Operation Endgame 2.0
June 23, 2025
•[ ransomware, malware, government ]
In May 2025, a coalition of law enforcement agencies took down the criminal infrastructure behind the malware used to launch ransomware attacks in a new phase of "Operation Endgame". This followed the first Operation Endgame exercise a year earlier, with the latest action resulting in 15.3M victim email addresses being provided to HIBP by law enforcement. A further 43.8M victim passwords were also provided for HIBP's Pwned Passwords service.
Operation Endgame 2.0
May 23, 2025
•[ ransomware, malware, government ]
In May 2025, a coalition of law enforcement agencies took down the criminal infrastructure behind the malware used to launch ransomware attacks in a new phase of "Operation Endgame". This followed the first Operation Endgame exercise a year earlier, with the latest action resulting in 15.3M victim email addresses being provided to HIBP by law enforcement. A further 43.8M victim passwords were also provided for HIBP's Pwned Passwords service.
Mi Argentina
December 25, 2024
•[ hack, government ]
The Mi Argentina site and the SUBE card app, two of the governments most important digital platforms, suffer a cyber attack.
European Space Agency
December 23, 2024
•[ hack, xss, government ]
The European Space Agency's official web shop is hacked as it started to load a piece of JavaScript code that generates a fake Stripe payment page at checkout.
Ukrainian State Registers
December 19, 2024
•[ hack, government ]
Suspected Russian threat actors from the XakNet collective launch one of the largest cyberattacks on Ukraines state services in recent months.
Military personnel in Ukraine
December 18, 2024
•[ social, malware, government ]
The Computer Emergency Response Team of Ukraine (CERT-UA) discloses that a threat actor tracked as UAC-0125 is leveraging Cloudflare Workers to trick military personnel in the country into downloading malware disguised as Army+, a mobile app that was introduced by the Ministry of Defence back in August 2024 in an effort to make the armed forces go paperless.
French Governmental and Critical Infrastructure
December 16, 2024
•[ hack, ddos, government ]
The hacktivist collective Holy League launches a DDoS campaign against French governmental and critical infrastructure.
RIBridges (Rhode Island's Integrated Eligibility System)
December 13, 2024
•[ ransomware, malware, government ]
Rhode Island is warning that its RIBridges system, managed by Deloitte, suffered a data breach exposing residents' personal information after the Brain Cipher ransomware gang hacked its systems.
Thai Government Officials
December 13, 2024
•[ espionage, malware, government ]
Researchers at Netskope discover a campaign targeting Thai government officials through DLL side-loading to deliver a previously undocumented backdoor dubbed Yokai.
Ukrainian Defense Companies and Security and Defense Forces
December 7, 2024
•[ social, phishing, government ]
The Computer Emergency Response Team of Ukraine (CERT-UA) discover a series of phishing emails targeting Ukrainian defense companies and security and defense forces with a fake NATO standards conference. Some recipients opened the phishing emails execiting the malicious RAR attachments.
Romania's Presidential Elections
December 4, 2024
•[ espionage, government ]
Romanias constitutional court annuls the first round of the countrys presidential election, citing Russian disinformation influence.
Chemonics
December 3, 2024
•[ hack, government ]
Chemonics, a large contractor for the U.S. government says a 2023 cyberattack exposed the critical personal information of more than 263,000 people.
City of Hoboken
November 27, 2024
•[ ransomware, malware, government ]
The city of Hoboken shuts down its government offices after an early morning ransomware attack caused widespread issues.
Undisclosed prisons in the U.K.
November 23, 2024
•[ leak, government ]
Confidential prison layouts in the U.K. are leaked onto the dark web.
Human rights groups, private security companies, and state and educational institutions in Central Asia, East Asia, and Europe
November 21, 2024
•[ espionage, malware, government ]
Researchers at Recorded Future identify an ongoing Russia-linked cyber-espionage campaign targeting human rights groups, private security companies, and state and educational institutions in Central Asia, East Asia, and Europe using custom malware.
Mexico Legal Affairs Office
November 20, 2024
•[ ransomware, malware, government ]
Mexicos president Claudia Sheinbaum says that the government is investigating an alleged ransomware hack of her administrations legal affairs office after what appeared to be samples of personal information from a database of government employees were posted online.
Minneapolis Park and Recreation Board
November 20, 2024
•[ ransomware, malware, government ]
The RansomHub operation takes credit for a damaging attack on the Minneapolis Park and Recreation Board.
Undisclosed Law Firm
November 19, 2024
•[ leak, misconfiguration, government ]
A threat actor, who goes online with the name name Altam Beezley, gained access to a computer file shared in a secure link among lawyers whose clients have given damaging testimony related to Matt Gaetz, the former Florida congressman who is President-elect Donald J. Trumps choice to be attorney general.
City of Clark Fork
November 15, 2024
•[ social, phishing, government ]
The City of Clark Fork is scammed out of half a million dollars by a man posing as its construction contractor.
