Robeson County Government
December 10, 2024
•[ ransomware, malware, government ]
Robeson County, North Carolina confirmed that a December 2024 LockBit ransomware incident encrypted county servers and exfiltrated HR and payroll data. County operations were disrupted for about three weeks before full restoration in January 2025.
Ukrainian Defense Companies and Security and Defense Forces
December 7, 2024
•[ social, phishing, government ]
The Computer Emergency Response Team of Ukraine (CERT-UA) discover a series of phishing emails targeting Ukrainian defense companies and security and defense forces with a fake NATO standards conference. Some recipients opened the phishing emails execiting the malicious RAR attachments.
Romania's Presidential Elections
December 4, 2024
•[ espionage, government ]
Romanias constitutional court annuls the first round of the countrys presidential election, citing Russian disinformation influence.
Chemonics
December 3, 2024
•[ hack, government ]
Chemonics, a large contractor for the U.S. government says a 2023 cyberattack exposed the critical personal information of more than 263,000 people.
City of Hoboken
November 27, 2024
•[ ransomware, malware, government ]
The city of Hoboken shuts down its government offices after an early morning ransomware attack caused widespread issues.
Undisclosed prisons in the U.K.
November 23, 2024
•[ leak, government ]
Confidential prison layouts in the U.K. are leaked onto the dark web.
Human rights groups, private security companies, and state and educational institutions in Central Asia, East Asia, and Europe
November 21, 2024
•[ espionage, malware, government ]
Researchers at Recorded Future identify an ongoing Russia-linked cyber-espionage campaign targeting human rights groups, private security companies, and state and educational institutions in Central Asia, East Asia, and Europe using custom malware.
Mexico Legal Affairs Office
November 20, 2024
•[ ransomware, malware, government ]
Mexicos president Claudia Sheinbaum says that the government is investigating an alleged ransomware hack of her administrations legal affairs office after what appeared to be samples of personal information from a database of government employees were posted online.
Minneapolis Park and Recreation Board
November 20, 2024
•[ ransomware, malware, government ]
The RansomHub operation takes credit for a damaging attack on the Minneapolis Park and Recreation Board.
Undisclosed Law Firm
November 19, 2024
•[ leak, misconfiguration, government ]
A threat actor, who goes online with the name name Altam Beezley, gained access to a computer file shared in a secure link among lawyers whose clients have given damaging testimony related to Matt Gaetz, the former Florida congressman who is President-elect Donald J. Trumps choice to be attorney general.
City of Clark Fork
November 15, 2024
•[ social, phishing, government ]
The City of Clark Fork is scammed out of half a million dollars by a man posing as its construction contractor.
Kumamoto Prefecture Violence Prevention Movement Promotion Center
November 15, 2024
•[ social, phishing, government ]
The Kumamoto Prefecture Violence Prevention Movement Promotion Center says that 2,500 people who have used its counseling services (which aid with everything from evading extortion to disentangling romantically from Yakuza members) have been impacted by a data breach following a successful phishing attack.
Town of Webster, New York
November 15, 2024
•[ financial, social, phishing ]
The Town of Webster fell victim to a phishing scam in November 2024, when scammers impersonated a contractor and tricked officials into diverting $520,275.67. Criminal investigation recovered over $300,000, and cyber insurance is expected to cover the remainder. No sensitive or confidential data was compromised.
Nuclear scientist and senior Israeli officials
November 11, 2024
•[ espionage, government ]
Threat actors believed to be affiliated with Iranian intelligence expose the personal details of a nuclear scientist who worked at the Soreq Nuclear Research Center, and private photos and emails of senior Israeli officials, including a former Defense Ministry director general.
Hungary Defense Procurement Agency
November 8, 2024
•[ ransomware, malware, government ]
Hungarian officials confirm to local media that the countrys defense procurement agency (VB) was attacked by an international group of hackers. The INC Ransom group claims responsibility for the attack.
Government Websites and Private Companies in South Korea
November 8, 2024
•[ hack, ddos, government ]
Pro-Russian hacktivists target South Korea with DDoS attacks as North Korea joins the Ukraine war.
Microlise
November 6, 2024
•[ hack, government ]
A cyberattack on Microlise leaves British prison vans without tracking systems or panic alarms.
Wexford County Register of Deeds
November 5, 2024
•[ cyberattack, data loss, government ]
The Wexford County, Michigan, Register of Deeds office experienced a cyber incident on 2024-11-05. Access was shut off, systems went offline, and a small portion of documents (less than 5%) from a defined time period were not recoverable.
Alaska Division of Retirement and Benefits
November 4, 2024
•[ hack, financial, government ]
The Alaska Division of Retirement and Benefits is hacked and State residents who work in the public sector, have employer contributions to their retirement accounts impacted
At least one undisclosed government and/or tech company
November 4, 2024
•[ state-sponsored, malware, backdoor ]
Government cybersecurity reporting described PRC state-sponsored actors using BRICKSTORM malware to maintain long-term persistence in victim environments, primarily affecting government services/facilities and IT sector organizations. In a documented case, actors accessed a DMZ web server (with a web shell present), moved laterally using service account credentials, copied Active Directory databases, pivoted into VMware vCenter, accessed domain controllers and an ADFS server, and exported cryptographic keys. BRICKSTORM provided stealthy backdoor access for command-and-control and remote operations and was used for persistence from at least April 2024 through at least September 3, 2025. The specific victim organization name was not disclosed in the reporting.
