{"id":9692,"date":"2025-04-07T14:17:03","date_gmt":"2025-04-07T11:17:03","guid":{"rendered":"https:\/\/cyberone.bg\/?p=9692"},"modified":"2025-04-07T14:17:03","modified_gmt":"2025-04-07T11:17:03","slug":"weekly-cybersecurity-report-week-14-2025","status":"publish","type":"post","link":"https:\/\/cyberone.bg\/en\/weekly-cybersecurity-report-week-14-2025","title":{"rendered":"Weekly Cybersecurity Report | Week 14, 2025"},"content":{"rendered":"<p>As your dedicated cybersecurity services provider,<strong>\u00a0<a href=\"https:\/\/cyberone.bg\/\">Cyberone<\/a><\/strong>\u00a0equips you with timely and in-depth information about current cyber attacks. Discover a weekly cybersecurity report of the latest exploits and breaches shaping the ever-evolving cybersecurity landscape.<\/p>\n<h2>Weekly Cybersecurity Report | Week 14, 2025<\/h2>\n<p>\u00a0<\/p>\n<p><strong><u>Information security updates and events from the past we<\/u><\/strong><strong><u>ek<\/u><\/strong><\/p>\n<h3><strong>1 \u2013 Cyberattack disrupts public transport services in Italy: Ticketing systems down<\/strong><\/h3>\n<p>The electronic ticketing systems of the Italian transport company Mom were down for two days following a cyberattack, causing significant disruptions to service for passengers and students.<\/p>\n<p>Details of the incident:<\/p>\n<p>\u2013 The attack was directed against the servers of Plus Service, which operates the Telemaco platform<\/p>\n<p>\u2013 The system serving several public transport companies was shut down for two full days<\/p>\n<p>\u2013 The service only began to partially return yesterday, with the company expecting a return to full activity today<\/p>\n<p>\u2013 The timing is particularly critical \u2013 right during the subscription renewal period for students and employees<\/p>\n<p>Consequences of the attack:<\/p>\n<p>\u2013 The service centers were flooded with inquiries from passengers<\/p>\n<p>\u2013 Many were forced to purchase physical tickets as an alternative solution<\/p>\n<p>\u2013 Additional costs and significant inconvenience were incurred<\/p>\n<p>This attack joins similar incidents in Italian transport infrastructure, including the disruption of Trenitalia\u2019s sales systems in December 2024, and highlights the urgent need to strengthen the protection systems for critical infrastructure in the country.<\/p>\n<h3><strong>2 \u2013 Huge leak at Samsung Germany: 270,000 customer data published online<\/strong><\/h3>\n<p>A hacker calling himself \u201cGHNA\u201d has published hundreds of thousands of support requests from Samsung Germany customers online, in a leak that security experts say was entirely preventable.<\/p>\n<p>Details of the leak:<\/p>\n<p>\u2013 Approximately 270,000 customer inquiries from the website<\/p>\n<p>\u2013 The information includes full names, email addresses and residential addresses of customers<\/p>\n<p>\u2013 Transaction details, order numbers, inquiry IDs and email addresses of Samsung representatives were also exposed<\/p>\n<p>\u2013 The information was leaked for free and is available to anyone, including hostile parties<\/p>\n<p>Source of the hack:<\/p>\n<p>\u2013 According to security firm Hudson Rock, the leak is related to login data stolen by the Raccoon Infostealer software in 2021<\/p>\n<p>\u2013 The credentials were from an employee of Spectos GmbH, which provides services to Samsung Germany\u2019s customer inquiry system<\/p>\n<h3><strong>3 \u2013 Large-scale cyberattack on Russian company Lukoil, in parallel with drone attacks in Ukraine<\/strong><\/h3>\n<p>Russian oil company Lukoil suffered a large-scale cyberattack on March 26, 2025, when at the same time, Russia attacked the Cherkasy region in Ukraine using drones.<\/p>\n<p>Cyberattack on Lukoil<\/p>\n<p>\u2013 The company\u2019s systems crashed on the morning of March 26<\/p>\n<p>\u2013 Employees were unable to access work on computers.<\/p>\n<p>\u2013 A malfunction message appeared on screens, raising suspicions of a hack.<\/p>\n<p>\u2013 Employees were instructed not to log in to work accounts to prevent information leakage.<\/p>\n<p>\u2013 Access to user systems and internal databases was blocked.<\/p>\n<p>\u2013 The impact was felt at headquarters and regional branches.<\/p>\n<p>\u2013 Recovery time unknown.<\/p>\n<p>\u2013 This is not the first cyberattack on Lukoil. Last January, Ukraine\u2019s defense intelligence attacked the Russian oil sector, with Lukoil a key target.<\/p>\n<p>\u2013 These events highlight the multi-front war being waged in the region, with cyberattacks and military strikes affecting critical infrastructure.