DigitalXRAID

Threat Pulse – March 2025

Each month, DigitalXRAID’s Security Operations Centre (SOC) analysts share the top threats affecting businesses globally. Take action to protect your organisation against these prolific threats. 

If you’ve been affected by any of these threats, we’re here to help. You can call our Cyber Emergency line any time of the day or night for help with active cyberattacks.

DigitalXRAID’s SOC analysts constantly monitor for zero-day threats and update our signature databases using the largest Open Threat Exchange database available. 

Orange Group Breach by HellCat Ransomware Group 

The HellCat ransomware group, led by an attacker identified as “Rey,” infiltrated Orange Group’s Romanian operations. The breach resulted in the theft of 6.5GB of data, including 380,000 email addresses, internal documents, source code, invoices, contracts, and partial payment card details. The attackers exploited compromised credentials and vulnerabilities in Orange’s Jira software and internal portals, maintaining undetected access for over a month. 

Medusa Ransomware Attack on HCRG Care Group 

The Medusa ransomware group exfiltrated approximately 50TB of data from British healthcare provider HCRG Care Group. The stolen data included NTDS logs of the corporate network, exposing sensitive information. Medusa’s actions led to operational disruptions within HCRG, prompting the company to engage in public statements addressing the incident.   

Qilin Ransomware Attack on Lee Enterprises 

The Qilin ransomware group targeted Lee Enterprises, a major US-based media company, disrupting operations and exfiltrating 350GB of data. The stolen data encompassed government ID scans, financial documents, contracts, and non-disclosure agreements. Qilin threatened to release the full data trove if ransom demands were not met, leading Lee Enterprises to report the attack to the U.S. Securities and Exchange Commission (SEC).

AI-Driven Cyber Threats and Defences 

Cybercriminals are increasingly utilising artificial intelligence (AI) to enhance the sophistication and effectiveness of their attacks. AI enables the creation of highly personalised phishing campaigns, realistic deepfake content, and advanced malware, making it more challenging to distinguish between legitimate and malicious communications. In response, organisations are adopting AI and machine learning technologies to bolster their cybersecurity measures, enabling proactive threat detection and real-time responses to emerging threats.   

Quantum Computing Threats 

The rapid development of quantum computing presents significant challenges to current encryption methods. Quantum computers have the potential to break traditional cryptographic techniques, exposing sensitive data to new risks. To address this, cybersecurity experts are developing quantum-resistant algorithms and updating security protocols to safeguard data against future quantum attacks.   

North Korean Lazarus Group’s Malware Campaigns  

North Korean hackers, identified as the Lazarus group, were implicated in widespread malware campaigns targeting various industries. They utilised platforms like npm to distribute malicious packages, infecting hundreds of systems. Additionally, they employed Russia-linked ransomware for extortion, highlighting the evolving tactics of state-sponsored APT groups. 

NightSpire Ransomware Attack on Tohpe Corporation 

Tohpe Corporation, a Japanese manufacturer specialising in paints and high-performance materials, fell victim to the NightSpire ransomware group. Attackers encrypted approximately 159 GB of confidential data, including sensitive organisational information. NightSpire employs double extortion tactics, threatening both data encryption and leakage unless ransoms are paid. This group primarily targets countries such as Hong Kong, Taiwan, Singapore, Thailand, and Japan, affecting industries including manufacturing.

RevivalStone Campaign Targeting Japanese Manufacturing Firms  

The Winnti group (also known as APT41) initiated a cyber espionage campaign dubbed “RevivalStone,” targeting Japanese companies, including those in the manufacturing sector. Attackers exploited vulnerabilities in a managed service provider’s ERP system, deploying web shells to gain initial access. Leveraging the MSP’s infrastructure, they infiltrated multiple client organisations across various sectors, underscoring the risks associated with third-party service providers.

RansomHub Ransomware Attack on HexoSys Group  

HexoSys Group, a Malaysian technology company providing engineering services, was compromised by the RansomHub ransomware group. Attackers exfiltrated approximately 336 GB of data, including contracts, blueprints, source codes, and sensitive employee information. RansomHub operates as a Ransomware-as-a-Service (RaaS), employing double extortion tactics and targeting various industries, including manufacturing. 

Horizon Actuarial Services Breach  

Horizon Actuarial Services experienced a significant breach traced all the way back to November 2024. Attackers accessed sensitive data related to clients, including major entities like the Major League Baseball Players Benefit Plan and the New York Teamsters Conference Pension and Retirement Fund. The breach exposed personal and financial information of thousands, emphasising the need for robust cybersecurity measures within financial institutions.

Sudler Property Management Ransomware Incident  

Sudler Property Management, a prominent real estate firm, suffered a ransomware attack affecting approximately 8,860 individuals. While specific data compromised was not detailed, the breach underscores the interconnectedness of financial and real estate sectors and the pervasive nature of ransomware threats.  

