[August-22-2025] Daily Cybersecurity Threat Report

Posted on

1. Data Breach of OFPPT (The Office of Vocational Training and Employment Promotion)

  • Category: Data Breach
  • Content: The threat actor, Hider__Nex, claims to have leaked a database from OFPPT. The database allegedly contains student information and both old and new account details.
  • Date: 2025-08-22T14:07:25Z
  • Network: openweb
  • Published URL: Not provided in the source data.
  • Screenshots: Not provided in the source data.
  • Threat Actors: Hider__Nex
  • Victim Country: Morocco
  • Victim Industry: Government Administration
  • Victim Organization: ofppt
  • Victim Site: ofppt.ma

2. Sale of Access to U.S. E-commerce Platform

  • Category: Initial Access
  • Content: The threat actor, tope, is claiming to sell access to a U.S.-based e-commerce company’s WordPress/WooCommerce admin panel. The compromised store processes around 2,000 orders monthly and has a total of 170,000 recorded orders. It had net sales of approximately $310,000 USD in the last month. The access reportedly includes administrative rights, which could lead to further exploitation of customer and transaction data.
  • Date: 2025-08-22T13:59:58Z
  • Network: openweb
  • Published URL: Not provided in the source data.
  • Screenshots: Not provided in the source data.
  • Threat Actors: tope
  • Victim Country: USA
  • Victim Industry: E-commerce & Online Stores
  • Victim Organization: Unknown
  • Victim Site: Unknown

3. Data Breach of QQ email

  • Category: Data Breach
  • Content: The threat actor, N1KA, claims to have leaked over 4 million rows of data from QQ email. The data allegedly includes usernames, emails, mobile numbers, and addresses.
  • Date: 2025-08-22T13:47:01Z
  • Network: openweb
  • Published URL: Not provided in the source data.
  • Screenshots: Not provided in the source data.
  • Threat Actors: N1KA
  • Victim Country: China
  • Victim Industry: Social Media & Online Social Networking
  • Victim Organization: qq email
  • Victim Site: mail.qq.com

4. Leak of Cesar Vallejo University Student Records

  • Category: Data Breach
  • Content: The threat actor, deadman, claims to have leaked a database belonging to Cesar Vallejo University (UCV). The data reportedly contains sensitive student information such as full names, national ID numbers, phone numbers, email addresses, and academic program details. A small sample of records was provided.
  • Date: 2025-08-22T13:23:31Z
  • Network: openweb
  • Published URL: Not provided in the source data.
  • Screenshots: Not provided in the source data.
  • Threat Actors: deadman
  • Victim Country: Peru
  • Victim Industry: Higher Education/Academia
  • Victim Organization: universidad césar vallejo (ucv)
  • Victim Site: ucv.edu.pe

5. Data Leak of Discord

  • Category: Data Leak
  • Content: The threat actor, meowmeow333, claims to be selling a large database from Discord. The database allegedly contains over 1.7 billion messages, 33 million users, 198 million voice sessions, and 52 million files.
  • Date: 2025-08-22T13:22:26Z
  • Network: openweb
  • Published URL: Not provided in the source data.
  • Screenshots: Not provided in the source data.
  • Threat Actors: meowmeow333
  • Victim Country: USA
  • Victim Industry: Social Media & Online Social Networking
  • Victim Organization: discord
  • Victim Site: discord.com

6. Data Breach of Kabupaten Ogan Komering Ilir

  • Category: Data Breach
  • Content: The threat actor, TERRORISM666, claims to have leaked a database from Kabupaten Ogan Komering Ilir. The data allegedly contains table names, creation times, data lengths, and number of rows.
  • Date: 2025-08-22T13:07:05Z
  • Network: openweb
  • Published URL: Not provided in the source data.
  • Screenshots: Not provided in the source data.
  • Threat Actors: TERRORISM666
  • Victim Country: Indonesia
  • Victim Industry: Government Administration
  • Victim Organization: kabupaten ogan komering ilir
  • Victim Site: go.kaboki.go.id

