As your dedicated cybersecurity services provider, Cyberone equips you with timely and in-depth information about current cyber attacks. Discover a weekly cybersecurity report of the latest exploits and breaches shaping the ever-evolving cybersecurity landscape.
Weekly Cybersecurity Report | Week 30, 2025
Information security updates and events from the past week
1 Iranian Hackers Attack Airlines Worldwide, Stealing Millions of Passengers’ Information
The APT39 hacking group, linked to Iran’s Ministry of Intelligence and Security (MOIS), has been revealed to be operating through an Iranian company called Amnban that posed as a cybersecurity firm. The company stole personal information from millions of airline passengers worldwide, including passport numbers and residential addresses.
Which airlines were affected:
Dozens of airlines around the world were affected, including Royal Jordanian, Turkish Airlines, Wizz Air, Rwanda Airlines, Etihad, Emirates, Qatar Airways, Oman Air, Kenya Airways, Air Tanzania, Air Botswana, LOT Airlines, AZAL, FlyDubai, Air Arabia, Azimuth Airlines, Ukraine International Airlines, Uganda Airlines, and Zambia Airways. Shipping companies such as FedEx, DHL, USPS, and Aramex were also affected.
What exactly was stolen:
Passport numbers of passengers, home addresses and contact details, recent photos, flight and destination information
2 South Korea’s largest insurance company SGI back in business after ransomware attack – criticism over lack of Korean security credentials
Seoul Guarantee Insurance (SGI), South Korea’s largest insurance and guarantee company, on Thursday brought its core systems back online after four days of being down following a ransomware attack. The company is facing heavy criticism for failing to obtain basic Korean security credentials despite handling sensitive information on millions of customers.
Details of the attack:
The attack began on Monday and paralyzed key services such as issuing and verifying insurance policies on the site
Mortgage Guarantee’s core systems were compromised, paralyzing key operations
The company was forced to switch to manual processing of applications.
A 24-hour response center has been set up.
The company has pledged to fully compensate verified losses
The company announced: “We will deal with the inconvenience to customers, continue with compensation, and transparently share updates and further actions based on the results of the investigation.”
3 Serious data leak at fashion brand SABO
International fashion brand SABO accidentally exposed personal information of more than 3.5 million customers.
The information included names, addresses, emails, phone numbers, and order details and was stored online without protection.
The database included documents from 2015 to 2025, including invoices and delivery notes.
4 The Cordoba regional police in Argentina fell victim to a targeted cyberattack.
The attack targeted internal information systems, specifically administrative databases containing personnel data. According to reports, unauthorized access was detected, following which response protocols were activated, a criminal investigation was opened, and the incident was reported to the legal authorities.
Police emphasize that there was no damage to operational infrastructure or leakage of sensitive information.
5 Cyber-attack on El Dorado Hospital, systems disabled
Susan B. Allen Memorial Hospital in Kansas experienced disruptions following a suspected cyber attack that damaged internal operational systems. According to reports, hostile activity was detected on the network, which led to the disruption of critical services and a shift to manual work processes.
No personal information was reported to be leaked, but the matter is still under investigation, another incident against a sensitive, and profitable, US healthcare institution.
6 Beluga Vodka Manufacturer Suffers Ransomware Attack
Russian company Novabev, known for its Beluga vodka brand, has announced a sophisticated ransomware attack.
The attack led to the disruption of critical IT systems in the group and its subsidiary WineLab and affected the availability of internal services.
Despite a direct appeal from the attackers with a ransom demand, the company refused to pay and stated that it has a clear policy of avoiding negotiations with cybercriminals.
At this stage, the company reports that there are no signs of a leak of personal customer information, although the investigation is still ongoing.
At the same time, a dedicated response team has been established, which is working to restore the systems and minimize the operational impact
7 Allianz Life Insurance Company Hacked – Personal Information of Most Customers Stolen
American insurance giant Allianz Life has confirmed that hackers stole personal information of “most” of its customers, financial advisors and employees during a cyberattack that occurred in mid-July. The company has 1.4 million customers, which means that hundreds of thousands of people were affected.
Hack details:
– The attack occurred on July 16, 2025
– The attackers used social engineering to access a third-party cloud CRM system
– The system contained information on customers, financial advisors and selected employees of the company
– The company reported to the FBI and said that there was no evidence of any other systems on its network being compromised
Background on the attacks:
Allianz Life is the latest company in a wave of attacks on the insurance industry that has been taking place in the past month. As you may recall, Aflac, a major supplemental health insurance provider, was also recently hacked and was also reported here in the group.
As is known and also published here, the attacks on the insurance industry are attributed to the Scattered Spider group, which before attacking insurance companies, attacked the UK retail industry, aviation and transportation. They are also known for attacks on technology giants in Silicon Valley.
The company did not disclose whether it received a ransom note from the attackers and did not attribute the breach to a specific hacker group. Allianz Life will begin notifying affected customers around August 1, according to the report it filed with the Maine Attorney General.
The cybersecurity attacks highlighted in this report aren’t just incidents, they’re blueprints of the adversary’s arsenal. To protect your business you need the right partner. Cyberone is here to help! Check out our services.
