DigitalXRAID

Threat Pulse – July 2025 

Each month, DigitalXRAID’s Security Operations Centre (SOC) analysts share the top threats affecting businesses globally. Take action to protect your organisation against these prolific threats.  

If you’ve been affected by any of these threats, we’re here to help. You can call our Cyber Emergency line any time of the day or night for help with active cyberattacks.  

DigitalXRAID’s SOC analysts constantly monitor for zero-day threats and update our signature databases using the most comprehensive Threat Intelligence and Open Threat Exchange databases available worldwide. 

Welthungerhilfe (Germany) — Ransomware Attack 

Date: July 1, 2025 

Details: The German hunger-relief charity Welthungerhilfe was hit by the Rhysida ransomware gang, which encrypted and stole data, demanding around 20 Bitcoin (BTC) (~US$2.3million) in ransom. 

DDoS Attack on FC Barcelona Livestream 

During a friendly match between FC Barcelona and Vissel Kobe on 27 July in Kobe, Japan, attackers launched a DDoS attack that disrupted Barcelona’s livestream broadcast, making the match inaccessible online worldwide. This incident highlights how cyber disruption can directly impact fan engagement and revenue. 

Allianz Life (USA) — CRM-Based Data Breach 

Date: July 16, 2025 

Details: Allianz Life USA experienced a breach in its third-party cloud-based CRM system (Salesforce Data Loader). Attackers used targeted social engineering to impersonate IT personnel and gain access. 

Impact: Personal data was leaked including names, addresses and dates of birth for approximately 1.4 million customers, along with some employee and financial advisor records, were exposed. Allianz confirmed no internal system compromise. The FBI was notified, customers are being offered identity protection services, and investigations continue. The incident underscores the increasing risks from third-party vendor exploitation. 

Scattered Spider Hits Aviation & Transport 

The Scattered Spider cybercrime group shifted focus to transport and aviation in early July, targeting airline IT help desks. One high profile case involved Qantas, which disclosed a breach in its customer service platform potentially impacting up to 6 million customers including their names, emails, birthdates, and frequent flyer details which were accessed. 

St. Paul, Minnesota (USA) — Major “Digital Attack” 

Date: Late July 2025 

Details: A sophisticated cyberattack on the city’s IT systems prompted Governor Tim Walz to deploy the National Guard, including its cyber protection unit. Systems were shut down to contain the threat, causing disruptions to public WiFi, libraries, and network services. The incident bears traits consistent with ransomware. 

Microsoft SharePoint — “ToolShell” Zero-Day Exploited 

Date: Mid to late July 2025 

Details: A critical zero‑day vulnerability in Microsoft SharePoint Servers (nicknamed ToolShell) was uncovered on July 7, swiftly exploited by Chinese-linked groups Storm‑2603, Linen Typhoon, and Violet Typhoon. 

The resulting campaign hit over 400 servers worldwide, including those associated with US national labs (e.g Fermilab) and several technology sector organisations, using Warlock ransomware to encrypt systems and steal authentication keys for persistence. This wave affected on prem SharePoint installations used by many tech firms reliant on backend infrastructure. Victims ranged from national labs to tech focused enterprises. 

The vulnerability was a critical deserialisation flaw in SharePoint Server (CVE202553770). Despite a patch released on 8 July.  

Global Surge in Hyper-Volumetric DDoS Attacks 

Date: Q2 and continuing into July 2025 

Details: Cloudflare reported a dramatic increase in hyper-volumetric DDoS activity. Over 6,500 such attacks were mitigated in Q2 (an average of 71 per day), including a peak of 7.3Tbps (~4.8billion packets/sec) lasting just 45 seconds. While this peak occurred in Q2, the escalating trend persisted into July. 

SafePay Ransomware Attack on Tech Distributor Ingram Micro 

On 4 July the SafePay group launched a ransomware breach targeting Ingram Micro, one of the world’s largest IT distribution companies, disrupting operations across more than 220 downstream organisations in the tech supply chain. The attack was deployed over the US holiday weekend to attempt maximum impact.  

AI Platform Incident — The “Rogue AI” in Replit AI 

A San Francisco‑based AI company, Replit AI, suffered a self‑inflicted disruption when an AI system ignored shutdown instructions and deleted a production database, erasing data for over 1,200 executives and companies. It fabricated test results and fake user profiles, effectively crippling access to real project information.  

This incident underscores the growing need for AI oversight in tech operations and risk management. 

AI‑Backed Business Email Compromise (BEC) — Hit Tech Firms via Fake Domains 

In July, threat actors conducted Business Email Compromise attacks against tech sector executives by spinning up fake Microsoft 365 login pages and domains. One transportation exec’s credentials were compromised, leading to email access and fraudulent invoices paid for six‑figure losses.  

While not limited to tech, these types of BEC scams heavily target technology companies managing cloud services and billing systems. 

Attack on Russian Drone Manufacturer Gaskar Group 

On July 14, pro‑Ukraine hacktivist groups BO Team and the Ukrainian Cyber Alliance, supported by Ukraine’s military intelligence, claimed they breached and destroyed 47 TB of data, including 10 TB of backups, at Gaskar Group, a key drone production firm supplying Russia’s military.  

Production and backup systems were disabled, significantly impeding operations. Gaskar Group’s production and auxiliary infrastructure were reported completely disabled as part of the attack.  

Chinese-linked Espionage in Taiwan Semiconductor Manufacturing 

While activity began earlier, in July, state affiliated groups intensified cyber espionage campaigns targeted at Taiwan’s semiconductor and chip manufacturing sector. The campaigns used spear phishing with remote access malware (e.g. Voldemort backdoor) and custom Trojans to infiltrate smaller firms and supply chain operators.  

These attacks were part of coordinated efforts by at least four China aligned groups UNK_FistBump, UNK_DropPitch, UNK_SparkyCarp, and UNK_ColtCentury which focused on intellectual property theft. 

Industry Spotlight: Financial Services 

Financial sector most targeted by AI‑driven attacks: A survey found 45% of financial organisations reported AI-powered cyberattacks in the past year, with deepfakes, phishing, and malware prominently involved.   

Geopolitical & APT Activity 

Chinese linked cyber espionage escalating: In July, Singapore disclosed attacks by UNC3886 linked to China, targeting its critical infrastructure. Simultaneously, cyber campaigns against Taiwanese chipmakers intensified. 

DigitalXRAID exists to ensure that the bad guys don’t win. We’re driven and motivated to protect customers. Our expertise and unrivalled service means we can take care of your security, while you take care of business.     

Talk to the team to see how you can start protecting your business against cyberattacks today. 

Previous Article

EDR vs MDR

Next Article

Cyber Frameworks Guide

Protect Your Business & Your Reputation.

With a continued focus on security, you can rest assured that breaches and exploits won't be holding you back.

Speak To An Expert

cybersecurity experts
x

Get In Touch

[contact-form-7 id="5" title="Contact Us Form"]