7. Defacement of Wifist Website

  • Category: Defacement
  • Content: The group Anonymous SRVN claims to have defaced the website of Wifist.
  • Date: 2025-08-22T12:53:39Z
  • Network: telegram
  • Published URL: Not provided in the source data.
  • Screenshots: Not provided in the source data.
  • Threat Actors: Anonymous SRVN
  • Victim Country: Turkey
  • Victim Industry: Network & Telecommunications
  • Victim Organization: wifist
  • Victim Site: wifist.com.tr

8. Data Sale of Rappicarga in Brazil

  • Category: Data Breach
  • Content: The threat actor, giorggios, claims to be selling a database of 15 million orders from Rappi Brazil. The exposed information includes names, CPF numbers, emails, phone numbers, addresses, and payment details.
  • Date: 2025-08-22T12:06:04Z
  • Network: openweb
  • Published URL: Not provided in the source data.
  • Screenshots: Not provided in the source data.
  • Threat Actors: giorggios
  • Victim Country: Brazil
  • Victim Industry: E-commerce & Online Stores
  • Victim Organization: rappicarga
  • Victim Site: rappi.com.br

9. Data Sale of The Department of Aude

  • Category: Data Breach
  • Content: The threat actor, ryolait, claims to be selling over 200,000 records from the Department of Aude. The data allegedly contains gender, last name, first name, date of birth, CAF/MSA affiliation, national ID, mobile number, email, and place of residence.
  • Date: 2025-08-22T12:01:30Z
  • Network: openweb
  • Published URL: Not provided in the source data.
  • Screenshots: Not provided in the source data.
  • Threat Actors: ryolait
  • Victim Country: France
  • Victim Industry: Government Administration
  • Victim Organization: department of aude
  • Victim Site: aude.fr

10. Sale of Domain Admin Access

  • Category: Initial Access
  • Content: The threat actor, Big-Bro, claims to be selling Domain Admin access to an organization in Thailand valued at $156 million. The access is said to provide full domain administrator rights with antivirus defenses in place.
  • Date: 2025-08-22T11:11:25Z
  • Network: openweb
  • Published URL: Not provided in the source data.
  • Screenshots: Not provided in the source data.
  • Threat Actors: Big-Bro
  • Victim Country: Thailand
  • Victim Industry: Unknown
  • Victim Organization: Unknown
  • Victim Site: Unknown

11. Sale of Iran IP Network Infrastructure Exposure

  • Category: Data Leak
  • Content: The threat actor, elnurdxb, claims to be selling data on 100,000 Iran IP addresses. The data allegedly contains open ports, software names and versions, headers, DNS records, and other network-related information.
  • Date: 2025-08-22T09:58:08Z
  • Network: openweb
  • Published URL: Not provided in the source data.
  • Screenshots: Not provided in the source data.
  • Threat Actors: elnurdxb
  • Victim Country: Iran
  • Victim Industry: Unknown
  • Victim Organization: Unknown
  • Victim Site: Unknown

12. Data Breach of JN Global

  • Category: Data Breach
  • Content: The threat actor, N1KA, claims to have leaked a database from JN Global. The data allegedly contains email, name, address, username, password, and date of birth.
  • Date: 2025-08-22T09:49:06Z
  • Network: openweb
  • Published URL: Not provided in the source data.
  • Screenshots: Not provided in the source data.
  • Threat Actors: N1KA
  • Victim Country: Unknown
  • Victim Industry: Unknown
  • Victim Organization: Unknown
  • Victim Site: Unknown

Part 2: Strategic and Tactical Analysis

2.1 Executive Summary

The analysis of a series of cyber incidents reveals a dynamic and evolving threat landscape characterized by a shift from singular, targeted attacks to a commoditized and interconnected ecosystem of cybercrime. The most prominent activities are the sale of initial network access and the large-scale distribution of data leaks. The reported incidents primarily affect government administration and technology sectors across a wide range of countries, including Morocco, Peru, Indonesia, Brazil, and France. The report also highlights the long-term risk of data breaches as information from past compromises is continually monetized. The sheer volume and diversity of these incidents underscore the critical need for a proactive, multi-layered defense strategy that extends beyond traditional perimeter security to include continuous threat intelligence and robust internal access controls. The threats detailed in this report are not merely a collection of isolated events; they are a clear reflection of a maturing, financially driven, and globally dispersed cybercrime market.

