Office of the Comptroller of the Currency (OCC)
February 11, 2025
•[ data leak, email compromise, espionage ]
In February 2025, the U.S. Department of the Treasurys Office of the Comptroller of the Currency detected unauthorized access to its Microsoft 365 email environment. The compromise, which persisted for months before discovery, exposed roughly 103 mailboxes and more than 150,000 emails containing sensitive financial supervisory information. No attribution has been made public, but the incident exhibited characteristics of an espionage-focused breach. No encryption, ransom demand, or operational disruption was reported.
City of Tarrant
February 10, 2025
•[ ransomware, data leak, government ]
Ransomware group RansomHub attacked the City of Tarrants computer systems on February 10, 2025, initially disrupting the police department and prompting the city to shut down its networks. Officials restored servers within days, but RansomHub later posted proof-of-theft police files, confirming data exfiltration. Magnitude, duration, and scope remain undetermined.
More than 570 computers linked to Mexico's government
January 27, 2025
•[ hack, malware, government ]
Threat actors infect more than 570 computers linked to Mexico's government domain gob.mx with infostealer malware, exposing sensitive data and login credentials.
South African Weather Service (SAWS)
January 27, 2025
•[ hack, government ]
A cyberattack forces the government-run South African Weather Service (SAWS) offline, limiting access to a critical service used by the countrys airlines, farmers and allies.
Matagorda County
January 24, 2025
•[ hack, malware, government ]
Matagorda County discloses a cyber attack involving a virus that has affected several internal systems.
Conduent
January 22, 2025
•[ hack, government ]
American business services and government contractor Conduent confirms that a recent outage resulted from what it described as a "cyber security incident."
Embassies, lawyers, government-backed banks, and think tanks in Kyrgyzstan
January 21, 2025
•[ espionage, government ]
Researchers at Seqrite discover a previously undocumented threat actor dubbed Silent Lynx, linked to cyber attacks targeting various entities in Kyrgyzstan and Turkmenistan.
Stadt Schaffhausen
January 21, 2025
•[ hack, ddos, government ]
Two cantonal banks and various public websites were unavailable on Tuesday morning. A hacker group with ties to Russia is "testing" the resilience of Switzerland's internet infrastructure, as they call it. Today, Ukrainian President Volodomir Zelensky will speak at the WEF in Davos.
Ville de Sierre / Stadt Siders
January 21, 2025
•[ hack, ddos, government ]
In the morning, Schaffhausen energy supplier SH Power also displayed an error message. However, its site was back online before midday. Meanwhile, the websites for the cities of Sierre and Geneva remained inaccessible.
Town of Ulster
January 16, 2025
•[ ransomware, malware, government ]
The Town of Ulster discloses a ransomware attack.
Greece's public-sector network, SYZEFXIS
January 16, 2025
•[ hack, ddos, government ]
Government websites went down again on Wednesday afternoon for about 5 minutes. For the same period, civil servants lost access to the internet from their workplace computers.
DigiD
January 14, 2025
•[ hack, ddos, government ]
The DigiD outage, which prevented people from logging in for most of yesterday afternoon , was caused by a large-scale DDoS attack. The DigiD server was experiencing so much traffic that the website couldn't handle it, according to Logius, the government agency that manages DigiD.
Government bodies in Kazakhstan
January 13, 2025
•[ espionage, government ]
Researchers at Sekoia attribute the Russia-linked threat actors from APT28 to an ongoing cyber espionage campaign targeting Kazakhstan as part of the Kremlin's efforts to gather economic and political intelligence in Central Asia.
Roseltorg
January 13, 2025
•[ hack, government ]
Roseltorg, Russia's main electronic trading platform for government and corporate procurement confirms that it had been targeted by a cyberattack. Pro-Ukraine hacker group Yellow Drift claims responsibility.
Italy's Ministry of Infrastructure and Transport
January 11, 2025
•[ ddos, government, hack ]
Tra ieri e oggi, il gruppo NoName057(16) ha effettuato diversi attacchi DDoS contro siti istituzionali italiani e aziende, tra cui Intesa Sanpaolo.
Committee on Foreign Investment in the United States (CFIUS)
January 10, 2025
•[ espionage, government ]
Silk Typhoon Chinese state-backed threat actors reportedly breach the Committee on Foreign Investment in the United States (CFIUS), a Treasury Department office that reviews foreign investments for national security risks.
Slovakian Geodesy, Cartography and Cadastre Office (UGKK)
January 10, 2025
•[ ransomware, malware, government ]
A cyber attack targets the Slovakian Geodesy, Cartography and Cadastre Office (UGKK), which manages land and property data. The agencys systems are shut down, and its physical offices closed following an alleged ransomware attack. According to local media reports, the attackers are demanding millions of euros in ransom.
Swiss Federal Administration
January 10, 2025
•[ hack, government ]
Beeintrchtigt gewesen sind unter anderem die Telefonie, Outlook sowie verschiedene Webseiten und Fachanwendungen des Bundes. Daten seien keine abgeflossen, hiess es vom Bund.
Centre des technologies de l’information de l’État' (CTIE)
January 10, 2025
•[ hack, ddos, government ]
Mehrere von der Regierung betriebene und vom Centre des technologies de linformation de ltat (CTIE) gehostete Internetseiten waren am Freitag zwischen 13:05 und 14:55 Uhr nicht erreichbar. Ursache dafr war eine DDOS-Attacke, die zahlreiche Webseiten lahmlegte, darunter men.public.lu und 112.public.lu. Das besttigte eine Sprecherin des CTIE gegenber dem Tageblatt. Der Angriff habe kurz nach 13 Uhr...
UK Foreign, Commonwealth and Development Office (FCDO)
January 10, 2025
•[ data leak, unauthorized access, government ]
UK authorities investigated a cyber intrusion into the Foreign, Commonwealth and Development Office (FCDO) that was reportedly discovered during routine monitoring in October 2025. According to officials briefed on the matter, attackers accessed a segment of the foreign offices IT environment used for policy coordination and diplomatic communications and obtained sensitive but non-classified material. The reported accessed information included internal correspondence, briefing papers, and contact details related to overseas missions, while systems handling classified intelligence were described as segregated and unaffected. The incident prompted containment actions, server isolation, and a wider government security review led with support from the National Cyber Security Centre.
