news

Breaking Cyber News From Cyberint

Breaking news feed of the latest cyber incidents, breaches, vulnerabilities, malware, ransomware and so much more.

  • Mar 26, 2025

    • Mcgrath
    • Australia
    • Dienet
    • Australia And New Zealand
    • Real Estate

    DieNet Claim Breach of Australian Real Estate Company McGrath

    On March 25, 2025, the hacktivist group "DieNet" claimed responsibility for breaching McGrath, one of Australia's largest and fourth-ranked real estate companies. The breach allegedly involved the seizure of the company's entire database, which included sensitive data such as employee information, customer details, and business financial data (including receipts and company revenues). The group also mentioned that personal information of hundreds of real estate companies and individuals would be published. The targeting was reportedly motivated by Australia's alliance with the United States and support for Trump.

  • Mar 23, 2025

    • Israel
    • Social Services
    • Asia
    • Business Services
    • Government
    • Entertainment
    • Anonymous 71
    • Middle East

    Anonymous 71 Claims Attack on 10 Israeli Sites

    On March 23rd, 2025, the hacktivist group Anonymous 71 claimed to have shut down 10 Sites, 8 of which were located in Israel. The affected sites belong to companies in the Entertainment, Business Services, and Social Services sectors. The group has provided evidence of its DDoS attacks.

  • Mar 20, 2025

    • Retail
    • Red Wolf Team
    • Israel
    • Argal Services
    • Asia
    • Network Denial Of Service
    • Middle East

    Red Wolf Team Claims Attack on Argal Services

    On March 20th, the hacktivist group Red Wolf Team claimed an attack on the Israeli website of Argal Services. The group has provided evidence of its DDoS attack,

  • Mar 20, 2025

    • Israel
    • Asia
    • Israel Police - Cyber Crime Unit
    • Government
    • Islamic Hacker Army
    • Middle East

    Islamic Hacker Army Claim Attack on The Israeli Police

    On March 19th, 2025, the hacktivist group Islamic Hacker Army claimed an attack against the Israeli Police. The group has provided evidence of its DDoS attack.

  • Mar 20, 2025

    • Rippersec
    • Restoration Site, Rosh Pena Restoration Association
    • Israel
    • Asia
    • Business Services
    • Network Denial Of Service
    • Middle East

    Hacktivist Group RipperSec Claims Attack on roshpina.org.il

    On March 19th, 2025, the hacktivist group RipperSec claimed to have attacked the Israeli Website roshpina.org.il, A restoration association, the group has provided evidence of its DDoS attack.

  • Mar 20, 2025

    • Israel
    • Asia
    • Bangladesh Civilian Force
    • Education
    • Technion Israel Institute Of Technology
    • Middle East

    Hacktivist Group Bangladesh Civilian Force Claim Attack on the Technion

    On March 19th, 2025, the hacktivist group Bangladesh Civilian Force claimed to have attacked the Israeli Technion University. The group has provided evidence of its attack.

  • Mar 20, 2025

    • Rippersec
    • Israel
    • Asia
    • Education
    • Bar-Ilan University
    • Middle East

    Hacktivist Group RipperSec Targets Bar Ilan University

    On March 19th, 2025, the hacktivist group "RipperSec" claimed to have attacked the website of Bar-Ilan University. The group has provided evidence of its DDoS attack.

  • Mar 20, 2025

    • Finance
    • Israel
    • Asia
    • Turkiz
    • Insurance Agents, Brokers And Service
    • Middle East
    • Systemadminbd

    Hacktivist Group Systemadminbd Defaces Israeli Website

    On March 19th, 2025, the hacktivist group Systemadminbd claimed to have defaced an Israeli website, Turkiz. The group has provided evidence of its attack.

  • Mar 20, 2025

    • Israel
    • Asia
    • Business Services
    • Anonymous Bd
    • 10Buy.Co.Il
    • Middle East

    Hacktivist Group Anonymous BD Defaces 5 Israeli Websites

    On March 19th, 2025, the hacktivist group, Anonymous BD, claimed to have defaced 5 Israeli sites on the platform 10buy.co.il. The group has provided evidence of its attacks.

