Two individuals in Serbia
December 15, 2024
•[ hack, malware ]
A Serbian journalist and an activist have their phones hacked by local authorities using a cellphone-unlocking device made by forensic tool maker Cellebrite.
RIBridges (Rhode Island's Integrated Eligibility System)
December 13, 2024
•[ ransomware, malware, government ]
Rhode Island is warning that its RIBridges system, managed by Deloitte, suffered a data breach exposing residents' personal information after the Brain Cipher ransomware gang hacked its systems.
Thai Government Officials
December 13, 2024
•[ espionage, malware, government ]
Researchers at Netskope discover a campaign targeting Thai government officials through DLL side-loading to deliver a previously undocumented backdoor dubbed Yokai.
Telecom Namibia
December 11, 2024
•[ ransomware, malware, technology ]
Namibia Telecom is hit with a ransomware attack by the Hunters International gang.
Mortgage Investors Group
December 11, 2024
•[ ransomware, malware, finance ]
Mortgage Investors Group (MIG), one of the largest mortgage lenders in the Southeast U.S. says it suffered a cybersecurity incident last month that exposed troves of customer information. The Black Basta ransomware group claims responsibility for the attack.
Robeson County Government
December 10, 2024
•[ ransomware, malware, government ]
Robeson County, North Carolina confirmed that a December 2024 LockBit ransomware incident encrypted county servers and exfiltrated HR and payroll data. County operations were disrupted for about three weeks before full restoration in January 2025.
Electrica Group
December 9, 2024
•[ ransomware, malware, energy ]
Electrica Group, a key player in the Romanian electricity distribution and supply market, is investigating a ransomware attack.
ITO EN North America
December 6, 2024
•[ ransomware, malware, manufacturing ]
The Japanese corporation Ito En confirms that its U.S. subsidiary was hit with ransomware. The company is the largest producer of green tea in Japan and has subsidiaries in the U.S., Australia, China and Indonesia.
Tibetans and Uyghurs Individuals
December 5, 2024
•[ espionage, malware ]
Researchers at Trend Micro discover a previously undocumented threat activity cluster dubbed Earth Minotaur, leveraging the MOONSHINE exploit kit and an unreported Android-cum-Windows backdoor called DarkNimbus to facilitate long-term surveillance operations targeting Tibetans and Uyghurs.
Multiple Organizations in the Cryptocurrency Space
December 4, 2024
•[ financial, malware, finance ]
The legitimate Solana JavaScript SDK is temporarily compromised in a supply chain attack, backdoored with code to steal cryptocurrency keys and drain wallets.
Pembina Trails School Division
December 2, 2024
•[ ransomware, financial, leak ]
Canadian school division compromised by Rhysida ransomware Dec 2, 2024. Attack disrupted thousands of devices and exposed ~35,000+ student records and staff payroll/financial data. Group attempted $1.7M ransom before leaking stolen data on the dark web.
PIH Health
December 1, 2024
•[ ransomware, malware, healthcare ]
Threat actors claim they stole 17 million patient records from PIH Health, a southern California regional healthcare provider that is still struggling with IT and phone systems outages that have been disrupting patient care since the organization was hit by a ransomware attack on Dec. 1.
At least one undisclosed government or financial organization
December 1, 2024
•[ malware, espionage, data theft ]
Kaspersky tracks PassiveNeuron using bespoke Neursite and NeuralExecutor implants, often gaining RCE on exposed Windows servers (e.g., via MSSQL) and then staging modular plugins for stealthy collection through compromised internal servers. Campaign-level report without a single victim suitable for event coding.
Port of Rijeka
November 30, 2024
•[ ransomware, financial, leak ]
The 8Base ransomware group hits Croatias Port of Rijeka, stealing sensitive data, including contracts and accounting info.
Krispy Kreme
November 29, 2024
•[ ransomware, malware, retail ]
US doughnut chain Krispy Kreme reveals it suffered a cyberattack in November that impacted portions of its business operations, including placing online orders. The Play ransomware gang claims responsibility for the attack.
Kurita America
November 29, 2024
•[ ransomware, malware, manufacturing ]
The U.S. subsidiary of Kurita Water, a Japanese water treatment company says ransomware actors have stolen data from systems and encrypted some servers.
Stoli Group USA
November 29, 2024
•[ ransomware, malware, manufacturing ]
Stoli Group's U.S. companies file for bankruptcy following an August ransomware attack and Russian authorities seizing the company's remaining distilleries in the country.
Alder Hey Children’s Hospital
November 28, 2024
•[ ransomware, malware, healthcare ]
Alder Hey Childrens Hospital says it is investigating claims that its systems may have been breached and that patient records and other information was stolen, after the ransomware group INC Ransom adds Alder Hey to its leak site.
Refinadora Costarricense de Petróleo
November 27, 2024
•[ ransomware, malware, energy ]
Refinadora Costarricense de Petrleo (RECOPE), the state-owned energy provider for Costa Rica is hit with a ransomware attack, requiring the company to shift to manual operations and call in help from abroad.
City of Hoboken
November 27, 2024
•[ ransomware, malware, government ]
The city of Hoboken shuts down its government offices after an early morning ransomware attack caused widespread issues.
