ConnectWise
May 29, 2025
•[ nation-state attack, security incident, cloud security ]
ConnectWise reported a suspected nation-state breach impacting a small number of ScreenConnect cloud customers; investigation with Mandiant ongoing; no counts shared.
Keir Giles (UK academic)
May 22, 2025
•[ social engineering, phishing, data leak ]
Targeted social-engineering campaign impersonating U.S. State Department tricked Keir Giles into generating app-specific passwords, allowing a nation-state actor to access his Gmail account data stored on Google servers; no evidence of intrusion into affiliated institutional networks.
Ukrainian government and critical infrastructure organizations
September 25, 2024
•[ phishing, malware, espionage ]
Russian nation-state operators exploited a zero-day vulnerability in 7-Zip (CVE-2025-0411) beginning in September 2024 to deliver SmokeLoader malware through spearphishing campaigns targeting Ukrainian government and critical infrastructure entities. The campaign bypassed Windows Mark-of-the-Web protections to execute payloads and conduct espionage activities. No specific victims or data volumes have been disclosed.
Belgian State Security Service (VSSE)
May 31, 2023
•[ data leak, nation-state attack, vulnerability exploit ]
China-linked threat actors compromised VSSEs Barracuda Email Security Gateway between February 2021 and May 2023, exfiltrating around 10% of all staff email communications and employee personal data. No encryption or operational disruption was reported.