  • Mar 19, 2025

    • France
    • Europe
    • Western Europe
    • Technology
    • Hillshave
    • Luxury Watches

    Luxury-Watches - Breach- 2025-03-17

    A threat actor "HillShave" has leaked a database belonging to Luxury-Watches France, a website that sells high-end watches and diamonds and is based in Nice/Paris in France. According to the threat actor, the database includes about 100-200 unique emails and names.

  • Mar 19, 2025

    • Israel
    • Asia
    • Coreinjection
    • Technology
    • Middle East

    Threat Actor "CoreInjection" Sells Access To Israeli Digital Display Company

    On March 18, 2025, the threat actor CoreInjection claimed to have gained exclusive access to a prominent Israel-based company specializing in digital display solutions for shopping malls. The access includes control over 17 Windows servers, administrative permissions within the company’s advanced management systems, and direct entry to the central server managing the display inventory, allowing for immediate content control and propagation. The group also highlighted high-speed connectivity, ideal for data extraction or exfiltration. The asking price for this access is $100,000 USD, with payment accepted exclusively via cryptocurrency. On March 18th, a digital banner in an Israeli mall was hijacked with a message saying "Defaced by Coreinjection, Clal pay the ransom", the attack could relate to previous attacks claimed by the threat actor on Clal Insurance to pressure the victim.

  • Mar 19, 2025

    • Hadshon Hebrew
    • Israel
    • Asia
    • Electronic Tigers Unit
    • Education
    • Middle East

    Electronic Tigers Unit Claims DDoS Attack on Hadshon Hebrew in Israel

    On March 19th, 2025, the hacktivist group "Electronic Tigers Unit" claimed to have attacked Hadshon Hebrew, an Israeli educational platform. The group has provided evidence of its DDoS attack.

  • Mar 19, 2025

    • Israel
    • Asia
    • Electronic Tigers Unit
    • Government
    • Galilee Development Authority
    • Middle East

    Electronic Tigers Unit - DDoS - Galilee Development Authority - 2025-03-19

    On March 19th, 2025, the hacktivist group "Electronic Tigers Unit" claimed an attack on the website of the Galilee Development Authority, in Israel. The hacktivist group has provided evidence of its DDoS attack.

  • Mar 18, 2025

    • Israel
    • Asia
    • Automotive
    • Coreinjection
    • Middle East

    Threat Actor Sells Access To Israeli Automotive Company

    On March 16, 2025, the threat actor group CoreInjection claimed to have gained full access to the internal network and management email systems of a prominent international car company operating in Israel. The breach includes control over the company’s Israeli network infrastructure and direct access to high-level executive and managerial email accounts. The group is offering this access for sale at $50,000 USD.

  • Mar 18, 2025

    • Finance
    • Clal Insurance
    • Israel
    • Asia
    • Coreinjection
    • Middle East

    Threat Actor Claims to Have Breached Clal Insurance, Offers Database for 200 Thousand Dollars

    On March 17, 2025, the threat actor CoreInjection claimed to have stolen 400,000 customer policies and sensitive files from Clal Insurance, one of Israel's largest insurance companies. The leaked dataset includes detailed policy information for 400,000 customers, along with personally identifiable information (PII), financial data, and other confidential records. The threat actor is reportedly offering the data for sale at $200,000, with payment to be made exclusively via cryptocurrency.

  • Mar 17, 2025

    • North America
    • United States
    • Coreinjection
    • Manufacturing

    Sale of Admin Access to U.S. Industrial Firm Revealed on Dark Web

    A threat actor known as "CoreInjection" recently posted on the dark web forum "BreachForums" offering exclusive administrative command-line interface (CLI) and shell access to a major U.S.-based industrial machinery and equipment company. The sale, priced at $100,000, grants full administrative privileges to the company's remote management system, which could allow threat actors deep control over critical systems.

