City of Tahlequah municipal systems
April 30, 2025
•[ hack, government ]
City of Tahlequah reported a cyberattack; IT isolated affected systems the same day. Officials reported no ransomware encryption and no evidence of data exfiltration or resident impact.
City Administration of Dresden
April 30, 2025
•[ ddos, government, outage ]
On April 30 2025, the City of Dresdens official websites became inaccessible due to a massive distributed denial-of-service (DDoS) attack. Officials blocked access to protect municipal IT systems, causing full disruption of online services such as parking ticket applications, petitions, and appointment scheduling. A similar outage occurred the previous weekend. No data theft, ransom demand, or perpetrator identification has been reported.
Pike County (via Ohio Valley Technologies)
April 28, 2025
•[ ransomware, malware, government ]
Third-party ransomware attack via OVT disclosed April 28 2025. Resulted in unauthorized access and exfiltration of Pike Countys sensitive data for over 33,000 individuals. No encryption of county systems was reported.
Legal Aid Agency
April 23, 2025
•[ data leak, government ]
Breach of LAA digital services first detected April 23; by May 16 the scope was deemed far wider. Government confirms theft of sensitive data on applicants dating back to 2010; online services were shut down as a precaution while NCSC/NCA investigated.
At least one government agency or state-owned enterprise in Southeast Asia
April 10, 2025
•[ data leak, espionage, government ]
The Record, citing Symantecs Threat Hunter Team, reported that the China-linked APT group Billbug (also known as Thrip and Lotus Blossom) compromised multiple government and critical infrastructure organizations in a Southeast Asian country in April 2025. The campaign involved exploitation of legitimate digital certificates and living-off-the-land tools to exfiltrate sensitive documents from government and military networks. No encryption or disruption was reported, and the activity is assessed as political espionage conducted under Chinas Ministry of State Security.
Bulgaria’s Permanent Representation to NATO
April 1, 2025
•[ ransomware, cyberattack, government ]
Novinite/BNR reported MP claims of an April ransomware incident at Bulgarias NATO mission.
United States Government Senior Officials
March 27, 2025
•[ data leak, government, leaked credentials ]
Reports said private contact details and some passwords of top officials were leaked online.
German Association for Eastern European Studies (DGO)
March 27, 2025
•[ data leak, espionage, government ]
SVR (COZYBEAR) infiltrated email servers of the German Association for Eastern European Studies in late March 2025, exfiltrating correspondence and membership data; the German Interior Ministry formally attributed the intrusion to Russias foreign intelligence service on April 22 2025.
City Of Sausalito
March 10, 2025
•[ hacking, government ]
Sausalito reported hacking targeting city systems, prompting meeting cancellation and recovery steps.
French government officials
March 9, 2025
•[ espionage, malware, government ]
Apple notified French officials of targeted mercenary-spyware attacks (latest Sep 3, 2025); CERT-FR says this is the fourth wave in 2025; highly targeted espionage against high-profile users; Apple recommends Lockdown Mode and expert assistance; no attribution disclosed.
Government of Canada
March 8, 2025
•[ hack, social, phishing ]
A software-update vulnerability at MFA provider 2Keys allowed access to contact data for federal service users (CRA/ESDC phone numbers; CBSA emails) authenticating between Aug 315, 2025; attacker sent phishing SMS to some numbers; government deems no further sensitive data accessed.
U.S.–China Business Council
March 7, 2025
•[ espionage, phishing, government ]
China-linked APT41/TA415 impersonated Rep. Moolenaar and USCBC in July 2025 spear-phishing to deliver malware and create remote tunnels to spy on U.S. trade-policy stakeholders; investigations ongoing; success not verified.
Czech Building Authority It System
March 5, 2025
•[ cyberattack, government ]
Authorities reported likely cyberattack impacting online system for building offices.
Undisclosed Taiwan government agencies
March 1, 2025
•[ phishing, malware, espionage ]
Trend Micro and THN describe a March 2025 spear-phishing campaign by China-aligned MirrorFace targeting public institutions in Japan and Taiwan using OneDrive-delivered ZIPs that dropped ROAMINGMOUSE and an upgraded ANEL backdoor; reporting outlines techniques and targeting, not specific victim impact details for a single named org.
City of Jasper
February 20, 2025
•[ unauthorized access, government ]
Unauthorized access identified around Feb 20; no evidence of citizen/employee personal data access; services largely unaffected.
Ministry for Enterprise and “Made in Italy”
February 18, 2025
•[ ddos, hacktivism, government ]
Pro-Russian hacktivist group NoName057(16) claimed coordinated DDoS attacks against Italian ministries and companies, causing brief service disruptions but no data compromise; politically motivated; mitigated by authorities over several days.
Port of Trieste
February 17, 2025
•[ ddos, hacktivism, government ]
On February 17, 2025, hacktivist group NoName05716 launched a DDoS attack on the Port of Trieste in Italy, causing temporary disruptions. The attack was part of a broader campaign targeting Italian institutions in retaliation for political statements by President Sergio Mattarella.
National Assembly of Ecuador
February 17, 2025
•[ government, data leak ]
Cyberattack targeting Ecuadors National Assembly aimed at accessing confidential legislative information; intrusion detected and contained without confirmed data theft or attribution.
United States Coast Guard
February 17, 2025
•[ data leak, government ]
Between February 17 and 19, 2025, the U.S. Coast Guard identified unauthorized access to its Direct Access personnel and payroll system, a PeopleSoft-based application. Sensitive personal and financial data of Coast Guard members was compromised, leading the service to take the system offline for investigation. Approximately 1,135 members experienced delayed pay as a consequence of the shutdown. No ransomware or encryption was reported, and attribution remains undetermined.
Philippine Charity Sweepstakes Office (PCSO)
February 13, 2025
•[ data leak, hacktivism, government ]
Hacktivist group Philippine Exodus Security claimed responsibility for exfiltrating approximately 100 GB of data from PCSO branch office email accounts in February 2025. While PCSO denied a central database breach, DICT confirmed that unauthorized access to email systems occurred. The group stated its goal was to expose alleged corruption, not to extort funds.
