Threat Pulse – April 2025
Each month, DigitalXRAID’s Security Operations Centre (SOC) analysts share the top threats affecting businesses globally. Take action to protect your organisation against these prolific threats.
If you’ve been affected by any of these threats, we’re here to help. You can call our Cyber Emergency line any time of the day or night for help with active cyberattacks.
DigitalXRAID’s SOC analysts constantly monitor for zero-day threats and update our signature databases using the largest Open Threat Exchange database available.
Marks & Spencer and Co-op Cyberattacks (UK)
Incident: Hackers impersonated employees to deceive IT help desks into resetting passwords, granting unauthorised access to internal networks.
Impact: Marks & Spencer experienced a 12% share decline and suspended online clothing and home orders. The financial impact was estimated at £30 million, with ongoing losses of around £15 million weekly.
Response: The UK’s National Cyber Security Centre advised organisations to revise help desk protocols to prevent similar breaches.
Pahalgam Terror Attack Leads to Surge in Cyberattacks
Incident: Following a terror attack in Pahalgam, India faced a surge of cyberattacks, averaging 30 to 40 significant threats daily.
Targets: Initially focused on financial sector entities, the attacks expanded to critical infrastructure, particularly the power sector.
Response: Indian authorities are actively engaged in mitigating these threats, highlighting the rising importance of cybersecurity in national defence.
Berkeley Research Group Data Breach
Incident: A cyberattack on the Berkeley Research Group breached sensitive data related to multiple Catholic church bankruptcy filings across the US.
Method: The attacker infiltrated BRG’s internal systems by impersonating an IT worker via Microsoft Teams and deployed Chaos ransomware.
Impact: Exposed information includes victims’ identities and abuse claims.
Response: BRG paid the ransom and received a destruction log in return, but the US Justice Department is scrutinising its delayed public disclosure of the breach.
DaVita Ransomware Attack
Incident: DaVita Inc, a kidney disease treatment company, reported a ransomware attack that encrypted certain network elements.
Impact: The attack disrupted operations, though DaVita activated its incident response protocols and engaged third-party cybersecurity experts.
Response: Law enforcement has been notified, and the company is working to restore functionality via interim measures.
Co-op Cyberattack
Incident: The Co-op Group in the UK was targeted by a cyberattack that prompted the company to shut down some back office and call centre operations as a precaution.
Impact: Despite the attack, all Co-op stores, ecommerce services, and funeral homes continued to operate normally.
Response: The Co-op is collaborating with the National Cyber Security Centre to manage the situation.
BreachForums Zero-Day Exploitation
Incident: BreachForums administrators reported that the site was taken offline earlier in the month after law enforcement agencies exploited an undisclosed zero-day vulnerability in the MyBB forum software to gain covert access. The administrators stated that no evidence of data compromise was found but warned that recently launched “BreachForums” clones were “likely honeypots.”
Impact: The forum was taken offline, and administrators warned that recently launched “BreachForums” clones were “likely honeypots.”
Response: The forum’s back-end is being rewritten, and no evidence of data compromise was found.
4chan Data Breach
Incident: 4chan was hacked by an anonymous user of “soyjak.party,” a rival imageboard website.
Impact: Source code and user logins of those who registered with emails were reportedly acquired and leaked online.
Response: The website was taken offline, and administrators are investigating the breach.
SK Telecom – Data Breach and Share Price Drop
Incident: South Korea’s largest mobile carrier, SK Telecom, experienced a significant data breach caused by a cyberattack. The breach, discovered on April 18, resulted in a large-scale leak of customer data due to malware.
Impact: Following the disclosure, SK Telecom’s shares plunged up to 8.5%, marking its lowest level since August of the previous year.
Response: SK Telecom accepted full responsibility and announced remedial actions, including offering all 23 million subscribers free USIM card replacements.
IBM MQ
IBM MQ was affected by a command injection vulnerability (CVE-2025-0975) in its console, allowing authenticated users to execute arbitrary code due to improper neutralisation of escape characters. This vulnerability had a CVSS base score of 8.8, indicating high severity. Affected versions included IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD. IBM addressed this issue under APAR IT47597 and recommended applying the appropriate cumulative security updates or fix packs for the affected versions.
Emphasis on Human-Centric Security Awareness
Recognising that human error remains a significant vulnerability, organisations are investing in comprehensive security awareness training programmes. These initiatives aim to empower employees to recognise and respond effectively to cyber threats, thereby strengthening the overall security posture.
DigitalXRAID exists to ensure that the bad guys don’t win. We’re driven and motivated to protect customers. Our expertise and unrivalled service means we can take care of your security, whilst you take care of business.
Talk to the team to see how you can start protecting your business against cyberattacks today.
