Undisclosed Canadian electric utility
July 29, 2025
•[ cyberattack, service disruption, critical infrastructure ]
Canadian utility reported a cyberattack that disrupted smart/power meters and required onsite remediation to restore accurate billing and service.
POST Luxembourg (national telecommunications infrastructure)
July 23, 2025
•[ cyberattack, outage, critical infrastructure ]
Cyberattack targeting Huawei telecommunications equipment caused a nationwide outage of 4G and 5G mobile networks in Luxembourg, disrupting emergency services, internet access, and electronic transactions for several hours.
Undisclosed Ukrainian Energy Organization
June 6, 2025
•[ malware, apt, data destruction ]
PathWiper malware associated with a pro-Russian APT destroyed data at an undisclosed Ukrainian energy organization on June 6, 2025; Cisco Talos and CERT-UA confirmed data destruction; no data theft reported.
At least one government agency or state-owned enterprise in Southeast Asia
April 10, 2025
•[ data leak, espionage, government ]
The Record, citing Symantecs Threat Hunter Team, reported that the China-linked APT group Billbug (also known as Thrip and Lotus Blossom) compromised multiple government and critical infrastructure organizations in a Southeast Asian country in April 2025. The campaign involved exploitation of legitimate digital certificates and living-off-the-land tools to exfiltrate sensitive documents from government and military networks. No encryption or disruption was reported, and the activity is assessed as political espionage conducted under Chinas Ministry of State Security.
Undisclosed Ukrainian critical infrastructure organization
April 1, 2025
•[ malware, data exfiltration, wiper ]
The FSBs 18th Center for Information Security (Gamaredon) deployed PathWiper malware against an undisclosed Ukrainian critical-infrastructure operator in early April 2025, exfiltrating large volumes of operational data before executing a destructive wiper that caused temporary service degradation.
Water Treatment Plant at Tolmicko
February 4, 2025
•[ unauthorized access, industrial control systems, critical infrastructure ]
CyberDefence24 reported that a pro-Russian Telegram group posted videos between Jan 2830, 2025 showing unauthorized access to interfaces for three Polish water treatment plants (SUW) in Tolkmicko, Madyty, and Sierakowo. The recordings showed attackers setting multiple parameters to maximum values, disabling selected device functions, and changing device PINs (including 1488). The article stated none of the plants reported problems at the time and noted the activity appeared propaganda-oriented, with no confirmed impact on critical infrastructure operations.
Water Treatment Plant at Madyty
January 28, 2025
•[ unauthorized access, ICS/SCADA, critical infrastructure ]
CyberDefence24 reported that a pro-Russian Telegram group posted videos between Jan 2830, 2025 showing unauthorized access to interfaces for three Polish water treatment plants (SUW) in Tolkmicko, Madyty, and Sierakowo. The recordings showed attackers setting multiple parameters to maximum values, disabling selected device functions, and changing device PINs (including 1488). The article stated none of the plants reported problems at the time and noted the activity appeared propaganda-oriented, with no confirmed impact on critical infrastructure operations.
At least one undisclosed organization in Bangladesh
January 1, 2025
•[ cyber-espionage, typosquatting, Havoc C2 ]
Industrial Cyber summarized Arctic Wolf Labs findings that SloppyLemming conducted an extensive cyber-espionage campaign from January 2025 through January 2026 targeting government entities and critical infrastructure operators in Pakistan and Bangladesh. The report notes recurring tradecraft such as typosquatted government-themed infrastructure, Cloudflare Workers use, Havoc C2, and DLL sideloading, and names several targeted entities across defense, telecom, energy, and nuclear regulation. This is campaign-level reporting with multiple targets rather than a single incident record.
Refinadora Costarricense de Petróleo
November 27, 2024
•[ ransomware, energy, critical infrastructure ]
Refinadora Costarricense de Petrleo (RECOPE), the state-owned energy provider for Costa Rica is hit with a ransomware attack, requiring the company to shift to manual operations and call in help from abroad.
Cyprus’ critical infrastructure and government websites
October 18, 2024
•[ cyberattacks, pro-Palestine hacker groups, critical infrastructure ]
Cyprus critical infrastructure and government websites are targeted in a series of coordinated cyberattacks claimed by several pro-Palestine hacker groups.
Danish Water Utility
January 6, 2024
•[ cyberattack, state-sponsored, critical infrastructure ]
Danish authorities stated that Russia carried out a destructive and disruptive cyberattack against a Danish water utility in 2024. Reporting cited by Danish media said the incident involved manipulation of pump pressure, which caused pipes to burst and left some homes temporarily without water. The public reporting did not name the utility or provide precise dates beyond year-level timing.
Argentina's official immigration agency, DirecciÃÆ'Æ'Æ'ÃÆ'ââ'¬Â 'ÃÆ'Æ'ââ'¬Ã' 'ÃÆ'Æ'Æ''ÃÆ'Æ'ââ'¬Ã' 'ÃÆ'Æ'Æ'ÃÆ'ââ'¬Â ''ÃÆ'Æ'Æ''ÃÆ'Æ''ÃÆ''Ã'Ã'³n Nacional de Migraciones
August 27, 2020
•[ ransomware, Netwalker, critical infrastructure ]
Argentina's official immigration agency, Direcci n Nacional de Migraciones, suffers a Netwalker ransomware attack that temporarily halts border crossing into and out of the country.