  • Mar 17, 2025

    • Kospy
    • Apt37

    New Android Spyware Kospy Linked to North Korean Threat Actor Scarcruft

    The North Korea-linked threat actor Scarcruft has been identified as the creator of a new Android surveillance tool named Kospy, which targets both Korean and English-speaking users. This malware, which has been active since March 2022, masquerades as legitimate utility applications on the Google Play Store to deceive users into downloading it. Kospy is capable of collecting extensive data from infected devices, including SMS messages, call logs, and location information, while utilizing a sophisticated command-and-control infrastructure that allows it to operate stealthily. The malware's plugins and configurations remain largely unknown, as the command servers are either inactive or unresponsive.

  • Mar 17, 2025

    • Rippersec
    • Israel
    • Asia
    • Network Denial Of Service
    • Shenkar College
    • Education
    • Middle East

    Hacktivist Group RipperSec Claims Attack on Shenkar College

    On March 16th, 2025, the hacktivist group RipperSec claimed to have taken down the website of Shenkar College. The hacktivist group has provided evidence of its DDoS Attack.

  • Mar 16, 2025

    • Pogrom.Org.Il
    • Rippersec
    • Network Denial Of Service

    Hacktivist Group RipperSec Claims Atack on pogrom.org.il

    On March 16th, 2025, the hacktivist group RipperSec claimed to have taken down the website of pogrom.org.il. The threat actor has provided evidence of its DDoS Attack

  • Mar 16, 2025

    • Rippersec
    • Israel
    • Asia
    • Business Services
    • Ministry Of Education (Israel
    • Middle East

    Hacktivist Group RipperSec Claims Attack on Israeli Ministry of Education

    On March 15th, 2025, the hacktivist group RipperSec claimed to have taken down the website of the Israeli Ministry of Education. The threat actor has provided evidence of its DDoS Attack

  • Mar 16, 2025

    • Gadish-Maoz
    • Sheket Team
    • Gufyprint.Co.Il
    • 4Sale Real Estate
    • Construction
    • Asia
    • Lulzsec Black
    • Se Lawfirm
    • Honigsfeld.Co.Il
    • Jokeir 07X
    • Stock Matok
    • Jbags.Co.Il
    • Retail
    • Israel
    • Netzz.Co.Il
    • Healthcare
    • Libi Studio
    • Israel'S Traditional Chinese Medicine Association
    • Manufacturing
    • Middle East
    • Legal Services
    • Business Services
    • Media
    • Heldstudio.Co.Il
    • Health Services
    • Miscellaneous Manufacturing Industries
    • Real Estate

    Hacktivist Groups Claim To Have Breached Israeli Web Hosting Server and to Have Deleted 12 Israeli Websites

    On March 14th, 2025, the hacktivist groups "LulzSec Black" and "Jokeir 07x" claimed to have gained access to an Israeli web hosting server and as a result, taken down 12 Israeli Sites, among those sites,

  • Mar 16, 2025

    • The Knesset
    • Israel
    • Asia
    • Babuk2
    • Government
    • Middle East

    Ransomware Group Babuk2 Claims to Have Attacked The Knesset

    On March 15th, the ransomware group "Babuk2" claimed to have attacked the Knesset, Israel's Parliament, and to have exfiltrated 910 GB of internal data, including more than 200 thousand documents. Babuk2 is selling the data, along with publishing a portion of the data on their DLS.

  • Mar 13, 2025

    • Hades_Hgs
    • Turk Nokta Net
    • Asia
    • Telecommunications
    • Middle East
    • Turkey

    Threat Actor Claims to Have Breached TurkNet

    In March 2025, a threat actor named hades_hgs claimed to have breached Turknet, a telecommunications company in Türkiye, and to have gained access to its database. According to the threat actor, approximately 2.8 million rows of data belonging to Turknet's customers were taken, including sensitive information such as customer IDs, contact details, addresses, usernames, and identification numbers.

  • Mar 13, 2025

    • National Telecommunications Commission
    • Asia
    • Luxurysp1D3R
    • South-Eastern Asia
    • Government
    • Philippines

    Threat Actor Claims to Have Breached the National Telecommunications Commission (NTC) of the Philippines

    In March 2025, a threat actor named LuxurySp1d3r claimed to have breached the National Telecommunications Commission (NTC) of the Philippines and to have gained access to its database. According to the threat actor, a critical dataset belonging to the NTC was taken, including sensitive information related to nationwide telecommunications operations, surveillance mechanisms, and user tracking systems.

