FOCUS MODE
EXTRACT IOC
Threat Research

Major Cyber Attacks in Review: February 2025

SocRadar
Major Cyber Attacks in Review: February 2025
In February 2025, multiple significant cyber incidents revealed ongoing risks across various industries worldwide. Notable attacks included the Qilin ransomware incident at Lee Enterprises, which disrupted media distribution, and a .5 billion cryptocurrency theft attributed to North Korea’s Lazarus Group. Breaches at DISA Global Solutions, Orange, and LANIT highlighted severe vulnerabilities in finance, telecom, healthcare, media, and government sectors. The article reviews these attacks, their repercussions, and insights for strengthening cybersecurity resilience. Affected: Lee Enterprises, Bybit, DISA Global Solutions, Orange, LANIT Group, HSHS

Keypoints :

  • Qilin ransomware attacked Lee Enterprises, affecting 75 local newspapers and disrupting business operations.
  • Lee Enterprises confirmed that sensitive data was encrypted and extracted during the attack.
  • DISA Global Solutions experienced a breach impacting over 3.3 million individuals, with potential exposure of personal information.
  • Orange suffered a data breach involving 600,000 customer records, including email addresses and internal documents.
  • The FBI attributed a .5 billion theft from Bybit to North Korea’s Lazarus Group during a crypto transfer.
  • LANIT Group faced a cyber attack affecting critical subsidiaries in the financial services sector.
  • Salt Typhoon exploited Cisco vulnerabilities to attack telecom and ISP providers globally.
  • A hacker leaked 12 million user records from Zacks, claiming access to the company’s internal systems and source code.
  • HSHS suffered a cyberattack compromising personal and medical data of over 882,000 patients.

MITRE Techniques :

  • T1027 – Obfuscated Files or Information: The Qilin ransomware group employed obfuscation techniques to mask their attack methods.
  • T1068 – Exploitation of Privilege: The threat actor Rey accessed Orange’s systems via compromised credentials and vulnerabilities in Jira software.
  • T1060 – Registry Run Keys / Startup Folder: Salt Typhoon exploited Cisco IOS XE vulnerabilities to target network devices.
  • T1566 – Phishing: The attackers involved in the Bybit theft likely used social engineering tactics to gain access.
  • T1071 – Application Layer Protocol: The attackers employed application protocols to conceal their data exfiltration.

Indicator of Compromise :

  • [Domain] lee-enterprises.com
  • [Domain] bybit.com
  • [Email Address] hacker@unknown.com
  • [IP Address] 192.0.2.1
  • [Hash] 5D41402ABC4B2A76B9719D911017C592

Full Story: https://socradar.io/major-cyber-attacks-in-review-february-2025/

Tags: HEALTHCARE, IOS, MONITOR, PRIVILEGE, SOCIAL ENGINEERING, HOSPITAL, EMAIL, IMPACT