Threat Pulse – May 2025
Each month, DigitalXRAID’s Security Operations Centre (SOC) analysts share the top threats affecting businesses globally. Take action to protect your organisation against these prolific threats.
If you’ve been affected by any of these threats, we’re here to help. You can call our Cyber Emergency line any time of the day or night for help with active cyberattacks.
DigitalXRAID’s SOC analysts constantly monitor for zero-day threats and update our signature databases using the most comprehensive Threat Intelligence and Open Threat Exchange databases available worldwide.
North Korean-linked Play Ransomware Campaign
A joint FBI and CISA advisory confirmed an intense surge of Play ransomware attacks throughout May, targeting over 900 organisations across North and South America and Europe. Victims included critical infrastructure providers and private businesses, heightening concerns over state-sanctioned cybercrime.
Scattered Spider Attacks on UK Retailers (M&S, Co-op, Harrods)
The Scattered Spider group, associated with DragonForce, used social engineering and SIM‑swapping to infiltrate the help desks at Marks & Spencer and Co‑op, causing data extraction, operational disruptions, and logistical issues. Harrods also faced system restrictions.
The UK NCSC has issued new guidance for verifying admin access. You can also read analysis from DigitalXRAID’s experts on Scattered Spider’s recent attacks, its technical evolution and best practices to protect your business.
Massive AT&T Data Leak
Roughly 86 million AT&T customer records. including 44 million plaintext Social Security numbers, were found online in decrypted form starting mid‑May. Although the breach may stem from last year’s Snowflake vulnerability, this exposure poses immediate risk for identity theft and fraud.
TxDOT Cyberattack
On 12 May, hackers compromised the Texas Department of Transportation’s Crash Records Information System, stealing data from approximately 423,000 individuals across 300,000 crash reports, covering personal and vehicle details. The incident prompted the formation of the Texas Cyber Command.
Coca-Cola Middle East Ransomware Leak
The Everest ransomware gang leaked sensitive employee documents after Coca‑Cola ME refused a $20 million ransom. This highlights deeper vulnerabilities in the company’s global IT infrastructure.
Coinbase Insider-assisted Data Leak
Nearly 70,000 Coinbase users had personal data exposed via an insider-leak scheme. Orchestrated by overseas contractors bribed to steal data, the breach led Coinbase to publicly offer a $20 million reward for intel on the perpetrators.
Dior Database Breach
On 15 May, luxury giant Dior confirmed an unauthorised entry into its customer database. While no payment card data was leaked, personal and purchase histories were exfiltrated, raising risks of targeted phishing and high-end fraud.
4 Billion Records from Chinese Users Exposed
Researchers uncovered an unprotected 631GB database that exposed ~4 billion user records, including personally identifiable and financial information. It reportedly included over 805 million WeChat profiles and was quickly taken offline.
India–Pakistan State-linked Cyber Tensions
On 6May, Pakistani hackers, claiming to breach Indian defence websites, defaced a state-owned firm site and allegedly leaked personnel data. Concurrently, Indian hacktivists reportedly mined and released data (including CCTV feeds and tax files) from Pakistani sources, escalating cyber hostilities across the two countries.
LockBit Ransomware Group Hacked
LockBit’s dark web infrastructure was breached on or around the 8th May, reportedly releasing internal chats and victim communications. Analysts called it a major embarrassment that may weaken their continued operations.
DigitalXRAID exists to ensure that the bad guys don’t win. We’re driven and motivated to protect customers. Our expertise and unrivalled service means we can take care of your security, whilst you take care of business.
Talk to the team to see how you can start protecting your business against cyberattacks today.