  • Mar 13, 2025

    • Unc3886
    • Juniper

    Chinese Espionage Group Targets Juniper Routers with Custom Backdoors

    The China-nexus cyber espionage group, tracked as UNC3886, has been observed targeting Juniper Networks routers in a campaign aimed at deploying custom backdoors. These backdoors exhibit various capabilities, including disabling logging mechanisms and maintaining persistent remote access. The group has evolved its tactics, previously exploiting zero-day vulnerabilities in devices from Fortinet, Ivanti, and VMware. The latest activity, identified in mid-2024, involves the use of multiple distinct backdoors based on the Tinyshell framework, showcasing the group's advanced knowledge of system internals and a focus on stealth and long-term persistence. Organizations are advised to upgrade their Juniper devices to mitigate these threats.

  • Mar 12, 2025

    • France
    • Western Europe
    • Europe
    • National Union Of School Sports
    • Entertainment
    • Vorvitz_5

    Data Breach Announcement: UNSS France (7.7M Citizens & 10.5K Educational Institutions)

    A threat actor known as "vorvitz_5" has announced the breach of data from 7.7 million French citizens associated with the UNSS (National Union of School Sports), exposing sensitive information such as gender, full names, birthdates, personal and parental email addresses, and phone numbers. Additionally, the breach includes details of 10.5K educational institutions, with data such as institutional identifiers, administrative contacts, phone numbers, fax numbers, postal codes, and banking information (IBAN, BIC). The threat actor offers the data for sale and has shared sample files on the dark net forum "BreachForums."

  • Mar 12, 2025

    • Afghanistan
    • Stealerbot
    • Energy
    • Asia
    • Djibouti
    • Northern Africa
    • Bangladesh
    • Eastern Asia
    • United Arab Emirates
    • Eastern Europe
    • Sub-Saharan Africa
    • Algeria
    • Southern Asia
    • Sidewinder
    • South-Eastern Asia
    • Telecommunications
    • Middle East
    • CVE-2017-11882
    • Real Estate
    • Rwanda
    • Egypt
    • Business Services
    • Bulgaria
    • India
    • Cve-2017-11882
    • Cambodia
    • Saudi Arabia
    • Africa
    • Europe
    • Uganda
    • Maldives
    • China
    • Vietnam
    • Turkey

    Sidewinder APT Targets Maritime and Nuclear Sectors in Asia and Africa

    The advanced persistent threat (APT) group known as Sidewinder has been actively targeting maritime and logistics companies, as well as nuclear energy infrastructure across South and Southeast Asia, the Middle East, and Africa. Observed by Kaspersky in 2024, the group's attacks have affected countries including Bangladesh, Cambodia, Djibouti, Egypt, the UAE, and Vietnam, with a notable focus on diplomatic entities in various nations. Sidewinder employs sophisticated tactics, including spear-phishing and exploiting known vulnerabilities, to maintain persistence on compromised networks and evade detection

  • Mar 12, 2025

    • Transportation
    • Europe
    • United Kingdom
    • Jaguar Land Rover
    • Hikki-Chan

    Jaguar Land Rover Data Breach Exposes Sensitive Internal Documents and Employee Information

    In March 2025, "Jaguar Land Rover," a global automotive leader with a reported revenue of $29.9 billion, suffered a significant data breach. The leak involved around 700 internal documents, including confidential files, development logs, tracking data, source codes, and a compromised employee dataset. This dataset exposed sensitive information such as usernames, email addresses, display names, and time zones. The breach was posted on the dark net forum "BreachForums" by the threat actor known as "Rey."

  • Mar 12, 2025

    • Finance
    • Asia
    • Middle East
    • Israel

    Threat Actor Publishes a Dataset of 150K Israeli Emails and Passwords

    On March 12th, 2025, in an underground chat group dedicated to the circulation of stolen data, a threat actor published 2 datasets of Israeli citizens, one dataset contains 150 thousand email addresses (ending with the TLD .il) and passwords, the other seems to contain credit card information.

