Undisclosed Myanmar government organization
March 1, 2025
•[ state-sponsored attack, malware, rootkit ]
Chinese state-linked threat actors deployed a kernel-mode rootkit to conceal ToneShell malware on systems belonging to a Myanmar government organization, enabling stealthy persistent access.
Undisclosed Thailand government organization
March 1, 2025
•[ malware ]
Researchers identified the use of a signed kernel-mode driver to hide ToneShell malware activity on systems of a Thai government organization, allowing covert long-term access.
Goshen Medical Center
February 15, 2025
•[ ransomware, leak, malware ]
BianLian-attributed intrusion at Goshen Medical Center; files accessed on 02/15/2025, detected 03/04/2025; 456,385 affected with PHI/PII including SSNs and DL numbers; listed on BianLians leak site in March; no outage confirmed.
Cocospy
February 14, 2025
•[ hack, malware, technology ]
In February 2025, the spyware service Cocospy suffered a data breach along with sibling spyware service, Spyic. The Cocospy breach alone exposed almost 1.8M customer email addresses which were provided to HIBP, and reportedly also enabled unauthorised access to captured messages, photos, call logs, and more. The data was provided to HIBP by a source who requested it be attributed to "zathienaephi@proton.me".
Kosovo Central Election Commission (KQZ)
February 11, 2025
•[ malware, infostealer ]
Cybersecurity experts observed that the official CEC website was infected with Lumma stealer via fake CAPTCHA payloads, distributing unauthorized links and malware to visitors. The site was targeted during and after elections, with evidence of malware distribution. No actor attribution was confirmed.
Users of Indian banking mobile apps
February 11, 2025
•[ malware, phishing, data leak ]
Android malware campaign disguised as Indian bank apps, distributed via phishing links and fake APKs to install FinStealer; exfiltration of banking credentials and personal information confirmed by CYFIRMA and other researchers.
Multiple Organizations in South Korea
February 6, 2025
•[ cryptomining, malware, trojan ]
ASEC analysis shows CoinMiner/XMRig variants delivered through trojanized removable media using DLL sideloading and PowerShell to mine cryptocurrency on compromised endpoints across Korea (the Republic of)n organizations.
PrivatBank
February 6, 2025
•[ phishing, malware, data leak ]
A criminal group identified as UAC-0006 used phishing emails with password-protected attachments to deliver SmokeLoader malware targeting PrivatBank customers. The campaign aimed to steal credentials and financial data, active since November 2024.
Users of Steam game PirateFi
February 6, 2025
•[ malware, data leak ]
Free-to-play game PirateFi on Steam removed after being discovered to install Vidar infostealer; victims urged by Valve to scan or reformat their systems.
University end-users via cloned site
February 5, 2025
•[ malvertising, phishing, malware ]
Malvertising campaign cloning a German university website to distribute a fake Cisco AnyConnect installer which installed NetSupport RAT on victim machines.
Russian Organizations Across Various Industries
February 5, 2025
•[ malware, phishing, data leak ]
Nova Infostealer malware campaign targeting Russian organizations across multiple industries collected credentials and files via phishing and malicious installers.
Russian Industrial Facilities
February 5, 2025
•[ infostealer, phishing, malware ]
Nova Infostealer was deployed by the threat group NGC4020 in Russian industrial facilities, stealing host credentials and files from infected endpoints through phishing and malicious installer packages.
Tata Technologies
January 31, 2025
•[ ransomware, malware, technology ]
Tata Technologies Ltd. suspends some of its IT services following a ransomware attack that impacted the company network.
Yazoo Valley Electric Power Association
January 30, 2025
•[ ransomware, malware, energy ]
Yazoo Valley Electric Power Association, an electric utility serving multiple counties in Mississippi discloses to suffer an attack by cybercriminals last summer in an incident that exposed the information of more than 20,000 residents. The Akira ransomware gang claims responsibility for the attack.
More than 570 computers linked to Mexico's government
January 27, 2025
•[ hack, malware, government ]
Threat actors infect more than 570 computers linked to Mexico's government domain gob.mx with infostealer malware, exposing sensitive data and login credentials.
Frederick Health Medical Group
January 27, 2025
•[ ransomware, malware, healthcare ]
Frederick Health Medical Group warns that there will be delays in service as it is hit by a ransomware attack.
Conad
January 27, 2025
•[ ransomware, malware, retail ]
Conad, an important wholesale chain in Italy, is hit with a Lynx ransomware attack.
New York Blood Center (NYBC)
January 26, 2025
•[ ransomware, malware, healthcare ]
The New York Blood Center (NYBC), one of the world's largest independent blood collection and distribution organizations, says a Sunday ransomware attack forced it to reschedule some appointments.
Jan Nygaard AS, a major BMW & MINI dealership in Denmark
January 25, 2025
•[ ransomware, hack, malware ]
Den store BMW- og Mini-forhandler Jan Nygaard, der omstter for mere end to milliarder kroner, advarer efter Computerworlds afslring tirsdag morgen sine kunder om, at deres data kan vre blevet stjlet af ransomware-gruppe under hackerangreb for mere end tre uger siden.