An analysis of the incident log reveals distinct patterns in the types of malicious activity observed. The most dominant categories are Data Breach and Data Leak. This includes large-scale events such as the reported leaks of over 4 million rows from QQ email and over 15 million orders from Rappi Brazil. These incidents demonstrate the continued financial viability of compromising and monetizing large datasets.

A distinct and prominent trend is the proliferation of Initial Access sales. These incidents, such as the sale of Domain Admin access in Thailand and WordPress/WooCommerce admin panel access in the U.S., are particularly concerning as they represent a precursor to more damaging attacks. The prevalence of these “Initial Access” sales indicates a robust, well-defined supply chain in the illicit market. Threat actors who specialize in gaining a foothold in a network, such as “tope” and “Big-Bro,” operate as brokers, selling their entry point to other, more specialized, criminal groups. This is often the first step in a complex cybercrime lifecycle, where a breach is commoditized and resold for a profit, enabling subsequent actions like ransomware deployment or extensive data exfiltration.

CategoryCount of Incidents
Data Breach7
Initial Access2
Data Leak2
Defacement1

2.3 Geographic and Sectoral Distribution

The distribution of incidents across geographic regions and industries provides a clear picture of global cyber threat exposure. The data reveals concentrated activity in certain regions, with multiple incidents targeting the USA and China. The list of targeted countries also includes Morocco, Peru, Indonesia, Turkey, Brazil, France, and Thailand, underscoring the global reach of these threats.

The victim industries are diverse, spanning sectors from E-commerce and Social Media to Government Administration and Higher Education. This diversity suggests that while some attacks are highly targeted, many are opportunistic, targeting any organization with a vulnerable entry point, regardless of its industry.

The cluster of incidents in government administration across different countries (Morocco, Indonesia, France) is a prime example of this widespread targeting. The common element among these three distinct incidents is not the victim’s location but the industry: government. This indicates that threat actors may be exploiting common vulnerabilities or targeting publicly available information to create a stream of marketable data and access points. This approach demonstrates a model of cybercrime as a commoditized service, where the act of breaching a network is a product in itself, sold to the highest bidder for various malicious purposes.

Victim CountryVictim IndustryCount of Incidents
MoroccoGovernment Administration1
USAE-commerce & Online Stores1
USASocial Media & Online Social Networking1
ChinaSocial Media & Online Social Networking1
PeruHigher Education/Academia1
IndonesiaGovernment Administration1
TurkeyNetwork & Telecommunications1
BrazilE-commerce & Online Stores1
FranceGovernment Administration1
ThailandUnknown1
IranUnknown1
UnknownUnknown1

2.4 Victimology and Impact Assessment

The nature of the compromised data reveals a threat landscape with consequences that extend beyond simple financial loss. While the theft of customer order details and personal information has direct financial implications, other incidents pose significant risks to government operations and individual privacy. For example, the leaks from government entities in Morocco, Indonesia, and France contain sensitive administrative and personal data. This type of breach can lead to severe personal harm, including identity theft, fraud, and a permanent loss of privacy. The reported defacement of the Wifist website in Turkey and the alleged leak of IP network infrastructure exposure in Iran point to non-financial motivations, such as political protest or intelligence gathering.

The incidents also highlight the indefinite half-life of compromised data. Once data is exfiltrated, it can be bought, sold, and repurposed on the dark web for years. Personal Identifiable Information (PII) remains perpetually valuable for social engineering, identity theft, and credential stuffing attacks on other platforms. This persistent threat requires organizations to adopt a long-term risk management approach.

Conclusion

The incidents detailed in this report collectively demonstrate that the modern cyber threat landscape is characterized by commoditization, global reach, and a diversification of impact. The prevalence of Data Breaches and Initial Access sales reflects a maturing, financially driven ecosystem where cybercrime is a service-based business. Furthermore, the nature of compromised data has expanded beyond financial information to include highly sensitive personal and national security records, signaling a shift in threat actor motivations and the potential for grave societal and geopolitical consequences.

To effectively combat these threats, organizations must move beyond traditional perimeter defense. A proactive, intelligence-driven, and multi-layered defense strategy that incorporates robust technical controls, rigorous third-party risk management, and comprehensive organizational resilience planning is no longer optional. It is the only viable path to mitigating the persistent and sophisticated risks that define the contemporary digital landscape.

Related Posts