[December-2-2025] Daily Cybersecurity Threat Report

This report details a series of recent cyber incidents, providing key information for each event, including published URLs and associated screenshots, strictly based on the provided data.

1. Alleged unauthorized access to target Microsoft IIS

• Category: Initial Access
• Content: The group indicates that they are targeting Microsoft IIS. And they are destroying their infrastructure.
• Date: 2025-12-02T23:51:37Z
• Network: telegram
• Published URL: https://t.me/n2LP_wVf79c2YzM0/2644
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/4895cf49-398d-4079-957b-81a08a8dae67.png
• Threat Actors: Infrastructure Destruction Squad
• Victim Country: Germany
• Victim Industry: Information Technology (IT) Services
• Victim Organization: microsoft iis
• Victim Site: iis.net

2. Alleged data breach of unidentified organization (R E)**

• Category: Data Breach
• Content: The group claims to have breached the organization’s data.
• Date: 2025-12-02T23:31:48Z
• Network: tor
• Published URL: http://fjg4zi4opkxkvdz7mvwp7h6goe4tcby3hhkrz43pht4j3vakhy75znyd.onion/companies/secret
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/23b253de-4801-4979-9404-81299ef1fe37.png https://d34iuop8pidsy8.cloudfront.net/cf9bac33-68b2-4973-90e8-81c5fb3f056c.png
• Threat Actors: CoinbaseCartel
• Victim Country: Unknown
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

3. Nomen falls victim to TridentLocker Ransomware

• Category: Ransomware
• Content: Group claims to have obtained 30.9 GB of the organization’s data.
• Date: 2025-12-02T23:21:01Z
• Network: tor
• Published URL: http://tridentfrdy6jydwywfx4vx422vnto7pktao2gyx2qdcwjanogq454ad.onion/article/2be17e73-66b6-4073-9c96-62d38a9a8e51
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/27960f69-21ad-4e39-9d34-86e7f292bd07.png https://d34iuop8pidsy8.cloudfront.net/4c291ae4-bf88-4da1-a5c4-8dad37a91b00.png
• Threat Actors: TridentLocker
• Victim Country: France
• Victim Industry: Marketing, Advertising & Sales
• Victim Organization: nomen
• Victim Site: nomen.fr

4. Alleged Data Breach of Ernst & Young Global Limited

• Category: Data Breach
• Content: Threat Actor claims to have breached the database of Ernst & Young Global Limited.
• Date: 2025-12-02T22:15:42Z
• Network: openweb
• Published URL: https://leakbase.la/threads/1-83tb-ey-data-breach-direct-link.46753/
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/31922e30-f5cf-4f29-b27b-d50927c562ec.png https://d34iuop8pidsy8.cloudfront.net/0a6012d3-6f52-48a8-8f1e-06dfed00168b.png
• Threat Actors: bonanzaoffer
• Victim Country: UK
• Victim Industry: Professional Services
• Victim Organization: ernst & young global limited
• Victim Site: ey.com

5. LA Injury Attorneys falls victim to Qilin ransomware

• Category: Ransomware
• Content: Group claims to have obtained 1,500.00 GB of the organizations data.
• Date: 2025-12-02T22:13:35Z
• Network: tor
• Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=13c692ba-da29-3029-b2c8-eb803f926baa
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/8e1d2791-c301-4a8b-a48a-4f05b2baefee.png
• Threat Actors: Qilin
• Victim Country: USA
• Victim Industry: Law Practice & Law Firms
• Victim Organization: la injury attorneys
• Victim Site: lainjuryattorneys.com

6. Kurt J. Lesker Company falls victim to CHAOS Ransomware

• Category: Ransomware
• Content: The group claims to have obtained 615 GB of the organization’s data.
• Date: 2025-12-02T22:08:10Z
• Network: tor
• Published URL: http://hptqq2o2qjva7lcaaq67w36jihzivkaitkexorauw7b2yul2z6zozpqd.onion/G1KKj8LbLQx4tNmeFvGNPdDekm5oWn2k/lesker-com
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/4c2946ad-06fe-40bb-a0c0-c0819988d4db.png
• Threat Actors: CHAOS
• Victim Country: USA
• Victim Industry: Semiconductors
• Victim Organization: kurt j. lesker company
• Victim Site: lesker.com

7. Alleged Data Leak of AMEX and Discover CVV Data in USA

• Category: Data Breach
• Content: Threat Actor claims to have leaked AMEX and Discover CVV records from a U.S. card database, which includes 484 AMEX and 46 Discover card records.
• Date: 2025-12-02T21:55:36Z
• Network: openweb
• Published URL: https://forum.exploit.biz/topic/271222/
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/c43546b3-98d1-4988-845e-490785b70558.png
• Threat Actors: Belomorkanal
• Victim Country: USA
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

8. Alleged Sale of Compromised Credentials from 2022–2025 Logs

• Category: Data Breach
• Content: Threat Actor claims to be selling compromised mail, login, and phone-number credentials from 2022–2025 logs.
• Date: 2025-12-02T21:42:56Z
• Network: openweb
• Published URL: https://forum.exploit.biz/topic/271219/
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/43f5cb38-bc3c-4e16-b360-5a473dad877d.png
• Threat Actors: MakiLabs
• Victim Country: Unknown
• Victim Industry: Unknown
• Victim Organization: Unknown
• Victim Site: Unknown

9. Alleged Access to EdTrust

• Category: Initial Access
• Content: The group claims to have gained access to EdTrust.
• Date: 2025-12-02T21:28:10Z
• Network: telegram
• Published URL: https://t.me/firewirBackupChannel/163?single
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/56a0ed28-e171-479d-abba-91be65f76084.png https://d34iuop8pidsy8.cloudfront.net/420ccbe0-8f20-443c-8a85-2977ef990300.png
• Threat Actors: Fire Wire
• Victim Country: Tunisia
• Victim Industry: Education
• Victim Organization: edtrust
• Victim Site: edtrust.tn

10. Alleged leak of login credentials to BCIA Agency

• Category: Initial Access
• Content: The group claims to have leaked login credentials from BCIA Agency.
• Date: 2025-12-02T20:31:26Z
• Network: telegram
• Published URL: https://t.me/PESHMERGA_EYE/49
• Screenshots: https://d34iuop8pidsy8.cloudfront.net/d3c4aeca-6c75-4ea4-9d34-6d6131e9cbf2.png
• Threat Actors: PESHMERGA EYE SYSTEM
• Victim Country: Iraq
• Victim Industry: Security & Investigations
• Victim Organization: bcia agency
• Victim Site: privatesys.bcia.agency

Conclusion

The incidents detailed in this report highlight a diverse and active landscape of cyber threats. Ransomware and data breaches are prominent, affecting various sectors from Information Technology (IT) Services and Professional Services to Law Practices and Semiconductors, and impacting countries including Germany, France, the UK, the USA, and Tunisia. The compromised data ranges from internal infrastructure and organizational data to sensitive client files and card credentials.

Beyond data compromise, the report also reveals significant activity in initial access sales and infrastructure destruction, with threat actors targeting Microsoft IIS, educational institutions like EdTrust, and security agencies. The nature of these incidents emphasizes the critical importance of robust cybersecurity measures, including strong access controls, data protection strategies, continuous vulnerability management, and proactive threat intelligence to defend against a wide array of sophisticated and opportunistic attacks.