American Associated Pharmacies
November 18, 2024
•[ ransomware, malware, retail ]
Ransomware group Embargo threatens to publish nearly 1.5 terabytes of data allegedly stolen in an attack on American Associated Pharmacies, a collaborative of 2,000 independent pharmacies.
Manufacturing industry in Pakistan
November 16, 2024
•[ espionage, malware, manufacturing ]
Researchers at Cyble discover a campaign linked to the known APT group DONOT, targeting the manufacturing industry that supports the countrys maritime and defense sectors.
Hungary Defense Procurement Agency
November 8, 2024
•[ ransomware, malware, government ]
Hungarian officials confirm to local media that the countrys defense procurement agency (VB) was attacked by an international group of hackers. The INC Ransom group claims responsibility for the attack.
Guardian Healthcare
November 8, 2024
•[ ransomware, malware, healthcare ]
Guardian Healthcare is the victim of a Stormous ransomware attack. The threat actors leaked 3 GB of files, many of which contain protected health information (PHI) of patients.
Stillwater Mining Company
November 6, 2024
•[ ransomware, malware, manufacturing ]
Stillwater Mining Company, the owner of the only platinum and palladium mines in the U.S. confirms that it experienced a cyberattack this Summer. The RansomHub ransomware gang claims responsibility for the attack.
At least one undisclosed government and/or tech company
November 4, 2024
•[ state-sponsored, malware, backdoor ]
Government cybersecurity reporting described PRC state-sponsored actors using BRICKSTORM malware to maintain long-term persistence in victim environments, primarily affecting government services/facilities and IT sector organizations. In a documented case, actors accessed a DMZ web server (with a web shell present), moved laterally using service account credentials, copied Active Directory databases, pivoted into VMware vCenter, accessed domain controllers and an ADFS server, and exported cryptographic keys. BRICKSTORM provided stealthy backdoor access for command-and-control and remote operations and was used for persistence from at least April 2024 through at least September 3, 2025. The specific victim organization name was not disclosed in the reporting.
Metawin
November 3, 2024
•[ financial, malware, technology ]
A threat actor steals over $4 million from crypto casino Metawin's Ethereum and Solana hot wallets
Lampard Community School
November 1, 2024
•[ ransomware, malware, education ]
Lampard Community School is hit by a cyber-attack and is being "blackmailed" by threat actors.
Housing Authority of the City of Los Angeles
November 1, 2024
•[ ransomware, malware, government ]
The Housing Authority of the City of Los Angeles (HACLA), one of the largest public housing authorities in the United States, confirms that a cyberattack hit its IT network after recent breach claims from the Cactus ransomware gang.
Mongolian Ministry of Defense
November 1, 2024
•[ espionage, malware, government ]
Researchers at Recorded Future observe the Chinese state-sponsored group RedDelta targeting Mongolia, Taiwan, Myanmar, Vietnam, and Cambodia with an adapted infection chain to distribute its customized PlugX backdoor.
Undisclosed South Korean company 2
November 1, 2024
•[ malware ]
Compromise used injected malicious JavaScript on South Korean business sites to deliver malware to corporate visitors.
Undisclosed South Korean company 6
November 1, 2024
•[ malware, watering hole attack, compromised web server ]
Lazarus Group compromised web servers frequented by IT professionals, infecting visitors through malicious redirects.
Undisclosed South Korean company 5
November 1, 2024
•[ supply chain, malware ]
Lazarus leveraged infected supplier web pages to gain access to semiconductor sector organizations in Korea.
Bucharest City Hall
October 31, 2024
•[ ransomware, malware, government ]
The data of approximately 200,000 citizens of the administrative unit Sector 5 of the city of Bucharest are put up for sale after the City Hall suffers a RansomHub ransomware attack at the end of October.
Crypto users
October 31, 2024
•[ financial, malware, finance ]
The popular LottieFiles Lotti-Player project is compromised in a supply chain attack to inject a crypto drainer into websites that steals visitors' cryptocurrency.
Organizations in Israel
October 31, 2024
•[ espionage, malware, technology ]
Researchers at Check Point reveal that the threat actor dubber WIRTE, affiliated with Hamas has expanded its malicious cyber operations beyond espionage to carry out disruptive attacks with the SameCoin malware that exclusively target Israeli entities.
Tver Administration's Network
October 29, 2024
•[ hack, malware, government ]
A group with the moniker of Ukrainian Cyber Alliance claims to have taken down the Tver administration's network and to have wiped out dozens of virtual machines, backup storage, websites, email, and hundreds of workstations.
Newpark Resources
October 29, 2024
•[ ransomware, malware, energy ]
Newpark Resources, a key supplier for oilfields says a ransomware attack caused disruptions and limited access to certain systems.
AEP
October 28, 2024
•[ ransomware, malware, retail ]
German pharmaceutical distributor AEP is hit with a ransomware attack.
City of Coppell
October 23, 2024
•[ ransomware, malware, government ]
The RansomHub operation takes credit for a damaging attack on the city of Coppell, Texas.