<\/p>\n<p>\u00a0<\/p>\n<p><a href=\"https:\/\/newsukraine.rbc.ua\/news\/russian-lukoil-hit-by-large-scale-cyberattack-1742981848.html\">https:\/\/newsukraine.rbc.ua\/news\/russian-lukoil-hit-by-large-scale-cyberattack-1742981848.html<\/a><\/p>\n<h3><strong>4 \u2013 Interlock ransomware group allegedly hacks US munitions manufacturer linked to the Department of Defense<\/strong><\/h3>\n<p>The Interlock ransomware group has released information it claims was stolen from AMTEC, a division of the National Defense Corporation. The company is a major supplier of advanced functions to the US Department of Defense.<\/p>\n<p>Company Details:<\/p>\n<p>\u2013 AMTEC is the world\u2019s largest manufacturer of 40mm grenade ammunition and firing components (devices that activate the detonation mechanism)<\/p>\n<p>\u2013 The company serves as the sole prime contractor for the U.S. Department of Defense for 40mm grenade ammunition<\/p>\n<p>\u2013 Manufactures low and high velocity ammunition, including combat, training, illumination, and non-lethal versions<\/p>\n<p>\u2013 Defined as a small business in the ammunition manufacturing classification<\/p>\n<h3><strong>5 \u2013 Attempted Cyber \u200b\u200bAttack at Atlanta Airport<\/strong><\/h3>\n<p>Last Friday, Hartsfield-Jackson Atlanta International Airport experienced an attempted denial of service (DoS) cyber-attack that briefly impacted the airport\u2019s website.<\/p>\n<p>The airport\u2019s cyber team quickly identified the attack and activated protections to restore access to the site. The airport\u2019s operations were not affected, and the site has returned to normal.<\/p>\n<h3><strong>6 \u2013 A major data breach has occurred in the New South Wales (NSW) justice system in Australia, with around 9,000 sensitive files stolen, including violence prevention orders and affidavits.<\/strong><\/h3>\n<p>The breach was discovered on Tuesday and led to an immediate investigation by the NSW Police Cyber \u200b\u200bUnit. The Department of Communities and Justice (DCJ) is working with investigators to assess the extent of the breach and strengthen security measures.<\/p>\n<p>They are urging the public to be vigilant and report any suspicious activity involving their personal information.<\/p>\n<h3><strong>7 \u2013 A hacking group called Codebreakers claims to have hacked into Sepha Bank in Iran and stolen 12TB of data (42 million customers).<\/strong><\/h3>\n<p>The group is offering the data it stole from the bank for sale for $42 million and is posting on Telegram proof that it does indeed have the data, downloadable files and a list of people with the largest accounts. (In first place is an account with $182 million, which is a number with trailing zeros when converted to Iranian rials)<\/p>\n<p>Sepha Bank is one of the largest and oldest banks in Iran, incorporating several different banks.<\/p>\n<p>\u00a0<\/p>\n<p><strong><em>The cybersecurity attacks highlighted in this report aren\u2019t just incidents, they\u2019re blueprints of the adversary\u2019s arsenal. To protect your business you need the right partner. Cyberone is here to help! Check out our <a href=\"https:\/\/cyberone.bg\/en\/services\">services<\/a>.<\/em><\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>As your dedicated cybersecurity services provider,\u00a0Cyberone\u00a0equips you with timely and in-depth information about current cyber attacks. Discover a weekly cybersecurity report of the latest exploits and breaches shaping the ever-evolving cybersecurity landscape. Weekly Cybersecurity Report | Week 14, 2025 \u00a0 Information security updates and events from the past week 1 \u2013 Cyberattack disrupts public transport [&hellip;]<\/p>\n","protected":false},"author":6,"featured_media":8612,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[58],"tags":[],"class_list":["post-9692","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-weekly-cyber-updates"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/posts\/9692","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/comments?post=9692"}],"version-history":[{"count":1,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/posts\/9692\/revisions"}],"predecessor-version":[{"id":9693,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/posts\/9692\/revisions\/9693"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/media\/8612"}],"wp:attachment":[{"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/media?parent=9692"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/categories?post=9692"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/tags?post=9692"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}