Austrian Ministry of the Interior
September 1, 2025
•[ hack, government ]
A professional cyberattack compromised about 100 government email accounts. IT systems were disconnected; investigations launched. No sensitive citizen or law enforcement data was impacted. Attack vector remains unconfirmed.
At least one undisclosed government entity in the MENA region
September 1, 2025
•[ espionage, malware, government ]
Reporting indicates a sustained espionage wave using updated Phoenix implants against government entities, with goals of persistence and data collection rather than overt disruption; activity aligns with prior MuddyWater TTPs and region-focused intelligence objectives.
Federal Emergency Management Agency (FEMA)
August 29, 2025
•[ hack, insider, misconfiguration ]
DHS revealed on Aug 29, 2025 that a threat actor gained unauthorized access to FEMAs IT systems by exploiting unpatched vulnerabilities, outdated protocols, and lack of multi-factor authentication. No citizen data was stolen or exfiltrated. As a result, 24 FEMA IT employees, including the CIO and CISO, were terminated for negligence in cybersecurity oversight.
West Chester Township
August 26, 2025
•[ leak, government ]
Claimants say ~2 TB of personal information (residents & employees) stolen, email server targeted and isolated; systems taken offline as precaution, critical services (e.g., 911) unaffected; FBI and IC3 engaged.
Maryland Transit Administration (MDOT)
August 26, 2025
•[ ransomware, malware, government ]
Attack by Rhysida ransomware group disrupted Maryland Transit Administrations MobilityLink systems and exfiltrated internal and personal data. Group demanded 30 BTC ransom.
City of Stockholm
August 25, 2025
•[ leak, government ]
Vendor Miljdata was breached, exposing PII (names, personal ID numbers, phone, email, employment IDs) for >40,000 City of Stockholm employees; detected late August; disclosed Sept 9; authorities and Truesec investigating; protected-identity individuals not included
Elche City Council
August 25, 2025
•[ ransomware, malware, government ]
Ransomware attack crippled the Elche City Councils operations, affecting Finance, Social Services, and the Mayor's Office; ~1,500 devices were shut down. Emergency manual protocols were activated. A full recovery plan is underway with 4.5 million allocated.
Nevada State Government (multiple agencies)
August 24, 2025
•[ ransomware, malware, government ]
State described a ransomware-based attack discovered Aug 24 that forced two-day office closures and knocked multiple agency websites/phones offline; CIO confirmed some state data was exfiltrated, but nature/volume unknown; no actor has claimed responsibility.
Maryland Transit Administration (MTA)
August 24, 2025
•[ hack, government ]
Cybersecurity incident led MTA to take Mobility paratransit scheduling, real-time tracking, and call center systems offline as a precaution. Core transit services continued to run. Specific cause and i
Government, tech, academic & telecom entities; global
August 22, 2025
•[ espionage, malware, government ]
CrowdStrike reports that multiple Chinese-linked groupsMurky Panda, Genesis Panda, and Glacial Pandahave exploited vulnerabilities (e.g., Citrix CVE-2023-3519, Commvault CVE-2025-3928) to deploy the CloudedHope malware for covert espionage against cloud, telecom, government, tech, academic, legal, and professional services organizations worldwide.
Gosuslugi (Russian e-Government Portal)
August 20, 2025
•[ hack, ddos, government ]
Gosuslugi, Russias national e-government portal, was hit by a large-scale DDoS attack in August 2025, causing temporary outages and degraded access to online public services. Authorities reported no compromise of personal data or backend systems.
The Rural Municipality of Woodlands in Manitoba
August 19, 2025
•[ hack, government ]
The Rural Municipality of Woodlands in Manitoba reported an email security breach and issued a warning to residents. No details on the type or amount of data accessed were released.
Nigerian National Identity Management Commission (NIMC)
August 17, 2025
•[ insider, government ]
Insider breach at Nigerias digital ID system (NIMC) on August 17, 2025 involved a staff member abusing access to extract sensitive personal data tied to national identity numbers. No disruption or encryption reported, only data exfiltration.
Middletown, Ohio Municipal Services
August 17, 2025
•[ ransomware, malware, government ]
Middletown, Ohio suffered a cyberattacklikely ransomwarethat began around Aug 17, 2025. Multiple city service systems remained offline for weeks; some employee information may have been affected (per preliminary findings), but no definitive evidence of data exfiltration. No actor has been identified.
NGB 3rd Technical Surveillance Bureau (Kimsuky)
August 15, 2025
•[ hack, leak, government ]
Kimsuky, a DPRK-linked hacking group, was itself breached in Aug 2025; attackers exfiltrated and leaked internal communications, victim lists, source code, and operational tools. Attribution remains unclear but likely political/strategic in nature.
Box Elder County Government (Utah)
August 13, 2025
•[ ransomware, malware, government ]
Box Elder County was hit by a ransomware attack by the gang Interlock around August 13, 2025. Authorities confirmed the domestic breach disrupted operations; attackers released over 2 million stolen government files including law enforcement records, homicide case details, jail videos, and digital credentials. The FBI, Utah State Bureau of Investigation, and State Cyber Crimes Task Force are investigating.
Austrian Federal Ministry for European and International Affairs (Foreign Ministry)
August 13, 2025
•[ hack, government ]
The Austrian Foreign Ministry reported a suspected data breach affecting its travel registration service and public website systems. Online services were shut down as a precaution, but as of the latest reporting no confirmation has been given on the quantity or type of data stolen, and no actor has been identified.
Lycoming County Department of Public Safety
August 12, 2025
•[ ransomware, government ]
Drivers license numbers and other PII were exfiltrated from the Lycoming County Department of Public Safety during a ransomware attack detected on August 12, 2025. Officials confirmed cyber criminals stole data but have not reported any encryption. The number of affected individuals remains undisclosed.
House of Commons of Canada
August 11, 2025
•[ hack, government ]
The House of Commons of Canada was breached via a Microsoft SharePoint zero-day exploit, exposing staff records and device management data. No group has claimed responsibility and investigations are ongoing.
Pennsylvania Office of Attorney General
August 11, 2025
•[ ransomware, malware, government ]
Ransomware attack encrypted and paralysed core systems at the Pennsylvania Office of Attorney Generalincluding archived emails, files, internal case systems, phone lines, and websitecausing full disruption for approximately three weeks. No data exfiltration reported. No identified perpetrator. Attack began August 11, 2025; reported August 29, 2025.
