[October-22-2025] Daily Cybersecurity Threat Report

Posted on

This report details a series of recent cyber incidents, providing key information for each event, including published URLs and associated screenshots, strictly based on the provided data.

1. WOLF CYBER ARMY targets the website of Cariumulya Village Government Website

2. HellR00ters Team targets the website of Joinchat

3. Alleged Unauthorized Access to CARE Management System

  • Category: Initial Access
  • Content: The group claims to have gained unauthorized access to the internal management system of CARE in Saudi Arabia exposing data related to branches, clients, and daily operations. The alleged system includes maps of facilities near the Kuwait border and performance statistics of each branch. The group stated their act was politically motivated, expressing strong support for Palestine
  • Date: 2025-10-22T23:02:27Z
  • Network: telegram
  • Published URL: (https://t.me/n2LP_wVf79c2YzM0/2047)
  • Screenshots:
  • Threat Actors: Infrastructure Destruction Squad
  • Victim Country: Saudi Arabia
  • Victim Industry: Hospital & Health Care
  • Victim Organization: national medical care company
  • Victim Site: care.med.sa

4. Abdullatif Alissa Group Holding Co. falls victim to MEDUSA Ransomware

5. ATIRG falls victim to MEDUSA Ransomware

6. Adore Children & Family Services falls victim to MEDUSA Ransomware

7. Cooperativa Esercenti Farmacia scrl falls victim to MEDUSA Ransomware

8. Alleged sale of unauthorized access to Forti networks

9. Alleged sale of Palestinian government email log

10. Grupo Promasa falls victim to Qilin Ransomware

11. Signet Armorlite, Inc. falls victim to Qilin Ransomware

12. Integral Networks, Inc. falls victim to Qilin Ransomware

13. NurseSpring falls victim to Qilin Ransomware

14. CHDFS, Inc. falls victim to Qilin Ransomware

15. Samera Health falls victim to Qilin Ransomware

16. Real Estate Specialists falls victim to Qilin Ransomware

17. Alleged data sale of Universidad Autónoma Tomás Frías

  • Category: Data Breach
  • Content: Threat actor claims to be selling leaked students data from Universidad Autónoma Tomás Frías, Bolivia. The compromised data reportedly contains students and applicants from 2004 to 2025 including ID card number, full name, degree program, student ID number, etc. NB: Universidad Autónoma Tomás Frías was previously fall victim to STORMOUS Ransomware on Sat Nov 16 2024.
  • Date: 2025-10-22T20:26:52Z
  • Network: openweb
  • Published URL: (https://darkforums.st/Thread-UATF-BOLIVIAN-UNIVERSITY-STUDENTS-2004-2025)
  • Screenshots:
  • Threat Actors: vulnerandolo
  • Victim Country: Bolivia
  • Victim Industry: Education
  • Victim Organization: universidad autónoma tomás frías
  • Victim Site: uatf.edu.bo

18. KHL Printing falls victim to Qilin Ransomware

19. Alleged data breach of Rozetka

20. United Lube Oil falls victim to RansomHouse Ransomware

21. Alleged data sale of Ministry of Health and Sports (Bolivia)

22. Alleged sale of unauthorized access to an unidentified organization in UK

23. More Than Gourmet falls victim to Qilin Ransomware

24. Superior Air Parts falls victim to SECUROTROP Ransomware

25. Magna Hospitality Group, L.C. falls victim to Qilin Ransomware

26. AT&T falls victim to Everest Ransomware

27. Alleged data leak of Fuchu City Hall

28. Alleged data leak of Shizuoka Prefecture

29. Alleged data leak of Taito Ward

30. Alleged data leak of Union of Kansai Governments

31. Alleged data breach of Aceville Pte. Ltd.

32. Alleged data leak of Okinawa City Hall

33. Alleged data leak of Goho-wood

34. Alleged data leak of Okinawa Prefecture Nursing Care Insurance Association

35. Alleged data leak of Tokyo Metropolitan Government

36. Alleged data leak of Yoshimura Laboratory

37. Alleged data sale of Hosteur SA

38. Alleged data breach of Xerotta Co.,Ltd.

39. Alleged data breach of Amazon Japan

40. Alleged data leak of Japan’s security policy

41. Alleged data breach of ARTERIA Networks Corporation

42. Alleged Leak of Japanese Government Strategic Defense Planning and Arms Export Policy

  • Category: Data Breach
  • Content: The group claims to have obtained and leaked strategic policy documents from the Japanese government. The alleged documents contain sensitive information regarding defence planning, military capability development, and Japan’s arms export policy.
  • Date: 2025-10-22T13:13:10Z
  • Network: telegram
  • Published URL: (https://t.me/c/3076919011/180)
  • Screenshots:
  • Threat Actors: CLOBELSECTEAM
  • Victim Country: Japan
  • Victim Industry: Government Administration
  • Victim Organization: Unknown
  • Victim Site: Unknown

