Donbas Post
November 24, 2025
•[ hacktivism, wiper attack, data destruction ]
Ukrainian Cyber Alliance claimed responsibility for wiping Donbas Post's systems in Russian-occupied Ukraine, deleting data from over 1,000 workstations and dozens of servers, disrupting web, email, and corporate operations.
Municipality of Tirana (City of Tirana)
June 20, 2025
•[ data leak, denial of service, state-sponsored attack ]
Iran-linked MOIS cluster EUROPIUM (Homeland Justice) conducted a coordinated cyberattack on Tiranas municipal government on Jun 20 2025, taking the city website offline and disrupting services; attackers claimed data theft and wiping of city databases; Microsoft and Albanian officials attributed the activity to MOIS-linked operators; restoration completed by Jun 24 2025.
At least one Ukrainian grain producer
June 1, 2025
•[ malware, wiper attack, state-sponsored attack ]
Russian state-backed threat group Sandworm, also known as APT44, used several data-wiping malware families in a series of destructive attacks against Ukrainian organizations in 2025, including newly reported operations targeting the countrys grain sector. An ESET APT activity report cited by BleepingComputer says that in June and September Sandworm deployed wipers like ZEROLOT and Sting against entities in the governmental, energy, logistics, and grain industries, with the grain sector highlighted as a less frequent but strategically important target. The wipers corrupt files, disk partitions, and master boot records in ways that prevent recovery, likely aiming to weaken Ukraines war economy by disrupting a critical export industry.
