{"id":9676,"date":"2025-03-17T10:31:51","date_gmt":"2025-03-17T07:31:51","guid":{"rendered":"https:\/\/cyberone.bg\/?p=9676"},"modified":"2025-03-17T10:31:51","modified_gmt":"2025-03-17T07:31:51","slug":"weekly-cybersecurity-report-week-11-2025","status":"publish","type":"post","link":"https:\/\/cyberone.bg\/en\/weekly-cybersecurity-report-week-11-2025","title":{"rendered":"Weekly Cybersecurity Report | Week 11, 2025"},"content":{"rendered":"<p>As your dedicated cybersecurity services provider,<strong>\u00a0<a href=\"https:\/\/cyberone.bg\/\">Cyberone<\/a><\/strong>\u00a0equips you with timely and in-depth information about current cyber attacks. Discover a weekly cybersecurity report of the latest exploits and breaches shaping the ever-evolving cybersecurity landscape.<\/p>\n<h2>Weekly Cybersecurity Report | Week 11, 2025<\/h2>\n<h3><strong>1 \u2013 An attacker calling himself \u201cX0Frankenstein\u201d claims to have hacked into the database of banking and financial giant JPMorgan Chase and published sensitive information on 8,880 customers.<\/strong><\/h3>\n<p>The information allegedly exposed includes highly personal customer details.<\/p>\n<p>Type of information: Email addresses, full names, residential addresses, phone numbers, gender and dates of birth<\/p>\n<h3><strong>2 \u2013 Jaguar Land Rover (JLR) hit by major data leak: internal documents and employee data exposed<\/strong><\/h3>\n<p>A member of the BreachForums forum posted information about a hack into the company, which includes the leak of sensitive internal documents and employee data.<\/p>\n<p>Scope of the leak:<\/p>\n<p>\u2013 Approximately 700 internal company documents<\/p>\n<p>\u2013 Development logs, tracking data and source code<\/p>\n<p>\u2013 Employee data database including usernames, email addresses, display names and time zones<\/p>\n<p>Jaguar Land Rover, a well-known global automotive brand with reported revenues of $29.9 billion, has yet to officially respond to the leak.<\/p>\n<p><a href=\"https:\/\/www.cybersecurity-insiders.com\/data-breach-stories-of-bank-of-america-and-jaguar-land-rover\/\">https:\/\/www.cybersecurity-insiders.com\/data-breach-stories-of-bank-of-america-and-jaguar-land-rover\/<\/a><\/p>\n<p><strong>3 \u2013 Researcher identifies Egyptian hacker behind Platform X DDoS attack<\/strong><\/p>\n<p>Security researcher Robert has published an interesting intelligence analysis that he claims identifies the likely perpetrator of the DDoS attack that took down Platform X this week. The investigation points to an Egyptian student named Mohamed Hani, who operates under the aliases \u201cDrSinaway\u201d and \u201cMRHELL112\u201d.<\/p>\n<p>Key findings of the investigation:<\/p>\n<p>\u2013 The group\u2019s leader, MRHELL112, has previously used aliases such as Darkcrr and GLITCHAT1<\/p>\n<p>\u2013 Links found between DrSinaway and another group called \u201cCyberSorcerers\u201d<\/p>\n<p>\u2013 The researcher was able to locate an email address (drsinaway.crypto@gmail.com) and a partial Egyptian phone number<\/p>\n<p>\u2013 Further searching led to the Linktree profile and Facebook account of an Egyptian student named Mohamed Hani<\/p>\n<p>Robert also found that around August-September 2023, Mohamed was looking for a team and joined a Telegram channel associated with DDoS to align with a Russian group, claiming that it was \u201cfor the benefit of Russia and the Arab world.\u201d<\/p>\n<p>The researcher noted that Mohamed is not acting alone and has at least one accomplice, but more details on this will be published later. All information related to the investigation, including the connection graph, can be found in the attached link.<\/p>\n<p>\u00a0<\/p>\n<h3><strong>4 \u2013 Russian hackers exploit Signal to spy on users and read their messages<\/strong><\/h3>\n<p>A Google research group has uncovered a series of espionage operations carried out by Russian hackers targeting users of the secure messaging app Signal. The main targets include military personnel, politicians and activists who use the app for sensitive communications.<\/p>\n<p>The vulnerability of the application:<\/p>\n<p>\u2013 The hackers exploit the \u201clinked devices\u201d feature of Signal \u2013 a feature that allows the user to log in to their account from multiple devices (such as a phone and a computer) at the same time<\/p>\n<p>\u2013 The attackers send fake QR codes or links to fake websites<\/p>\n<p>\u2013 When the victim scans the code, he essentially approves linking his account to the attackers\u2019 device<\/p>\n<p>\u2013 Once connected, the attackers receive a copy of all messages sent and received on the victim\u2019s account<\/p>\n<p>The attack groups and their methods:<\/p>\n<p>\u2013 The UNC5792 group modifies legitimate group invitations and displays fake websites<\/p>\n<p>\u2013 The UNC4221 group: created websites that imitate Ukrainian military systems to lure users<\/p>\n<p>\u2013 The APT44 (Sandworm) group uses devices captured from Ukrainian soldiers to gain access to accounts<\/p>\n<p>\u2013 The Turla and UNC1151 groups: directly hack into Signal databases on Windows and Android devices<\/p>\n<p>The Signal application is considered one of the most secure messaging apps, and it provides full encryption for communication between users. Precisely because of the high level of security, it is used by people who care about protecting their privacy \u2013 which makes it an attractive target for spies.