Polish ruling party websites
May 16, 2025
•[ hacktivism ]
Reports the ruling partys websites were attacked two days before the presidential election; officials attributed the activity to Russia-aligned actors on Telegram.
Lecardo Clinic
May 16, 2025
•[ hacktivism, cyberattack, operational disruption ]
Lecardo Clinic announced a technical failure that led to a three-day shutdown; a pro-Ukraine group claimed a cyberattack. Public reporting indicates multi-day operational disruption, but the exact technique was not disclosed.
Pravosudiye
May 15, 2025
•[ hacktivism, data destruction, government ]
Russias national case management/e-filing system was reportedly hacked in Oct 2024, erasing roughly a third of its archive and disrupting court websites and communications for about a month; the operation has been claimed by pro-Ukraine hackers.
Multiple Indian websites
May 13, 2025
•[ cyberattack, hacktivism ]
Maharashtra Cyber/press reports said Pakistan-allied hackers launched ~1.5 million attacks with ~150 successes.
GlobalX
May 6, 2025
•[ hacktivism, defacement, data leak ]
Hacktivists defaced GlobalXs website and claimed theft of flight records and deportation passenger manifests; reporting cites defacement message referencing deportations. https://databreaches.net/2025/05/06/globalx-airline-for-trumps-deportations-hacked/
Arun District Council
May 6, 2025
•[ ddos, hacktivism ]
Pro-Russia group NoName057(16) ran a DDoS campaign against multiple UK local government sites; Arun DC confirmed website issues on May 6 that were resolved within hours; other councils reported little/no impact.
Government of Romania
May 5, 2025
•[ ddos, hacktivism, election interference ]
Russia-aligned hacktivists claimed DDoS attacks on Romanian state and candidate websites on election day, temporarily knocking portals offline before restoration.
Romanian state websites
May 4, 2025
•[ ddos, hacktivism, government ]
Russia-aligned hacktivist group NoName057(16) claimed DDoS attacks on Romanian state and candidate websites on election day; Romanias DNSC confirmed the incidents and said sites were restored.
Arriva Nederland
May 1, 2025
•[ ddos, hacktivism ]
Arrivas Dutch website was taken offline in a DDoS attack claimed by Russia-aligned hacktivists, with outages acknowledged locally; services were restored after mitigation.
Dutch public & private organizations
May 1, 2025
•[ ddos, hacktivism, service disruption ]
Russia-aligned hacktivists launched large-scale DDoS causing service disruptions at Dutch public/private orgs; NCSC acknowledged incidents; no internal compromise reported.
System Rejestrów Państwowych (Polish State Register System)
April 30, 2025
•[ ddos, hacktivism ]
On April 30, 2025, Polands System Rejestrw Pastwowych, which supports the national tax and registration systems, was targeted by a hacktivist DDoS campaign that caused temporary outages. Access to e-Declarations, CEPiK, and related government portals was disrupted for about one hour. No data theft or encryption occurred, and services were quickly restored.
Army Public Schools (Srinagar and Ranikhet)
April 29, 2025
•[ website defacement, hacktivism ]
Pakistan-based hacktivist IOK Hacker defaced the websites of Army Public Schools in Srinagar and Ranikhet with pro-Pakistan slogans referencing Kashmir; sites were restored shortly after discovery.
Rajasthan Education Department
April 29, 2025
•[ hacktivism, defacement ]
Hacktivist group Pakistan Cyber Force defaced the Rajasthan Education Department website with inflammatory political messages claiming the Pahalgam attack was an inside job; the portal was taken offline and later restored.
NRC Media B.V. (publisher of NRC Handelsblad)
April 28, 2025
•[ DDoS, hacktivism ]
On April 28, 2025, the Dutch news organization NRC Media suffered a DDoS attack that rendered nrc.nl unreachable for nearly a full day; pro-Russian hacktivist group NoName057(16) claimed responsibility, linking the attack to Dutch support for Ukraine.
Multiple Gelderland Municipalities / NotuBiz Customers
April 28, 2025
•[ ddos, hacktivism, service disruption ]
On April 28 2025, a coordinated distributed denial-of-service (DDoS) attack claimed by the pro-Russian hacktivist group NoName057(16) targeted the Dutch municipal IT supplier NotuBiz, disrupting connectivity for at least 15 municipal and provincial websites in the province of Gelderland. The attack caused complete but temporary loss of access to public portals for several hours; no data theft or secondary compromise was reported.
Cities of Palo Alto, Redwood City, and Menlo Park (Crosswalk systems)
April 21, 2025
•[ Hacktivism, Unauthorized Access, Deepfake ]
Hacktivists hijacked Bay Area pedestrian crosswalk systems in Palo Alto, Redwood City, and Menlo Park to broadcast deepfake audio messages impersonating Elon Musk and Mark Zuckerberg mocking billionaire culture; no data theft or operational outage beyond altered messages reported.
City of Seattle (Crosswalks system)
April 21, 2025
•[ hacktivism, unauthorized access, system compromise ]
Hacktivists compromised Seattle pedestrian crosswalk systems to broadcast spoofed audio announcements mocking technology billionaires; no evidence of data exfiltration or wider operational impact reported.
Joannenova.com.au (Jo Nova Blog)
April 19, 2025
•[ ddos, hacktivism ]
Joannenova.com.au, an independent Australian blog run by science commentator Jo Nova, reported a distributed denial-of-service (DDoS) attack beginning around Easter Saturday (April 19 2025). The site, known for climate-skeptic and political commentary, was flooded by traffic from hundreds of thousands of IPs mainly in China, the USA, Brazil, and Europe, causing intermittent outages for about two weeks. The politically charged nature of the site suggests a hacktivist protest motive.
Russian Railways (RZhD)
April 19, 2025
•[ denial of service, hacktivism ]
The IT Army of Ukraine conducted a distributed denial-of-service attack on Russian Railways national ticketing and logistics platforms on April 19 2025, temporarily paralyzing access across multiple regions; service was restored the same day.
TickChak (external ticketing platform used by IDF units)
April 16, 2025
•[ data leak, hacktivism ]
A hacktivist using the alias Persian Prince accessed and leaked data from TickChak, an Israeli ticketing platform reportedly used by IDF units. The leak, publicized on April 16 2025, exposed personal details of tens of thousands of soldiers, including names, national ID numbers, and phone numbers. No ransom or sale was reported; the data was posted publicly to protest Israeli military actions.