  • Mar 12, 2025

    • Finance
    • Israel Innovation Authority
    • Rippersec
    • Israel
    • Asia
    • Middle East

    RipperSec Attacks Israel Innovation Authority

    On March 12th, 2025, the hacktivist group RipperSec claimed to have taken down the website of the Israeli Innovation Authority. The threat actor has provided evidence of its DDoS Attack

  • Mar 11, 2025

    • Illeak
    • Israel

    ILleak Group Leaks Vaccination Data of 500,000 Israelis

    The "ILleak" threat actor group has released sensitive vaccination data of approximately 500,000 Israelis, offering the information for sale for one million dollars. The data includes personal details such as names, identification numbers, birthdates, and vaccine information. The group also made a sample of 500 records available for free.

  • Mar 11, 2025

    • Re/Max Israel
    • Israel
    • Asia
    • Cyber Fattah Team
    • Real Estate
    • Middle East

    Hacktivist Group Cyber Fattah Claims To Have Defaced RE/MAX Israel's Website

    On March 9th, the hacktivist group, "Cyber Fattah" claimed to have defaced a domain belonging to Israel's Largest Real Estate Company, RE/MAX. The group provided evidence of its attack

  • Mar 11, 2025

    • Israeli Air Force
    • Sk_Ekf

    Threat Actor Claims To Have Breached The Israeli Air Force

    On March 9, 2025, a threat actor named "sk_ekf" claimed to have obtained an Israeli Airforce database containing 61,000 active records, with data valid until January 9, 2025. The database includes sensitive information such as pilot IDs, license IDs, last update dates, Hebrew and English names, and other military-related data, though the full contents were not revealed. The data is available in XLSX/CSV format and is offered to serious buyers only.

  • Mar 10, 2025

    • Spider-X
    • Israel
    • Asia
    • Ben Gurion Radio Station
    • Middle East

    SPIDER-X Claims DDoS Attack against Israeli Radio Station 'Ben Gurion' Website

    The threat actor group 'SPIDER-X' has claimed responsibility for breaching the Israeli Radio Station Ben Gurion's Website. The group has provided evidence of the attack.

  • Mar 10, 2025

    • Kablan Net
    • Facemaster
    • Weonline
    • Malki Media
    • Channel13.Co.Il
    • Asia
    • Retail
    • Now Malki
    • Byit.Co.Il
    • Israel
    • 123Bignet.Co.Il
    • Telecommunications
    • Beisrael
    • Di Center
    • Netivey Dolev
    • Middle East
    • Cyber ​​Islamic Resistance
    • Malki Plus
    • Business Services
    • Av Plumber
    • U B First

    Cyber ​​Islamic Resistance Claims To Have Defaced 14 Israeli Sites

    On March 10th, the hacktivist group Cyber ​​Islamic Resistance claimed to have gained access to a web hosting server and to have defaced 14 Israeli websites, Specifically targeting companies in the Retail, Business Services, and Telecommunications Sectors

  • Mar 10, 2025

    • Defacement
    • Israel
    • Asia
    • Cyber Fattah Team
    • Middle East

    Cyber Fattah Team Defaces Israeli Websites with Pro-Palestinian Messages

    The threat actor group 'Cyber Fattah Team' has launched defacement attacks against multiple Israeli company websites. As a result, the affected websites' homepages have been altered to display pro-Palestinian propaganda attributed to the group.

  • Mar 10, 2025

    • Rhadamanthys
    • Stealc
    • Encrypthub
    • Fickle
    • Encryptrat
    • Kematian

    Encrypthub - New Financially Motivated Threat Actor Group is Active in a New Campaign

    The financially motivated threat actor known as Encrypthub has been orchestrating sophisticated phishing campaigns aimed at deploying information stealers and ransomware. Active since June 2024, Encrypthub employs various tactics including SMS and voice phishing to trick victims into installing malicious software disguised as legitimate applications. The group has been linked to other ransomware entities and utilizes third-party pay-per-install services to distribute malware at scale. Their operations include the development of a command-and-control panel named Encryptrat to manage infections and stolen data, highlighting the need for organizations to adopt robust security measures against such evolving threats.

