As your dedicated cybersecurity services provider, Cyberone equips you with timely and in-depth information about current cyber attacks. Discover a weekly cybersecurity report of the latest exploits and breaches shaping the ever-evolving cybersecurity landscape.
Weekly Cybersecurity Report | Week 18, 2025
Information security updates and events from the past week
1 Harrods: Wave of cyberattacks in the UK expands to more stores
Harrods, the luxury department store in London, reported that it had become the target of a cyberattack, joining a wave of attacks that has recently hit major retail chains in the UK.
Harrods is the third retailer in the UK to be hit by a cyber incident this week
https://www.bbc.com/news/articles/c62x4zxe418
2 Everest attack group claims to have hacked Air Arabia
Everest attack group has published a claim that it has hacked the information systems of the United Arab Emirates Airline Air Arabia. According to the publication, the attackers gained access to sensitive company databases
The group claims to have managed to extract 18,955 personal records
14 gigabytes of internal and confidential company information were stolen
The attackers set a deadline for ransom payment: May 6, 20
The following were exposed:
– Personal data of employees including names, nicknames and personal details
– Sensitive organizational information including roles, departments, internal codes and locations
– Business and personal contact details of employees
– Information about the company’s structure and managers
– System login details and user IDs
The leak includes a comprehensive data structure that contains information such as dates of birth, personal and business phone numbers, addresses, locations and other identifying information of the company’s employees.
Air Arabia is the largest low-cost airline in the Middle East and North Africa. It operates a fleet of around 77 aircraft and flies to more than 200 destinations. It has bases in the United Arab Emirates, Morocco, Egypt and Abu Dhabi. Despite its size in the low-cost segment, it is smaller than airlines such as Emirates or Qatar Airways, which operate on a full-service model.
3 Cyberattack temporarily paralyzes Polish population registry
A cyberattack has disrupted Poland’s population registry systems, making access to key government services difficult, local media reported. The attack temporarily blocked access to the PESEL database, a national database containing personal information of residents and used to verify identities in a variety of the ministry’s services.
The Polish Digital Office confirmed the disruption but declined to specify the exact cause.
According to local media reports, it was a DDoS attack.
The identity of the attackers remains unknown at this stage.
The incident joins a wave of similar attacks in Eastern Europe in recent months: in December, Ukraine’s registry infrastructure was breached, in January, Slovakia’s land registry was attacked, and earlier this year, unknown hackers claimed responsibility for a breach of Rosreestr, the Russian government agency that oversees real estate and land registries.
4 Co-op shuts down some of its computer systems after detecting a hacking attempt.
British retail chain Co-op has been forced to shut down parts of its computer systems after detecting a hacking attempt, just days after retailer Marks & Spencer was hit by an incident. Cyber is serious. This is according to a letter to employees sent on Tuesday and obtained by The Guardian.
A source close to the company reported that the shutdown led to the closure of virtual workstations across the business, affecting several operational activities that require support from headquarters, including inventory updates.
5 Hitachi Vantara forced to shut down servers after Akira ransomware attack
Hitachi Vantara, a subsidiary of Japanese conglomerate Hitachi, was forced to shut down servers over the weekend to contain a ransomware attack from the Akira group. The company, which provides data storage, infrastructure systems, cloud management and recovery services, serves government agencies and some of the world’s largest brands including BMW, Telefonica, T-Mobile
The attack occurred on April 26, 2025, and caused disruptions to several of the company’s systems
Upon identifying suspicious activity, the company immediately activated incident response protocols and proactively shut down servers
The company hired external cybersecurity experts to support the investigation and remediation process
The attackers stole files from the company’s network and left ransom messages on the affected systems
6 The Qilin attack group claims to have breached the Malaysian airports network
The Qilin hacker group claims to have breached the systems of Malaysia Airports Holdings Berhad (MAHB), which operates 39 airports. This breach puts the critical infrastructure of air traffic in Asia at risk.
The extent of the damage:
– Over 2 terabytes of sensitive information leaked and now publicly available
– The information includes infrastructure plans, security system specifications, camera blind spots
– Personal employee information and internal incident reports were exposed
– The attack caused severe disruptions at Kuala Lumpur Airport in late March 2025
– Handwritten flight schedules were reported to have been used because of the disruptions
According to the publication, the attackers demanded a ransom of $10 million. The attack highlights the increasing vulnerability of critical transport infrastructure to cyber threats, and the potential for complete disruption of operations at major airports in the region.
The attack also exposes the attempts by MAHB’s senior management to conceal the extent of the breach in its early stages, but the extensive information that has been leaked is already revealing.
7 Cyberattack hits drinking water provider in Spanish town near Barcelona
Aigües de Mataró, a municipal water provider in Spain responsible for drinking water and sewage systems, announced on Wednesday that its corporate computer systems and website had been targeted by a cyberattack. The company clarified that the water supply itself and its quality control systems were not affected by the attack.
Incident details:
– The attack was discovered on Monday and reported to the Catalan police and the regional cyber agency
– The company has activated an emergency plan that included internal controls to minimize the damage of the attack
– Catalan authorities are assisting the company in the restoration and recovery of the affected infrastructure
– Customers have been warned that personal and financial information held by the company may be exposed
– The company has advised consumers to be alert to phishing attempts that exploit the exposed information
The attack is affecting customers’ ability to access corporate services and delays in billing and other administrative procedures are expected. The company serves the city of Mataro, a coastal town in Catalonia with a population of approximately 130,000.
8 Japanese logistics company Kintetsu World Express (KWE) reports that it is suffering from a ransomware attack.
The company, which operates air and sea freight services in more than 30 countries, said the attack, which was discovered on April 23, disrupted some of its systems, but it is not yet known whether sensitive information was stolen or whether a ransom was demanded.
9 Ukrainian retail chain Epicentr reports that it has been hit by a cyberattack.
The company, which operates more than 70 shopping centers across Ukraine, said the attack disrupted systems at checkout, logistics and accounting, causing many stores to shut down.
Customers reported difficulties making purchases, receiving orders and using the company’s app and website.
The company said it was a deliberate attack that caused widespread damage, but did not specify who was behind it or whether it was a ransomware attack.
The company said some stores have resumed operations, but there are still disruptions, particularly in accounting systems, which prevents the production of financial statements and reports to tax authorities.
10 Urban One, a US media company, reports a data leak following a ransomware attack.
The company, which operates television channels, radio stations and news websites, announced that on February 13, 2025, a cyberattack was carried out against it that began with a sophisticated social engineering campaign.
The incident was only discovered on March 15, and after an investigation, it was revealed that personal information of employees was stolen, including names, addresses, social security numbers and more.
The Cactus ransomware group claimed responsibility for the attack.
11 Nova Scotia Power reports a cyberattack after detecting unauthorized access to some of the company’s systems.
The company has shut down some servers to prevent the damage from spreading.
The attack did not affect the power supply but caused temporary disruptions to online services and internal systems.
The cybersecurity attacks highlighted in this report aren’t just incidents, they’re blueprints of the adversary’s arsenal. To protect your business you need the right partner. Cyberone is here to help! Check out our services.
