Illinois Department of Healthcare and Family Services
February 11, 2025
•[ phishing, data leak ]
Illinois Department of Healthcare and Family Services reported that an employees email account was compromised by a phishing attack discovered on February 11 2025.
Virginia Attorney General’s Office
February 11, 2025
•[ cyber intrusion, data leak, data exfiltration ]
In February 2025, the Virginia Attorney Generals Office voluntarily shut down nearly all internal systems after detecting a sophisticated cyber intrusion. The criminal group Cloak later claimed responsibility, asserting it had stolen 134 GB of internal documents and posted samples to its leak site. Officials confirmed system shutdowns for containment but did not verify any file encryption or ransom demand, indicating an exfiltration-only intrusion rather than an active ransomware lockout.
City of Tarrant
February 10, 2025
•[ ransomware, data leak, government ]
Ransomware group RansomHub attacked the City of Tarrants computer systems on February 10, 2025, initially disrupting the police department and prompting the city to shut down its networks. Officials restored servers within days, but RansomHub later posted proof-of-theft police files, confirming data exfiltration. Magnitude, duration, and scope remain undetermined.
Kewadin Casinos
February 10, 2025
•[ ransomware ]
Cyber incident forced shutdown of all five Kewadin casinos; phased reopening announced Feb 25Mar 3.
Utsunomiya Central Clinic
February 10, 2025
•[ ransomware, data leak ]
Japanese Cancer Clinic Confirmed Breach As Qilin Claimed Responsibility And Patient Data Theft.
Main Line Health
February 10, 2025
•[ data leak ]
Main Line Health, a Pennsylvania-based healthcare provider headquartered in Montgomery County, disclosed that attackers accessed Microsoft 365 employee email mailboxes in February 2025, exposing about 60,000 patient and employee records containing personal and medical information. No system disruption or encryption was reported.
Pacific Residential Mortgage
February 10, 2025
•[ ransomware, data leak ]
Pacres reported ransomware that locked systems and exposed consumer information.
Sault Ste. Marie Tribe of Chippewa Indians
February 9, 2025
•[ ransomware, data leak ]
RansomHub executed a ransomware attack on February 9, 2025, affecting six tribal facilities including five Kewadin casinos, the health center complex, and tribal administration systems. The attack encrypted and exfiltrated 119 GB of data, disrupting operations for approximately five days.
Israel Police
February 9, 2025
•[ data leak, hacktivism, third-party compromise ]
Hacktivist group Handala claimed to have breached Israel Police systems and exfiltrated 2.1 TB of data containing 350,000 documents with officer information, weapon licenses, and case files. Authorities denied direct network infiltration and suggested a third-party vendor compromise.
Harbin Asian Winter Games Organizing Committee
February 7, 2025
•[ cyberattack, state-sponsored attack ]
China accuses US of launching 'advanced' cyberattacks, names alleged NSA agents
Beverly Hills Oncology Medical Group
February 7, 2025
•[ data leak, unauthorized access ]
Beverly Hills Oncology Medical Group in California identified and blocked unauthorized access to parts of its network between February 7 and February 11, 2025, then engaged third-party cybersecurity experts to investigate. The review confirmed that an external actor had accessed and potentially removed files containing patient information. On October 13 the practice confirmed that exposed data included names, Social Security numbers, government ID numbers, financial account and credit/debit card details, health insurance information, and diagnostic, treatment, prescription and other clinical data, and on October 31 it filed breach notices and began notifying affected individuals while offering 12 months of complimentary credit monitoring.
Multiple Organizations in South Korea
February 6, 2025
•[ cryptomining, malware, trojan ]
ASEC analysis shows CoinMiner/XMRig variants delivered through trojanized removable media using DLL sideloading and PowerShell to mine cryptocurrency on compromised endpoints across Korea (the Republic of)n organizations.
Users of fake DeepSeek sites
February 6, 2025
•[ phishing, data leak ]
Phishing campaign using dozens of fake DeepSeek-branded websites to steal user credentials and cryptocurrency through fraudulent login and wallet interfaces.
Islamic Emirate of Afghanistan – Ministries and Agencies
February 6, 2025
•[ data leak ]
Hackers breached Taliban-run Afghan government systems (TalibLeaks) and published tens of gigabytes of confidential records from 21 ministries online.
PrivatBank
February 6, 2025
•[ phishing, malware, data leak ]
A criminal group identified as UAC-0006 used phishing emails with password-protected attachments to deliver SmokeLoader malware targeting PrivatBank customers. The campaign aimed to steal credentials and financial data, active since November 2024.
Multiple Organizations in Asia
February 6, 2025
•[ espionage, backdoor, credential theft ]
Evasive Panda, a Chinese state-sponsored group operating under the Ministry of State Securitys Guangdong State Security Department / Technical Reconnaissance Bureau, deployed a custom SSH backdoor across enterprise network devices to exfiltrate credentials and maintain long-term covert access in espionage operations identified by Cisco Talos in February 2025.
IMI plc
February 6, 2025
•[ data leak ]
IMI plc disclosed unauthorised access to its systems, engaged external cybersecurity experts, and stated it will provide further updates; no details on data stolen, systems impacted or threat actor identified were included.
Bohemia Interactive
February 6, 2025
•[ DDoS, service disruption ]
Bohemia Interactives DayZ and Arma servers experienced a distributed denial of service attack beginning 2025-02-06, disrupting connectivity for players. Some claims attributed the incident to the group Xiangjang_zhi, though no official confirmation exists.
Users of Steam game PirateFi
February 6, 2025
•[ malware, data leak ]
Free-to-play game PirateFi on Steam removed after being discovered to install Vidar infostealer; victims urged by Valve to scan or reformat their systems.
Franklin County Government
February 6, 2025
•[ ransomware ]
On February 6 2025, Franklin County, Maine, experienced a sophisticated ransomware attack that briefly disrupted county computer systems. Officials confirmed no permanent data loss, no evidence of exfiltration, and rapid restoration using backups within 24 hours. The incident caused minor service delays but did not result in data exposure or financial loss beyond restoration costs.