<\/p>\n<p>Recommendations for users include periodically checking the list of devices connected to the Signal account (this can be found in the app settings), removing unidentified devices, and avoiding scanning QR codes or clicking on links from unknown sources.<\/p>\n<h3><strong>5 \u2013 City on the Texas-Mexico border declares a state of emergency following a cyberattack on city systems<\/strong><\/h3>\n<p>The city government of Mission, Texas, declared a state of emergency this week after a cyberattack that exposed all the information stored in city systems. The city has a population of more than 87,000, is one of the largest in Hidalgo County and is located on the border with Mexico.<\/p>\n<p>Details of the attack:<\/p>\n<p>\u2013 The city government notified residents of the incident on Wednesday<\/p>\n<p>\u2013 The attack began on February 28 and required the shutdown of systems<\/p>\n<p>\u2013 Authorities claimed that emergency services were still operating, but local media reported that officers were unable to check vehicle and driver\u2019s licenses in the databases<\/p>\n<p>\u2013 The mayor warned against exposing sensitive personal information, medical information, civil and criminal records and other data<\/p>\n<p>Emergency measures:<\/p>\n<p>\u2013 Mayor Nori Gonzalez Garza sent a letter to the governor of Texas on Tuesday<\/p>\n<p>\u2013 She asked him to declare a broader state of emergency for the city<\/p>\n<p>\u2013 At the same time, she herself filed a local disaster declaration<\/p>\n<p>\u2013 A state-level declaration would allow the release of emergency funds to deal with the incident<\/p>\n<p>In the past six months, local governments in Texas have been repeatedly attacked by ransomware, which has disabled municipal systems and restricted access to hospitals, energy facilities and oil companies. Matagorda County, about a four-hour drive from Mission, recently declared its own state of disaster following a cyberattack in January.<\/p>\n<h3><strong>6 \u2013 Endless Mountains Health Systems (EMHS) in Pennsylvania announced that it was suffering from a cyberattack that disrupted some of its computer systems.<\/strong><\/h3>\n<p>Starting on March 3, the company began reporting communication problems with certain services, and advised patients to bring ID, insurance cards, a list of medications, a list of allergies, and referrals for labs or imaging.<\/p>\n<p>EMHS also posted alternative phone numbers for scheduling appointments at various medical centers.<\/p>\n<p>No ransomware group has claimed responsibility for the attack currently.<\/p>\n<h3><strong>7 \u2013 National Presto Industries, a company that manufactures and markets home appliances, reports that it is suffering from a cyberattack that began earlier this month.<\/strong><\/h3>\n<p>The attack caused the company\u2019s systems to shut down, affecting shipping, receiving, production, and more.<\/p>\n<p>No ransomware group has claimed responsibility for the attack currently.<\/p>\n<h3><strong>8 \u2013 Japanese telecommunications company NTT Communications Corporation announced that information on approximately 17,891 business customers was leaked following a cyberattack.<\/strong><\/h3>\n<p>The company discovered the breach on February 5, 2025, and blocked unauthorized access the next day. However, on February 15, it was revealed that information such as customer names, representative names, contract numbers, phone numbers, email addresses, physical addresses, and service usage information was exposed to the attackers.<\/p>\n<p>The company emphasized that information on individual customers was not exposed.<\/p>\n<p>\u00a0<\/p>\n<p><strong><em>The cybersecurity attacks highlighted in this report aren\u2019t just incidents, they\u2019re blueprints of the adversary\u2019s arsenal. To protect your business you need the right partner. Cyberone is here to help! Check out our <a href=\"https:\/\/cyberone.bg\/en\/services\">services<\/a>.<\/em><\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>As your dedicated cybersecurity services provider,\u00a0Cyberone\u00a0equips you with timely and in-depth information about current cyber attacks. Discover a weekly cybersecurity report of the latest exploits and breaches shaping the ever-evolving cybersecurity landscape. Weekly Cybersecurity Report | Week 11, 2025 1 \u2013 An attacker calling himself \u201cX0Frankenstein\u201d claims to have hacked into the database of banking [&hellip;]<\/p>\n","protected":false},"author":6,"featured_media":8603,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[58],"tags":[],"class_list":["post-9676","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-weekly-cyber-updates"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/posts\/9676","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/comments?post=9676"}],"version-history":[{"count":1,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/posts\/9676\/revisions"}],"predecessor-version":[{"id":9677,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/posts\/9676\/revisions\/9677"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/media\/8603"}],"wp:attachment":[{"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/media?parent=9676"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/categories?post=9676"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/tags?post=9676"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}