  • Mar 09, 2025

    • France
    • Transportation
    • Hellcat
    • Europe
    • Western Europe
    • Groupe Renault

    Threat Actor "Rey" Leaks Data Allegedly Belonging to Renault Group

    In March 2025, the Ransomware Group Hellcat claimed to have gained access to a database containing Renault Group's data, after exfiltrating AWS Keys from Renault's vendor - OneDealer. According to the threat actor speaking for the group, "Rey", over 17 GB of data belonging to Renault's customers was taken, including 144,000 files containing invoices, contracts, and other critical business information.

  • Mar 09, 2025

    • France
    • Europe
    • Western Europe
    • Energy
    • Division Production Ingénierie Hydraulique
    • Arkeliaad

    EDF DPIH - Breach - 2025-02-28

    A threat actor named "Arkeliaad" leaked a database belonging to France's electricity producer, DPIH (a division of EDF-France’s national electricity provider), on BreachForums. According to the threat actor, the database contains nuclear power plant maintenance records, planned tasks, inspections and site visit logs, internal intervention and engineering reports, identities and access credentials of authorized personnel, as well as plans for the future. It also allegedly contains all the identifiers of the agents.

  • Mar 09, 2025

    • Finance
    • Israel
    • Asia
    • Israel'S National Insurance
    • Zeggo
    • Middle East
    • Insurance Agents, Brokers And Service

    Threat Actor "zeggo" Leaks Data from Israel's National Insurance Institute on BreachForums

    A threat actor known as "zeggo" has claimed responsibility for leaking data from the "National Insurance Institute of Israel" (Bituach Leumi). The exposed dataset, published on the dark web forum "BreachForums," consists of two separate files containing 41,749 records with personal and contact information. The leaked data, stored in JSON format, allegedly includes emails, names, gender, phone numbers, addresses, types of treatment, and supplier details.

  • Mar 09, 2025

    • Netsupport Rat
    • Doenerium
    • Lumma Stealer

    Massive Malvertising Campaign Targets Over One Million Devices Globally

    Microsoft has disclosed a large-scale malvertising campaign, tracked under the name Storm-0408, which has impacted over one million devices worldwide. The campaign, originating from illegal streaming websites, employs a complex redirection chain to deliver remote access and information-stealing malware via platforms like GitHub, Discord, and Dropbox. The attack involves multiple stages, including system reconnaissance and data exfiltration, utilizing various scripts and tools to evade detection and steal sensitive information. The indiscriminate nature of the attack affects both consumer and enterprise devices across various industries.

  • Mar 06, 2025

    • Israel
    • Asia
    • Healthcare
    • Bikurofe
    • Middle East

    Suspected Attack by Iranian Threat Actors on Bikurofe

    Earlier this week, Bikurofe, an Israeli health clinic chain, suffered a cybersecurity incident propagated by threat actors, believed to be of Iranian origin. The National Cyber Directorate and the clinic’s cybersecurity team are investigating the event, examining whether any data leakage occurred and its nature. So far, no indication of sensitive or significant data being leaked has been found.

  • Mar 06, 2025

    • Israel
    • Construction
    • Edri Ltd
    • Asia
    • Cyber Toufan Operation
    • Middle East

    'Cyber Toufan' Claims Data Breach of Israeli Construction Firm 'Edri LTD'

    The threat actor group 'Cyber Toufan' has claimed responsibility for breaching the Israeli construction company 'Edri LTD.' According to the group, the stolen data includes sensitive files related to the company's projects, suppliers, clients, and credentials. They have also shared screenshots of documents and Excel tables as proof of the breach.

  • Mar 06, 2025

    • Dominican Republic
    • Finance
    • Transportation
    • Latin America And The Caribbean
    • Venezuela
    • Dark Caracal
    • Healthcare
    • Chile
    • Ecuador
    • Colombia
    • Manufacturing
    • Poco-Rat

    Dark Caracal's New Campaign: Poco RAT Targets Latin America

    The threat actor known as Dark Caracal has been linked to a new malware campaign deploying a remote access trojan called Poco RAT, primarily targeting Spanish-speaking countries in Latin America. According to a report by Positive Technologies, Poco RAT is equipped with extensive espionage capabilities, allowing it to upload files, capture screenshots, and execute commands on compromised systems. The campaign employs phishing emails with finance-themed lures to initiate infections, utilizing decoy documents that redirect victims to download malicious payloads from legitimate file-sharing services. The attacks are focused on enterprises in Venezuela, Chile, the Dominican Republic, Colombia, and Ecuador, continuing Dark Caracal's longstanding history of cyber espionage against Spanish-speaking targets.

