Petroleos de Venezuela (PDVSA)
December 15, 2025
•[ ransomware, state-sponsored, service disruption ]
PDVSA confirmed a cyberattack impacted its administrative system and publicly blamed the United States, though outside experts had not substantiated that attribution. Reporting cited by the outlet said the incident was more damaging than PDVSA described, with the company website down and oil cargo deliveries suspended; company sources characterized it as a ransomware attack and described systems being down and deliveries halted for days.
French Ministry of the Interior
November 12, 2025
•[ government, data leak, email compromise ]
Frances Interior Minister confirmed that the Ministry of the Interior experienced a cyberattack affecting its email servers. The intrusion was detected overnight between 12/11/2025 and 12/12/2025 and enabled the threat actors to access the ministrys email infrastructure and some document files. At the time of public confirmation, officials had not confirmed whether data was exfiltrated. In response, the ministry reported implementing standard containment procedures, tightening security protocols, and strengthening access controls. French authorities opened an investigation to determine the origin, intent, and full scope of the breach; possible explanations cited publicly included foreign interference, activists, or cybercriminals. The ministry is a high-value target given its responsibility for police forces, internal security, and immigration services.
Undisclosed U.S. political associates (per Reuters)
July 1, 2025
•[ data leak, state-sponsored, political ]
Reuters-reported claim: Iran-linked actors threaten to release ~100 GB of emails allegedly stolen from associates of Donald Trump; CISA called material 'purportedly stolen' and 'unverified.'
At least one Crypto firm targeted via macOS malware
June 30, 2025
•[ malware, cryptocurrency, theft ]
Indonesian outlet Liputan6 reports North Korean actors using macOS malware to target cryptocurrency companies, consistent with DPRKs crypto theft campaigns.
Federal Customs Service; Federal Tax Service; Russian Railways (RZD)
June 10, 2025
•[ denial of service, state-sponsored ]
Ukraines Defense Intelligence Directorate (GUR) conducted coordinated DDoS operations from June 1012 2025 that temporarily paralyzed Russias Federal Customs and Tax Service networks and disrupted Russian Railways ticketing portals. Russias Federal Customs Service acknowledged complications in information exchange consistent with DDoS activity.
Tupolev
June 3, 2025
•[ data leak, website defacement, state-sponsored ]
Ukrainian intelligence (GUR) compromised Tupolevs internal servers and exfiltrated 4.4 GB of files including personnel records, procurement documents, internal memos, and meeting minutes. The companys website was briefly defaced following the breach.
Undisclosed Kyrgyzstan organization
June 1, 2025
•[ phishing, malware, state-sponsored ]
A nation-state actor known as Bloody Wolf conducted spearphishing impersonating the Kyrgyz Ministry of Justice to deploy JAR loaders and install NetSupport RAT for persistent access to organizational systems; no data theft was reported.
War & Sanctions Portal
April 7, 2025
•[ ddos, state-sponsored, disruption ]
On April 7 2025, Ukraines Main Intelligence Directorate (HUR) reported that a large-scale distributed denial-of-service (DDoS) attack targeted the War & Sanctions portal. The attack generated more than 56 million requests in 30 minutes from over 3,700 virtual machines located in at least ten countries, including Russia and China. It was attributed to Russian special services, but no specific agency was identified. The aim was to disrupt access to sanction-related information; the site remained online and suffered no data loss.
X (Formerly Twitter)
March 10, 2025
•[ DDoS, service disruption, hacktivism ]
Social media platform X (formerly Twitter) suffered a massive cyberattack involving a large-scale DDoS assault that caused worldwide outages and service disruptions. The company activated additional defenses through Cloudflare to mitigate the impact. The hacktivist group Dark Storm claimed responsibility for the attack, while Elon Musk suggested possible involvement of state-sponsored actors after attack traffic was traced to IPs originating from Ukraine a claim the group denied. The disruption temporarily affected user access and platform functionality, marking one of the largest attacks against X since its rebranding.
Google Play Users
January 3, 2025
•[ state-sponsored, infiltration ]
Report said North Korean hackers infiltrated Google Play to target users.
At least one undisclosed government and/or tech company
November 4, 2024
•[ state-sponsored, malware, backdoor ]
Government cybersecurity reporting described PRC state-sponsored actors using BRICKSTORM malware to maintain long-term persistence in victim environments, primarily affecting government services/facilities and IT sector organizations. In a documented case, actors accessed a DMZ web server (with a web shell present), moved laterally using service account credentials, copied Active Directory databases, pivoted into VMware vCenter, accessed domain controllers and an ADFS server, and exported cryptographic keys. BRICKSTORM provided stealthy backdoor access for command-and-control and remote operations and was used for persistence from at least April 2024 through at least September 3, 2025. The specific victim organization name was not disclosed in the reporting.
Danish Water Utility
January 6, 2024
•[ cyberattack, state-sponsored, critical infrastructure ]
Danish authorities stated that Russia carried out a destructive and disruptive cyberattack against a Danish water utility in 2024. Reporting cited by Danish media said the incident involved manipulation of pump pressure, which caused pipes to burst and left some homes temporarily without water. The public reporting did not name the utility or provide precise dates beyond year-level timing.
