As your dedicated cybersecurity services provider, Cyberone equips you with timely and in-depth information about current cyber attacks. Discover a weekly cybersecurity report of the latest exploits and breaches shaping the ever-evolving cybersecurity landscape.
Weekly Cybersecurity Report | Week 14, 2025
Information security updates and events from the past week
1 – Cyberattack disrupts public transport services in Italy: Ticketing systems down
The electronic ticketing systems of the Italian transport company Mom were down for two days following a cyberattack, causing significant disruptions to service for passengers and students.
Details of the incident:
– The attack was directed against the servers of Plus Service, which operates the Telemaco platform
– The system serving several public transport companies was shut down for two full days
– The service only began to partially return yesterday, with the company expecting a return to full activity today
– The timing is particularly critical – right during the subscription renewal period for students and employees
Consequences of the attack:
– The service centers were flooded with inquiries from passengers
– Many were forced to purchase physical tickets as an alternative solution
– Additional costs and significant inconvenience were incurred
This attack joins similar incidents in Italian transport infrastructure, including the disruption of Trenitalia’s sales systems in December 2024, and highlights the urgent need to strengthen the protection systems for critical infrastructure in the country.
2 – Huge leak at Samsung Germany: 270,000 customer data published online
A hacker calling himself “GHNA” has published hundreds of thousands of support requests from Samsung Germany customers online, in a leak that security experts say was entirely preventable.
Details of the leak:
– Approximately 270,000 customer inquiries from the website
– The information includes full names, email addresses and residential addresses of customers
– Transaction details, order numbers, inquiry IDs and email addresses of Samsung representatives were also exposed
– The information was leaked for free and is available to anyone, including hostile parties
Source of the hack:
– According to security firm Hudson Rock, the leak is related to login data stolen by the Raccoon Infostealer software in 2021
– The credentials were from an employee of Spectos GmbH, which provides services to Samsung Germany’s customer inquiry system
3 – Large-scale cyberattack on Russian company Lukoil, in parallel with drone attacks in Ukraine
Russian oil company Lukoil suffered a large-scale cyberattack on March 26, 2025, when at the same time, Russia attacked the Cherkasy region in Ukraine using drones.
Cyberattack on Lukoil
– The company’s systems crashed on the morning of March 26
– Employees were unable to access work on computers.
– A malfunction message appeared on screens, raising suspicions of a hack.
– Employees were instructed not to log in to work accounts to prevent information leakage.
– Access to user systems and internal databases was blocked.
– The impact was felt at headquarters and regional branches.
– Recovery time unknown.
– This is not the first cyberattack on Lukoil. Last January, Ukraine’s defense intelligence attacked the Russian oil sector, with Lukoil a key target.
– These events highlight the multi-front war being waged in the region, with cyberattacks and military strikes affecting critical infrastructure.
https://newsukraine.rbc.ua/news/russian-lukoil-hit-by-large-scale-cyberattack-1742981848.html
4 – Interlock ransomware group allegedly hacks US munitions manufacturer linked to the Department of Defense
The Interlock ransomware group has released information it claims was stolen from AMTEC, a division of the National Defense Corporation. The company is a major supplier of advanced functions to the US Department of Defense.
Company Details:
– AMTEC is the world’s largest manufacturer of 40mm grenade ammunition and firing components (devices that activate the detonation mechanism)
– The company serves as the sole prime contractor for the U.S. Department of Defense for 40mm grenade ammunition
– Manufactures low and high velocity ammunition, including combat, training, illumination, and non-lethal versions
– Defined as a small business in the ammunition manufacturing classification
5 – Attempted Cyber Attack at Atlanta Airport
Last Friday, Hartsfield-Jackson Atlanta International Airport experienced an attempted denial of service (DoS) cyber-attack that briefly impacted the airport’s website.
The airport’s cyber team quickly identified the attack and activated protections to restore access to the site. The airport’s operations were not affected, and the site has returned to normal.
6 – A major data breach has occurred in the New South Wales (NSW) justice system in Australia, with around 9,000 sensitive files stolen, including violence prevention orders and affidavits.
The breach was discovered on Tuesday and led to an immediate investigation by the NSW Police Cyber Unit. The Department of Communities and Justice (DCJ) is working with investigators to assess the extent of the breach and strengthen security measures.
They are urging the public to be vigilant and report any suspicious activity involving their personal information.
7 – A hacking group called Codebreakers claims to have hacked into Sepha Bank in Iran and stolen 12TB of data (42 million customers).
The group is offering the data it stole from the bank for sale for $42 million and is posting on Telegram proof that it does indeed have the data, downloadable files and a list of people with the largest accounts. (In first place is an account with $182 million, which is a number with trailing zeros when converted to Iranian rials)
Sepha Bank is one of the largest and oldest banks in Iran, incorporating several different banks.
The cybersecurity attacks highlighted in this report aren’t just incidents, they’re blueprints of the adversary’s arsenal. To protect your business you need the right partner. Cyberone is here to help! Check out our services.
