ENGlobal Corporation
November 25, 2024
•[ ransomware, malware, energy ]
ENGlobal Corporation, a major contractor for the energy industry confirms in a notice to regulators that it is dealing with a ransomware attack that has hindered operations.
Artivion
November 21, 2024
•[ ransomware, malware, manufacturing ]
Artivion, a leading manufacturer of heart surgery medical devices, discloses q ransomware attack that disrupted its operations and forced it to take some systems offline.
Human rights groups, private security companies, and state and educational institutions in Central Asia, East Asia, and Europe
November 21, 2024
•[ espionage, malware, government ]
Researchers at Recorded Future identify an ongoing Russia-linked cyber-espionage campaign targeting human rights groups, private security companies, and state and educational institutions in Central Asia, East Asia, and Europe using custom malware.
Blue Yonder
November 21, 2024
•[ ransomware, malware, technology ]
Supply chain management firm Blue Yonder warns that a ransomware attack caused significant disruption to its services, with the outages impacting grocery store chains in the UK.
Mexico Legal Affairs Office
November 20, 2024
•[ ransomware, malware, government ]
Mexicos president Claudia Sheinbaum says that the government is investigating an alleged ransomware hack of her administrations legal affairs office after what appeared to be samples of personal information from a database of government employees were posted online.
Minneapolis Park and Recreation Board
November 20, 2024
•[ ransomware, malware, government ]
The RansomHub operation takes credit for a damaging attack on the Minneapolis Park and Recreation Board.
35 organizations worldwide
November 18, 2024
•[ ransomware, malware ]
The Akira ransomware-as-a-service gang publishes a record number (35) of new victims to its darknet leak site in a single day.
American Associated Pharmacies
November 18, 2024
•[ ransomware, malware, retail ]
Ransomware group Embargo threatens to publish nearly 1.5 terabytes of data allegedly stolen in an attack on American Associated Pharmacies, a collaborative of 2,000 independent pharmacies.
Manufacturing industry in Pakistan
November 16, 2024
•[ espionage, malware, manufacturing ]
Researchers at Cyble discover a campaign linked to the known APT group DONOT, targeting the manufacturing industry that supports the countrys maritime and defense sectors.
Hungary Defense Procurement Agency
November 8, 2024
•[ ransomware, malware, government ]
Hungarian officials confirm to local media that the countrys defense procurement agency (VB) was attacked by an international group of hackers. The INC Ransom group claims responsibility for the attack.
Guardian Healthcare
November 8, 2024
•[ ransomware, malware, healthcare ]
Guardian Healthcare is the victim of a Stormous ransomware attack. The threat actors leaked 3 GB of files, many of which contain protected health information (PHI) of patients.
Stillwater Mining Company
November 6, 2024
•[ ransomware, malware, manufacturing ]
Stillwater Mining Company, the owner of the only platinum and palladium mines in the U.S. confirms that it experienced a cyberattack this Summer. The RansomHub ransomware gang claims responsibility for the attack.
At least one undisclosed government and/or tech company
November 4, 2024
•[ state-sponsored, malware, backdoor ]
Government cybersecurity reporting described PRC state-sponsored actors using BRICKSTORM malware to maintain long-term persistence in victim environments, primarily affecting government services/facilities and IT sector organizations. In a documented case, actors accessed a DMZ web server (with a web shell present), moved laterally using service account credentials, copied Active Directory databases, pivoted into VMware vCenter, accessed domain controllers and an ADFS server, and exported cryptographic keys. BRICKSTORM provided stealthy backdoor access for command-and-control and remote operations and was used for persistence from at least April 2024 through at least September 3, 2025. The specific victim organization name was not disclosed in the reporting.
Metawin
November 3, 2024
•[ financial, malware, technology ]
A threat actor steals over $4 million from crypto casino Metawin's Ethereum and Solana hot wallets
Lampard Community School
November 1, 2024
•[ ransomware, malware, education ]
Lampard Community School is hit by a cyber-attack and is being "blackmailed" by threat actors.
Housing Authority of the City of Los Angeles
November 1, 2024
•[ ransomware, malware, government ]
The Housing Authority of the City of Los Angeles (HACLA), one of the largest public housing authorities in the United States, confirms that a cyberattack hit its IT network after recent breach claims from the Cactus ransomware gang.
Mongolian Ministry of Defense
November 1, 2024
•[ espionage, malware, government ]
Researchers at Recorded Future observe the Chinese state-sponsored group RedDelta targeting Mongolia, Taiwan, Myanmar, Vietnam, and Cambodia with an adapted infection chain to distribute its customized PlugX backdoor.
Undisclosed South Korean company 2
November 1, 2024
•[ malware ]
Compromise used injected malicious JavaScript on South Korean business sites to deliver malware to corporate visitors.
Undisclosed South Korean company 6
November 1, 2024
•[ malware, watering hole attack, compromised web server ]
Lazarus Group compromised web servers frequented by IT professionals, infecting visitors through malicious redirects.
Undisclosed South Korean company 5
November 1, 2024
•[ supply chain, malware ]
Lazarus leveraged infected supplier web pages to gain access to semiconductor sector organizations in Korea.