43. Alleged data leak of Japan Ministry of Defence

  • Category: Data Breach
  • Content: The group claims to have obtained classified documents from the Japanese Ministry of Defence, allegedly containing sensitive information on military weapons, missile system capabilities, radar and defence systems, budget allocations, and details of contractors and weapon systems such as AEGIS and ballistic missiles.
  • Date: 2025-10-22T13:10:27Z
  • Network: telegram
  • Published URL: (https://t.me/c/3076919011/190)
  • Screenshots:
  • Threat Actors: CLOBELSECTEAM
  • Victim Country: Japan
  • Victim Industry: Government Administration
  • Victim Organization: japan ministry of defence
  • Victim Site: mod.go.jp

44. Alleged Leak of Japanese Government National Security and Export Control Training Documents

  • Category: Data Breach
  • Content: The group claims to have leaked internal training material from the Japanese government. This material allegedly details Japan’s national security policy and export control procedures. The accompanying text warns that the content is strategic and contains sensitive information that could harm national security.
  • Date: 2025-10-22T13:10:08Z
  • Network: telegram
  • Published URL: (https://t.me/c/3076919011/176)
  • Screenshots:
  • Threat Actors: CLOBELSECTEAM
  • Victim Country: Japan
  • Victim Industry: Government Administration
  • Victim Organization: Unknown
  • Victim Site: Unknown

45. KIS PRICING INC falls victim to Qilin Ransomware

46. Alleged data leak of an unidentified Japanese hospital in Japan

47. Payouts King Ransomware group adds an unknown victim (T****s)

48. SYLHET GANG-SG claims to target the UAE

49. Alleged data breach of BrandArmy

50. Alleged unauthorized access to MekongNet

51. Alleged unauthorized access to CooTel Cambodia

52. Alleged leak of login access to PRTR Cambodia

53. Alleged leak of login access to Office of Urban Planning and Development

54. Alleged unauthorized access to National Maternal and Child Health Center (NMCHC)

55. Alleged leak of login access to SIAM MULTI CONS CO LTD

56. PT Pupuk Iskandar Muda falls victim to The Gentlemen Ransomware

57. NLT Lighting Solutions falls victim to Qilin Ransomware

58. Applied Technology Resources, Inc. falls victim to Qilin Ransomware

59. NOTRASEC TEAM targets the website of Sunwin website

60. Alleged data leak of Party 4,100 Formats

61. Alleged sale of Private PSN Brute/ Checker

62. Alleged leak of Multiple login access of Multiple organisations

63. Kumwell Corporation PLC. falls victim to INC RANSOM Ransomware

64. Southern Specialty & Supply, Inc. falls victim to GENESIS Ransomware

65. Roth & Scholl falls victim to GENESIS Ransomware

66. Austin Capital Trust falls victim to GENESIS Ransomware

67. Healthy Living falls victim to GENESIS Ransomware

68. RIVER CITY EYECARE, LLC falls victim to GENESIS Ransomware

Conclusion

The incidents detailed in this report paint a clear picture of a highly active and diverse landscape of cyber threats over the analyzed period.

Ransomware remains a dominant threat category, with numerous organizations falling victim to groups like Qilin (11 incidents), MEDUSA (4 incidents), and GENESIS (4 incidents). These attacks spanned a variety of sectors, including Information Technology (IT) Services, Manufacturing, Real Estate, and Financial Services, affecting companies like Integral Networks, Inc. , PT Pupuk Iskandar Muda , and Austin Capital Trust. Ransomware groups routinely claim to have obtained massive amounts of sensitive data, with reported exfiltration volumes ranging up to 1.1 TB and 3.1 TB in separate incidents.

Data Breaches and Leaks were also widespread (22 incidents), significantly impacting the Government Administration sector in countries like Japan (9 incidents) and Bolivia (2 incidents). Threat actors like CLOBELSECTEAM targeted multiple Japanese government organizations, claiming to leak sensitive documents related to national security, defense planning, and export control. In Bolivia, a threat actor claimed to sell millions of records from the Ministry of Health and Sports and student data from a university. Other notable data breaches include the alleged leak of 231,000 users from BrandArmy and 30,000 customers from Rozetka.

Activity concerning the sale of Initial Access (8 incidents) highlights an ongoing market for unauthorized network entry. Threat actors specifically advertised access to:

  • Forti VPN networks.
  • Telecommunications companies in Cambodia (MekongNet and CooTel).
  • Multiple internal systems for Thai and Cambodian Government entities.
  • The CARE Management System in Saudi Arabia.

The global distribution of these incidents is broad, with the USA being the most frequently targeted country (11 incidents, primarily ransomware), followed closely by Japan (13 incidents, primarily data breaches against government entities). Cambodia (4 incidents), Saudi Arabia (3 incidents), and Thailand (3 incidents) were also prominent targets for initial access and ransomware.

Collectively, these incidents demonstrate a persistent and sophisticated cyber underground that targets vulnerabilities across diverse industries and geographies, reinforcing the need for continuous vigilance in access control, data protection, and threat intelligence.

Related Posts