221 deployed the BRICKSTORM backdoor to infiltrate U.S. law firms and SaaS providers for intelligence collection. Campaign active from March through September 2025.
Multiple U.K. Targets (Professional Services, Law Firms)
March 1, 2025
•[ espionage, technology ]
UNC5221 targeted British professional-services firms for espionage, part of the broader BRICKSTORM campaign observed globally in 2025.
Multiple Netherlands Targets (BPO, MSP Providers)
March 1, 2025
•[ espionage, technology ]
UNC5221 compromised Netherlands-based BPO and MSP providers to gain secondary access to client environments; activity attributed to Chinese cyber-espionage operations.
Multiple German Targets (Corporate Legal, Professional Services)
March 1, 2025
•[ espionage, technology ]
German professional-services and corporate-law entities were likely compromised by UNC5221 during the 2025 BRICKSTORM espionage campaign exploiting Ivanti edge devices.
Singapore Cloud / Hosting Providers
March 1, 2025
•[ espionage, technology ]
UNC5221 leveraged Singapore hosting infrastructure for staging and potential local access during the 2025 BRICKSTORM campaign; targeting aligns with Chinese state-linked espionage.
Multiple Japanese Targets (MSPs, Cloud Partners)
March 1, 2025
•[ espionage, technology ]
UNC5221 activity included compromises of Japanese managed-service providers as part of the BRICKSTORM espionage operation active in 2025.
National Presto Industries
March 1, 2025
•[ ransomware, data leak ]
National Presto Industries disclosed a cybersecurity incident on March 6 2025 after the Interlock ransomware group claimed responsibility for an attack on March 1 2025. The company confirmed operational disruptions affecting manufacturing, shipping, and back-office systems. Interlock claimed to have stolen approximately 3 million files across about 450,000 folders from a subsidiary, though the company has not verified the data theft. No encryption has been confirmed in company statements or reporting.
Digital Realty
March 1, 2025
•[ state-sponsored attack, espionage, vulnerability exploit ]
The Ministry of State Security (MSS)linked group Salt Typhoon infiltrated Digital Realty and other data-center operators in early 2025 by exploiting vulnerabilities in network-appliance infrastructure and stolen credentials. Microsoft attributed the campaign to PRC state-sponsored espionage targeting Western critical-infrastructure providers.
Berkeley Research Group
March 1, 2025
•[ ransomware, data leak ]
BRG suffered a ransomware intrusion detected in March 2025 that led to data theft and encryption activity. Subsequent disclosures and DOJ statements indicate exposure of sensitive information relating to survivors involved in multiple Catholic diocesan bankruptcy cases; the firm engaged external responders and notified affected parties.
Undisclosed Taiwan government agencies
March 1, 2025
•[ phishing, malware, espionage ]
Trend Micro and THN describe a March 2025 spear-phishing campaign by China-aligned MirrorFace targeting public institutions in Japan and Taiwan using OneDrive-delivered ZIPs that dropped ROAMINGMOUSE and an upgraded ANEL backdoor; reporting outlines techniques and targeting, not specific victim impact details for a single named org.
An Giang Central General Hospital
March 1, 2025
•[ ransomware ]
Hackers encrypted the virtualized server system of An Giang Central General Hospital, halting all operations and forcing a switch to manual recordkeeping; no data exfiltration was reported.
Undisclosed Myanmar government organization
March 1, 2025
•[ state-sponsored attack, malware, rootkit ]
Chinese state-linked threat actors deployed a kernel-mode rootkit to conceal ToneShell malware on systems belonging to a Myanmar government organization, enabling stealthy persistent access.
Undisclosed Thailand government organization
March 1, 2025
•[ malware ]
Researchers identified the use of a signed kernel-mode driver to hide ToneShell malware activity on systems of a Thai government organization, allowing covert long-term access.
Missouri Department of Conservation
February 28, 2025
•[ data leak, hipaa breach ]
Missouri Department of Conservation reported suspicious cybersecurity activity on February 28, 2025. Forensic investigation found that a threat actor accessed internal servers containing employee and former employee health-plan data. The agency confirmed that files with HIPAA-protected information were exposed but not encrypted. No operational disruption occurred.
French Institutional Websites
February 28, 2025
•[ ddos, hacktivism ]
Pro-Russian group launched coordinated ddos waves against multiple French targets.
Real Academia Española
February 28, 2025
•[ ransomware ]
Spains language academy confirmed a ransomware attack affecting its systems.
Whitman Hospital & Medical Clinics
February 28, 2025
•[ ransomware ]
Hospital Reported Internal Electronic Systems Down Following Cyberattack; Care Continued With Delays.
Serbian Student Activist
February 28, 2025
•[ vulnerability, zero-day, surveillance ]
Amnesty reported Cellebrite zero-day used to unlock Serbian activists Android device.
Wemix (Wemade)
February 28, 2025
•[ data breach, cryptocurrency theft, leaked secrets ]
The blockchain gaming platform WEMIX was hacked, resulting in the theft of about 8.65 million WEMIX tokens (worth roughly $6.1 million). The breach stemmed from attackers obtaining authentication keys for the NFT monitoring service NILE, likely via a shared repository. After gaining the keys, the threat actors spent about two months preparing before executing 15 withdrawal attempts of which 13 succeeded. The stolen tokens were swiftly laundered through multiple crypto exchanges. WEMIX shut down the affected server on February 28 and later disclosed the incident, migrating their infrastructure to a more secure environment.
