Finnish polling-place portal (äänestyspaikat.fi)
April 8, 2025
•[ DDoS attack, hacktivism, protest ]
On April 8 2025, NoName057(16) targeted Finlands polling-place website nestyspaikat.fi with a DDoS attack linked to protests over Ukraine policy, briefly disrupting voter-information access.
Integrated Orthopedics of Arizona
April 7, 2025
•[ healthcare ]
The practice first detected unauthorized activity on April 7, 2025, and began notifying affected patients and regulators on August 11.
Fall River Public Schools
April 7, 2025
•[ ransomware, data leak ]
Fall River Public Schools, Massachusetts, suffered a ransomware attack by the Medusa group that encrypted internal systems and disrupted district operations for several weeks. Attackers demanded $400,000 and claimed to have exfiltrated sensitive data, though the district has not verified theft. Recovery costs exceeded $130,000.
War & Sanctions Portal
April 7, 2025
•[ ddos, state-sponsored, disruption ]
On April 7 2025, Ukraines Main Intelligence Directorate (HUR) reported that a large-scale distributed denial-of-service (DDoS) attack targeted the War & Sanctions portal. The attack generated more than 56 million requests in 30 minutes from over 3,700 virtual machines located in at least ten countries, including Russia and China. It was attributed to Russian special services, but no specific agency was identified. The aim was to disrupt access to sanction-related information; the site remained online and suffered no data loss.
Bremanger Kraft AS
April 7, 2025
•[ hacktivism, unauthorized access, industrial control systems ]
On April 7 2025, hacktivists accessed a web-exposed control interface for Bremanger Kraft ASs hydroelectric dam in western Norway and opened a valve releasing 500 L/s of water for four hours; no casualties or structural damage reported; Norwegian authorities attributed the incident to pro-Russian hacktivists.
Toppan Next Tech
April 7, 2025
•[ ransomware, data leak, third-party breach ]
A ransomware attack on DBS Bank's third-party printing vendor Toppan Next Tech in Singapore led to the potential exposure of around 8,200 DBS customer statements and related letters, mostly for DBS Vickers trading and Cashline loan accounts. The attacker compromised Toppan's systems, leaving encrypted statement files potentially accessible, but DBS' own banking infrastructure and customer funds remained unaffected. Exposed data in the printed correspondence includes customers' names, mailing addresses and details of equity holdings or loan accounts, while passwords, government ID numbers and balances were not part of the leak. Authorities and cybersecurity agencies are assisting the investigation as DBS halts work with the vendor and notifies affected customers.
Tempo Media Group
April 6, 2025
•[ ddos, service disruption ]
From April 6 to 10, 2025, Tempo Media Groups news portals (Tempo.co, Tempo English) suffered a large-scale Distributed Denial of Service (DDoS) attack that rendered the sites inaccessible for several days. The disruption followed Tempos investigative reporting on online gambling networks. No data theft or system compromise was reported, and the perpetrators remain unidentified.
Everest Ransomware Leak Site
April 6, 2025
•[ ransomware, website defacement, hacktivism ]
The Everest ransomware groups dark web leak site was defaced on April 6 2025 by an unidentified anti-ransomware actor who replaced its content with the message Dont do crime. CRIME IS BAD. xoxo from Prague. Following the defacement, the Everest operators took the site offline. No data theft or encryption occurred.
Tri-City Cardiology Consultants (Phoenix, AZ)
April 6, 2025
•[ data leak ]
22,753 patients notified after an unauthorized third party attempted to infiltrate the network around Apr 6; PHI may have been accessed/obtained; notifications sent in May.
HighWire Press Inc.
April 5, 2025
•[ infostealer, data leak ]
On April 5 2025, Hellcat claimed access to HighWire Press systems using credentials harvested by an infostealer. Data exfiltration was listed on the Hellcat leak site. No encryption or operational disruption has been confirmed.
Individual retail investors using Japanese online brokerage platforms
April 5, 2025
•[ credential stuffing, account abuse ]
Between April 58 2025, foreign criminal actors compromised login credentials of Japanese retail investors and placed unauthorized securities trades through online brokerage portals; Japans Financial Services Agency and police launched an investigation into coordinated credential-stuffing and account abuse.
LeoVegas Group
April 5, 2025
•[ data leak, infostealer, compromised credentials ]
On April 5 2025, Hellcat listed LeoVegas Group on its leak site, claiming exfiltration of internal data through compromised Jira credentials obtained from an infostealer. Hudson Rock verified the inclusion of LeoVegas in the same credential set. No encryption confirmed.
Asseco Poland S.A.
April 5, 2025
•[ data leak, infostealer ]
On April 5 2025, Hellcat listed Asseco Poland on its leak site, claiming data exfiltration using Jira credentials stolen through an infostealer. Hudson Rocks analysis confirmed separate credential sets and data exfiltration from Assecos Jira environment. No encryption was reported or confirmed.
Total Dictation Foundation
April 5, 2025
•[ ddos ]
On April 5, 2025, the official website of the Total Dictation literacy campaign experienced a Distributed Denial of Service (DDoS) attack that temporarily disrupted access during the event, according to Foundation director Vyacheslav Belyakov. No data compromise, perpetrator identification, or motive was reported.
Jaaved Jaaferi / X (Twitter) account
April 5, 2025
•[ account takeover, phishing, scam ]
On April 5 2025, the verified X (formerly Twitter) account of Indian actor Jaaved Jaaferi was hijacked and used to post cryptocurrency scam and phishing messages. The actor warned followers via Instagram not to engage. Control was restored within hours, and no data theft or cross-platform compromise was reported.
Racami LLC
April 5, 2025
•[ data leak, stolen credentials, infostealer ]
On April 5 2025, Hellcat listed Racami on its leak site, stating it had accessed and exfiltrated internal Jira project data using stolen credentials gathered through an infostealer campaign. No encryption or operational disruption was reported.
Igra-Service
April 5, 2025
•[ DDoS, hacktivism, service disruption ]
Between April 5 and 8, 2025, the IT Army of Ukraine claimed responsibility for a DDoS operation against Russian internet provider Igra-Service in Krasnoyarsk Krai. According to reports, traffic reached up to 55 Gbit/s, disrupting internet and television access for several days and causing some collateral outages to Rostelecom networks. The action was described by participants as a protest campaign.
Undisclosed Online Betting Organization
April 3, 2025
•[ DDoS, gambling, sports ]
A multivector DDoS attack was recorded on April 3 2025 targeting an online betting platform; the flooding began at ~67 Gbps at 11:15 UTC, escalated to ~217 Gbps by 11:23, peaked at ~965 Gbps (~0.965 Tbps) by 11:36, then declined to ~549 Gbps by 12:41 before ending; the timing coincided with a major NHL milestone (Alexander Ovechkin tying the all-time goals record).
Blizzard Entertainment
April 3, 2025
•[ ddos, service disruption ]
Blizzards Battle.net platform experienced a distributed denial-of-service (DDoS) attack on April 3 2025, causing login latency and disconnections across multiple games. Blizzard confirmed and mitigated the disruption within roughly four hours. No data theft, encryption, or ransom attempt was reported.
Civic Platform (Platforma Obywatelska)
April 2, 2025
•[ cyberattack, APT ]
The GRUs 85th Main Special Service Center (Unit 26165) (FANCYBEAR) targeted IT systems belonging to Polands ruling Civic Platform party in early April 2025; no operational disruption confirmed.