  • Mar 05, 2025

    • Abhivenom123
    • United Arab Emirates
    • Middle East
    • Asia

    Threat Actor Leaks UAE Passports and IDs

    On March 5th, 2025, a threat actor named abhivenom123 published a dataset from the United Arab Emirates containing 3.5 GB of data belonging to UAE citizens' information, including passports and ID information.

  • Mar 05, 2025

    • United States
    • Asia
    • Brute Force
    • Financial Theft
    • Eastern Asia
    • North America
    • China
    • Technology
    • Password Brute Forcing

    Mass Exploitation Campaign Targets ISPs in China and the US

    A mass exploitation campaign has been identified targeting internet service providers (ISPs) in China and the West Coast of the United States, deploying information stealers and cryptocurrency miners on compromised systems. The threat actors, who remain unidentified, have been observed using minimal intrusive operations to avoid detection while leveraging brute-force attacks on weak credentials. The campaign involves the use of scripting languages like Python and PowerShell for command-and-control operations, and the malware is capable of stealing sensitive information, including cryptocurrency wallet addresses, and exfiltrating it via Telegram. Over 4,000 IP addresses belonging to ISPs were specifically targeted, with the attackers employing tools to disable security features and conduct network scanning before executing their payloads.

  • Mar 05, 2025

    • Transportation
    • Asia
    • Sosano
    • United Arab Emirates
    • Telecommunications
    • Unk_Craftycamel
    • Middle East

    New Phishing Campaign Targets UAE Aviation Sector

    A new phishing campaign has been identified as targeting fewer than five organizations in the United Arab Emirates, specifically within the aviation and satellite communications sectors. This campaign utilized a compromised email account from an Indian electronics company, Indic Electronics, to deliver a previously undocumented Golang backdoor named Sosano. The attack employed sophisticated techniques, including the use of polyglot files and a malicious zip archive, to execute the backdoor and establish a command-and-control connection. Analysts suggest the campaign may be linked to an Iranian-aligned adversary, named "unk_craftycamel" by ProofPoint.

  • Mar 04, 2025

    • Dni
    • Europe
    • Business Services
    • Southern Europe
    • Legálitas
    • Spain

    Legalitas - Breach- 2025-03-03

    A threat actor known as DNI claims to be selling data allegedly exfiltrated from legalitas.com, a Spanish legal services company. The breach reportedly affects 125 clients and includes sensitive personal and financial information. The leaked dataset allegedly contains front and back copies of DNI (Spanish national ID), bank account details, including IBAN, full names, and DNI numbers.

  • Mar 04, 2025

    • Europe
    • Polsa
    • Poland
    • Government
    • Eastern Europe

    POLSA- Breach - 2025-03-02

    The Polish Space Agency (POLSA) is currently dealing with a "cybersecurity incident," it confirmed via its X account on Sunday. POLSA didn't reveal much in the way of details about what's going on, other than that the agency "immediately disconnected" its own network after discovering an intrusion into its systems. The social media post suggests this measure was taken to safeguard the security of its data.

  • Mar 03, 2025

    • Finance
    • Hikki-Chan
    • Latin America And The Caribbean
    • Zurich Insurance
    • Brazil

    Threat Actor Rey Claims Breach of Zurich Insurance

    On March 2nd, 2025, a threat actor named Rey published data reportedly belonging to Zurich Insurance Group. The threat actor claimed to have gained access to their database in February 2025. In addition, the threat actor contended that over 1,400 highly sensitive internal files belonging to Zurich Insurance Group's customers were taken, including financial reports, contracts, internal emails, and sensitive documents.

Ready to
experience hyper-relevance?

See Argos Edge in action!

Schedule a demo

Uncover your compromised credentials from the deep and dark web

Fill in your business email to start