Weekly Cybersecurity Report | Week 34, 2025

As your dedicated cybersecurity services provider, Cyberone equips you with timely and in-depth information about current cyber attacks. Discover a weekly cybersecurity report of the latest exploits and breaches shaping the ever-evolving cybersecurity landscape.

Weekly Cybersecurity Report | Week 34, 2025

Information security updates and events from the past week

1. iiNet Data Breach (Australia)

   On August 16, Australian internet service provider iiNet, part of TPG Telecom, confirmed it had suffered a significant breach after hackers obtained stolen employee credentials.

   • Data Exposed: approximately 280,000 active email addresses, 20,000 landline numbers, 10,000 usernames, customer addresses and phone numbers, and ~1,700 modem setup passwords.
   • Impact: Although no financial data, IDs, or credit card details were stolen, the leaked information is sufficient for phishing campaigns, credential stuffing, and social engineering attacks.
   • Response: iiNet activated its emergency incident response plan, involved the Australian Cyber Security Centre (ACSC), notified affected customers, and established a dedicated helpline.
   • Significance: This attack highlights the growing risks for telecommunications providers, whose large databases of contact details are attractive for criminal monetization.

2. UK MoD-Linked Contractor Breach (United Kingdom)

   A cyberattack struck Inflite the Jet Centre Ltd., a private contractor with ties to the UK Ministry of Defence, exposing sensitive personal data.

   • Victims: ~3,700 individuals, including Afghan refugees, civil servants, soldiers, and journalists who traveled through Stansted Airport between January–March 2024.
   • Attack Vector: Hackers compromised corporate email accounts, leading to unauthorized data access.
   • Impact: Though no core government or MoD systems were breached, the stolen data includes names, travel records, and other identifiers, raising security and privacy concerns.
   • Response: UK authorities launched an investigation, focusing on potential nation-state involvement due to the sensitive nature of the victims.
   • Significance: The breach could put Afghan refugees and journalists at physical risk if hostile actors use the data to trace individuals.

3. FBI Warning: Russian Espionage on Critical Infrastructure (USA & Global)

   The FBI and Cisco revealed a large-scale cyber-espionage operation tied to Russia’s FSB intelligence agency.

   • Exploit: Attackers leveraged an old vulnerability in Cisco IOS (router/switch firmware) to gain unauthorized configuration access.
   • Scope: Thousands of devices in telecommunications, higher education, and manufacturing across the U.S. and allied nations were targeted.
   • Persistence: The campaign has been ongoing for over a year, providing attackers with stealthy, long-term access.
   • Threat: Potential for network manipulation, surveillance, and disruption of critical infrastructure services.
   • Response: Cisco released updated advisories urging organizations to retire legacy systems and implement network segmentation and monitoring.
   • Significance: Demonstrates how unpatched legacy systems remain a critical national security vulnerability.

4. India Tops AI-Driven Malware & Ransomware Attacks

   A new Acronis report placed India as the top country for endpoint malware detections globally.

   • Statistics: India accounted for 12.4% of observed global attacks, outpacing the U.S. and European nations.
   • Trends: Cybercriminals increasingly use AI tools to:
     • Automate ransomware code development.
     • Generate polymorphic malware variants to bypass defenses.
     • Personalize phishing emails to increase success rates.
   • Attack Vectors: Email systems, Microsoft 365, and collaboration tools (Slack, Teams).
   • Impact: Rising cases of ransomware paralysing SMEs and government services.
   • Significance: India’s role as a global IT hub makes it an attractive test ground for large-scale attacks, with potential spillover globally.

5. Trojan 1337 Defacements (Bangladesh & Punjab, Pakistan)

   The hacking group Trojan 1337, known for politically motivated attacks, launched multiple website defacements.

   • Targets (Bangladesh):
     • Savar Union Parishad
     • Rupnagar Secondary School
     • University of Dhaka
     • Dhaka WASA SCADA system (critical infrastructure)
   • Timing: Attacks coincided with India’s Independence Day (August 15), suggesting symbolic intent.
   • Expansion: On August 19, the group also defaced the Punjab Provincial Assembly official website in Pakistan.
   • Impact: While defacements are low skill compared to ransomware, the attack on SCADA systems raises concerns about attackers gaining potential ICS/OT footholds.
   • Significance: Trojan 1337 is using hacktivism as a political statement, but targeting SCADA shows ambitions toward critical infrastructure disruption.

6. Workday Data Breach via Salesforce Attack (Global)

   Workday, a leading HR and finance SaaS provider, disclosed on August 18 that its systems were indirectly affected by a Salesforce-related breach.

   • Cause: Hackers exploited social engineering to gain access to Salesforce CRM accounts used by Workday.
   • Data Exposed: Business contact details (names, work emails, phone numbers) of customers and partners.
   • Impact: No access to Workday customer tenant systems or payroll data, but attackers may use leaked information for targeted phishing campaigns.
   • Response: Workday is collaborating with Salesforce to strengthen 3rd-party access controls.
   • Significance: Demonstrates the supply-chain risk of SaaS interconnectivity: even if Workday was secure, the compromise of Salesforce accounts exposed Workday clients.

7. New York State Health Department Cybersecurity Advisory (USA)

   On August 20, the New York State Department of Health issued a cybersecurity advisory tied to escalating U.S.–Iran tensions.

   • Context: Issued days after U.S. airstrikes on Iranian nuclear sites.
   • Warning: Increased likelihood of retaliatory cyberattacks from Iran-affiliated APT groups, targeting:
     • U.S. healthcare networks
     • State/local government services
     • Energy and transportation infrastructure
   • Preparedness: The advisory urged organizations to update patching, monitor for lateral movement, and review incident response playbooks.
   • Significance: Reinforces how geopolitical conflicts translate directly into cyber threat escalation for civilian infrastructure.

The cybersecurity attacks highlighted in this report aren’t just incidents, they’re blueprints of the adversary’s arsenal. To protect your business you need the right partner. Cyberone is here to help! Check out our services.