Czech Building Authority It System
March 5, 2025
•[ cyberattack, government ]
Authorities reported likely cyberattack impacting online system for building offices.
Undisclosed Taiwan government agencies
March 1, 2025
•[ phishing, malware, espionage ]
Trend Micro and THN describe a March 2025 spear-phishing campaign by China-aligned MirrorFace targeting public institutions in Japan and Taiwan using OneDrive-delivered ZIPs that dropped ROAMINGMOUSE and an upgraded ANEL backdoor; reporting outlines techniques and targeting, not specific victim impact details for a single named org.
City of Jasper
February 20, 2025
•[ unauthorized access, government ]
Unauthorized access identified around Feb 20; no evidence of citizen/employee personal data access; services largely unaffected.
Ministry for Enterprise and “Made in Italy”
February 18, 2025
•[ ddos, hacktivism, government ]
Pro-Russian hacktivist group NoName057(16) claimed coordinated DDoS attacks against Italian ministries and companies, causing brief service disruptions but no data compromise; politically motivated; mitigated by authorities over several days.
Port of Trieste
February 17, 2025
•[ ddos, hacktivism, government ]
On February 17, 2025, hacktivist group NoName05716 launched a DDoS attack on the Port of Trieste in Italy, causing temporary disruptions. The attack was part of a broader campaign targeting Italian institutions in retaliation for political statements by President Sergio Mattarella.
National Assembly of Ecuador
February 17, 2025
•[ government, data leak ]
Cyberattack targeting Ecuadors National Assembly aimed at accessing confidential legislative information; intrusion detected and contained without confirmed data theft or attribution.
United States Coast Guard
February 17, 2025
•[ data leak, government ]
Between February 17 and 19, 2025, the U.S. Coast Guard identified unauthorized access to its Direct Access personnel and payroll system, a PeopleSoft-based application. Sensitive personal and financial data of Coast Guard members was compromised, leading the service to take the system offline for investigation. Approximately 1,135 members experienced delayed pay as a consequence of the shutdown. No ransomware or encryption was reported, and attribution remains undetermined.
Philippine Charity Sweepstakes Office (PCSO)
February 13, 2025
•[ data leak, hacktivism, government ]
Hacktivist group Philippine Exodus Security claimed responsibility for exfiltrating approximately 100 GB of data from PCSO branch office email accounts in February 2025. While PCSO denied a central database breach, DICT confirmed that unauthorized access to email systems occurred. The group stated its goal was to expose alleged corruption, not to extort funds.
Office of the Comptroller of the Currency (OCC)
February 11, 2025
•[ data leak, email compromise, espionage ]
In February 2025, the U.S. Department of the Treasurys Office of the Comptroller of the Currency detected unauthorized access to its Microsoft 365 email environment. The compromise, which persisted for months before discovery, exposed roughly 103 mailboxes and more than 150,000 emails containing sensitive financial supervisory information. No attribution has been made public, but the incident exhibited characteristics of an espionage-focused breach. No encryption, ransom demand, or operational disruption was reported.
City of Tarrant
February 10, 2025
•[ ransomware, data leak, government ]
Ransomware group RansomHub attacked the City of Tarrants computer systems on February 10, 2025, initially disrupting the police department and prompting the city to shut down its networks. Officials restored servers within days, but RansomHub later posted proof-of-theft police files, confirming data exfiltration. Magnitude, duration, and scope remain undetermined.
More than 570 computers linked to Mexico's government
January 27, 2025
•[ hack, malware, government ]
Threat actors infect more than 570 computers linked to Mexico's government domain gob.mx with infostealer malware, exposing sensitive data and login credentials.
South African Weather Service (SAWS)
January 27, 2025
•[ hack, government ]
A cyberattack forces the government-run South African Weather Service (SAWS) offline, limiting access to a critical service used by the countrys airlines, farmers and allies.
Matagorda County
January 24, 2025
•[ hack, malware, government ]
Matagorda County discloses a cyber attack involving a virus that has affected several internal systems.
Conduent
January 22, 2025
•[ hack, government ]
American business services and government contractor Conduent confirms that a recent outage resulted from what it described as a "cyber security incident."
Embassies, lawyers, government-backed banks, and think tanks in Kyrgyzstan
January 21, 2025
•[ espionage, government ]
Researchers at Seqrite discover a previously undocumented threat actor dubbed Silent Lynx, linked to cyber attacks targeting various entities in Kyrgyzstan and Turkmenistan.
Stadt Schaffhausen
January 21, 2025
•[ hack, ddos, government ]
Two cantonal banks and various public websites were unavailable on Tuesday morning. A hacker group with ties to Russia is "testing" the resilience of Switzerland's internet infrastructure, as they call it. Today, Ukrainian President Volodomir Zelensky will speak at the WEF in Davos.
Ville de Sierre / Stadt Siders
January 21, 2025
•[ hack, ddos, government ]
In the morning, Schaffhausen energy supplier SH Power also displayed an error message. However, its site was back online before midday. Meanwhile, the websites for the cities of Sierre and Geneva remained inaccessible.
Town of Ulster
January 16, 2025
•[ ransomware, malware, government ]
The Town of Ulster discloses a ransomware attack.
Greece's public-sector network, SYZEFXIS
January 16, 2025
•[ hack, ddos, government ]
Government websites went down again on Wednesday afternoon for about 5 minutes. For the same period, civil servants lost access to the internet from their workplace computers.
DigiD
January 14, 2025
•[ hack, ddos, government ]
The DigiD outage, which prevented people from logging in for most of yesterday afternoon , was caused by a large-scale DDoS attack. The DigiD server was experiencing so much traffic that the website couldn't handle it, according to Logius, the government agency that manages DigiD.
