SJ Cyber Update #1
Good morning, and welcome to a regular dose of cybersecurity insights!
In today’s interconnected world, staying ahead of evolving threats is more crucial than ever. Each week, we bring you the most critical updates, breaking news to help you navigate the ever-changing landscape of cyber risk.
This edition features a deep dive into the recent flurry of high-profile retail sector breaches, provides essential updates on emerging vulnerabilities, and offers practical advice to bolster your digital defences.
Let’s dive in and keep your digital world secure.
Recent Cyber Attacks and Vulnerabilities (May 30, 2025)
The past seven days have seen a flurry of cybersecurity incidents, highlighting the persistent and evolving threats facing individuals, businesses, and critical infrastructure. From major data breaches affecting global brands to botnet operations leveraging home routers, the landscape remains challenging for defenders.
High-Profile Data Breaches and Cyberattacks:
- Russia attacks logistic companies: Russian GRU cracks open logistic companies to spy on Ukranian military aid. Fancy Bear, the infamous Russian state-sponsored threat actor, has been spying on “dozens” of organizations from Western and NATO countries, monitoring foreign aid moving into Ukraine.
- Adidas Data Breach: The sportswear giant Adidas confirmed a data breach through a third-party customer service provider. While sensitive financial information like passwords and credit card details were reportedly unaffected, personal contact details of customers who interacted with their support team were exposed. This incident adds Adidas to a growing list of major retailers, including Marks & Spencer and Co-op, recently targeted.
- Victoria’s Secret Security Incident: Victoria’s Secret experienced a “security incident” that took down its US website and affected some in-store services for several days.4 While details are scarce, the incident follows a trend of attacks on major retail players.
- Co-op Supply Chain Disruptions Continue: Three weeks after a major cyberattack, Co-op stores across the UK are still facing disrupted deliveries and empty shelves. The attack compromised customer and employee data and forced partial IT system shutdowns.
- Coinbase Faces Significant Loss After Cyberattack: Cryptocurrency exchange Coinbase revealed a potential loss of up to $400 million following a cyberattack where hackers tricked employees and contractors into leaking customer data. Although less than 1% of accounts were compromised, the stolen information was used to impersonate Coinbase and scam users. The company rejected a $20 million ransom demand and has pledged reimbursement to victims.
- West Lothian Council Ransomware Attack: Sensitive personal and sensitive data was stolen from West Lothian Council’s education network during a ransomware attack, believed to be orchestrated by the “Interlock” group.
- NHS Trusts Affected by Ivanti Vulnerability: Two NHS trusts, University College London Hospitals NHS Foundation Trust (UCLH) and University Hospital Southampton NHS Foundation Trust, were affected by a cyber incident exploiting a vulnerability in Ivanti Endpoint Manager Mobile (EPMM) software. While patient data was not affected in the immediate compromise, concerns remain about potential deeper access.
- MATLAB Maker MathWorks Recovering from Ransomware: The company behind MATLAB, MathWorks, is recovering from a ransomware attack that impacted its licensing centre.
- Nova Scotia Power Customer Data Stolen: Nova Scotia Power confirmed a data breach where sensitive customer information was stolen during a cyberattack.
Marks & Spencer Update
Marks & Spencer continues to grapple with the aftermath of a significant cyberattack that began around Easter. Online services for M&S.com have been severely disrupted, with customers unable to place orders for weeks, though Browse is now possible. The retailer confirmed that some personal customer data, including names, addresses, dates of birth, and online order history, was stolen, but crucial payment details and passwords were not compromised.
M&S has estimated the attack could hit profits by around £300 million and expects online services to face disruption until July, with a gradual return to normal. The attack is believed to have originated through a third-party service provider, with an Indian IT company, Tata Consultancy Services (TCS), now investigating its potential link. The “Scattered Spider” hacking group, known for similar attacks on Co-op and Harrods, is suspected to be behind the incident. Customers are being urged to reset passwords for peace of mind and remain vigilant against potential phishing scams.
Emerging Threats and Vulnerabilities
- NASUS Router Hijackings: Over 9,000 ASUS routers have been compromised in an ongoing cyber operation. Attackers are exploiting a patched vulnerability to establish persistent backdoors, surviving reboots and firmware updates, potentially laying the groundwork for a large-scale botnet. This stealthy operation highlights the risk of unpatched or poorly secured IoT devices.
- PumaBot Malware Targets Linux IoT Devices: A new botnet named “PumaBot” is actively brute-forcing credentials on Linux IoT devices to install cryptomining software.
- Chinese Hacking Group “Earth Lamia” Activity: The Chinese hacking group “Earth Lamia” has been observed targeting multiple industries, indicating ongoing cyberespionage efforts.
- Russian Government Hackers Buying Passwords: Microsoft has flagged a new Kremlin-linked hacking team that is reportedly purchasing stolen usernames and passwords from infostealer markets for cyberespionage purposes.
- New Fileless Remcos RAT Deployment: Hackers are employing a new fileless technique using a PowerShell-based loader to deploy Remcos RAT malware, bypassing Windows Defender.
- Ongoing Exploitation of Ivanti Hijack Bugs: Beyond the NHS incidents, the “ongoing” exploitation of Ivanti hijack bugs continues to pose a threat, reaching cloud environments.
- js Vulnerability: A newly discovered bug in OpenPGP.js has been found to undermine the core purpose of encrypted communications.
Key Trends and Observations:
- Supply Chain Attacks Remain Prevalent: The Adidas breach and the ongoing impact on Co-op underscore the significant risk posed by vulnerabilities in third-party service providers.
- Retail Sector Under Siege: The succession of attacks on major retailers like Adidas, Victoria’s Secret, M&S, and Co-op suggests a potentially coordinated campaign targeting the retail sector.
- Rise of IoT Botnets: The ASUS router and PumaBot incidents highlight the increasing weaponization of vulnerable Internet of Things devices for malicious activities.
- Persistent Ransomware Threat: Ransomware continues to be a major concern, affecting organizations across various sectors, from healthcare to logistics.
- Sophisticated Phishing and Social Engineering: The Coinbase attack demonstrates how social engineering tactics can be highly effective in bypassing technical controls.
Footnote
As cyber threats continue to evolve, it remains crucial for organizations, businesses and individuals to maintain strong cybersecurity postures, including timely patching, robust authentication, employee training, and comprehensive incident response plans.