Cyberattacks on Spanish Government Websites  

Following Spain’s announcement of support for Ukraine, multiple Spanish institutions, including government ministries and private companies like El Corte Inglés, experienced Distributed Denial-of-Service (DDoS) attacks. Russian hacker groups claimed responsibility, suggesting these actions were part of a broader hybrid warfare strategy against the European Union.  

Breach of Poland’s Space Agency  

Polska Agencja Kosmiczna (PAK), Poland’s national space agency, detected unauthorised access to its IT infrastructure. While specific details about the perpetrators were not disclosed, the incident aligns with a pattern of cyberattacks targeting European governmental agencies, potentially implicating Russian state-sponsored actors.

Ransomware Attack on Bulgaria’s Supreme Administrative Court  

The Bulgarian Supreme Administrative Court suffered a ransomware intrusion resulting in the exfiltration of approximately 3.5 terabytes of data, including sensitive information about judges. The breach has been attributed to Russian military intelligence, highlighting the use of ransomware as a tool for cyber espionage. 

ATP Tour Data Breach  

The ATP Tour experienced a significant data breach when confidential medical records of players were leaked online. The breach was detected after the unauthorised release of data, prompting immediate actions to notify affected individuals, collaborate with cybersecurity experts, and enhance security measures. The incident resulted in reputational harm, legal concerns, and financial costs associated with the response and system improvements. 

Volt Typhoon Breach of U.S. Power Utility  

Between February and November 2023, the China-linked APT group Volt Typhoon infiltrated the operational technology network of Littleton Electric Light and Water Departments (LELWD) in Massachusetts. The breach remained undetected for months, emphasising the need for enhanced cybersecurity measures in critical infrastructure. 

McKim & Creed Ransomware Attack  

Between 1-20 March 2025, McKim & Creed, a US-based engineering and surveying firm, fell victim to a ransomware attack attributed to the LockBit 3.0 group. The breach compromised confidential and sensitive information, including data related to civil, environmental, mechanical, electrical, plumbing, and structural engineering projects. The stolen data had not appeared on the group’s leak site, suggesting ongoing negotiations. 

Cyberattack on Ukrzaliznytsia  

On 23 March 2025, Ukraine’s state-owned railway company, Ukrzaliznytsia, suffered a large scale cyberattack that disrupted passenger and freight transport systems. The attack led to the failure of the company’s IT systems, forcing passengers to purchase tickets on-site or aboard trains. While the company has partially restored online services, technical interruptions persist due to high demand. Ukrainian officials suspect Russian involvement in the attack.   

Bank Sepah Breach 

In early March, the hacker collective “Codebreakers” claimed to have infiltrated Bank Sepah, Iran’s oldest financial institution, alleging access to over 42 million customer records. The group demanded $42 million in Bitcoin, which the bank refused, leading to partial data leaks, including information on senior officials and military personnel.

Western Sydney University Data Theft  

In early March, Western Sydney University suffered a cyberattack leading to the theft of data from approximately 10,000 students. The stolen information included demographic, enrolment, and course progress details, which were later found on the dark web.   

Ransomware Attacks on Multiple Organisations 

Throughout March, several organisations fell victim to ransomware attacks, including: 

  • Ganong Bros (Canada) – Data compromised by the Play ransomware group.
  • Bell Ambulance – 219.5 GB of data leaked by the Medusa group. 
  • CO.GE.S.I. – Healthcare provider targeted by the LockBit 3.0 group. 
  • Pre Con Industries and Optometrics – Both affected by the Play ransomware group.   

University of Rennes Ransomware Attack 

On March 8, the University of Rennes in France was targeted by the Funksec ransomware group, which claimed to have stolen 50 GB of personal and institutional data. The university has not confirmed the breach but is investigating the claims.   

Bouches-du-Rhône Department Website Attack 

On 10 March the website of the Bouches-du-Rhône department in southern France was rendered inaccessible due to multiple cyberattacks. A pro-Russian hacker group claimed responsibility for the attack on their Telegram channel.   

Dark Storm Team DDoS Attack on X (Twitter) 

On 10 March the pro-Palestinian hacker group Dark Storm Team launched a large-scale DDoS attack on X (formerly Twitter), causing multiple outages. The group claimed responsibility, citing political motivations related to the platform’s policies.

DigitalXRAID exists to ensure that the bad guys don’t win. We’re driven and motivated to protect customers. Our expertise and unrivalled service means we can take care of your security, whilst you take care of business.    

Talk to the team to see how you can start protecting your business against cyberattacks today. 

Previous Article

Host-Based Intrusion Detection System

Next Article

Understanding Red Team Exercises

Protect Your Business & Your Reputation.

With a continued focus on security, you can rest assured that breaches and exploits won't be holding you back.

Speak To An Expert

cybersecurity experts
x

Get In Touch

[contact-form-7 id="5" title="Contact Us Form"]
DigitalXRAID
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.