Top news stories this week
- Double trouble. Samsung Germany and UK's Royal Mail suffer data breach linked to the same supplier.
- Bar breach. The Texas State Bar warn public of data breach after sample data posted online.
- New law. Details of the UK’s new Cyber Security and Resilience Bill announced.
- Rebrand. Ransomware group Hunters International declare shift to data extortion.
- Kim-migration. North Korea IT worker army expands into Europe.
- Oh my data. Private images from dating apps exposed and Cardiff City Council impacted by data breach.
1. Samsung Germany and Royal Mail suffer data breach linked to the same supplier
A threat actor known as GHNA has leaked sensitive customer information from Samsung Germany on a dark web forum, affecting 270,000 customers. This data breach is linked to Spectos GMBH, Samsung's service provider, after one of its employees fell victim to an infostealer malware in 2021.
In a similar incident, GHNA claims to possess 144GB of data from Britain's Royal Mail and is selling it on a dark web forum. The threat actor attributes this data leak to the same breach at Spectos.
So what?
It is vital to rotate user credentials regularly and enable multi-factor authentication to strengthen security and prevent unauthorised access.
[Researcher: Aditya Ganjam Mahesh]
2. Texas State Bar warns public of data breach as INC Ransom post sample data online
Threat group INC Ransom has listed the State Bar of Texas on their extortion site and has posted samples of the stolen data. In a notification letter, the Texas State Bar - United States' second-largest bar association - stated that they discovered a breach in their IT infrastructure on 12 February, which occurred between 28 January and 9 February 2025.
So what?
Organisations must improve logging, monitoring and employee awareness to detect threats faster.
[Researcher: Lawrence Copson]
3. UK Cyber Security and Resilience Bill requires organisations to improve their cyber security defences
The UK government has announced a new Cyber Security and Resilience (CSR) Bill. The bill focuses on bringing more types of organisations into scope, handing regulators greater enforcement powers, and enabling the government to change the regulations quickly to adapt to evolving threats. Organisations could face £100,000 ($129,000) daily fines for failing to act against specific threats under consideration.
So what?
Organisations must understand the meaning and impact of the changing legislation to their operations and perform timely compliance assessments.
[Researcher: Milda Petraityte]
4. Ransomware group Hunters International shifts focus to data extortion
Ransomware-as-a-service (RaaS) group Hunters International has announced the closure of their operation and plans to focus on data theft and extortion. On their new dark web page, the group stated their criminal undertaking has become "unpromising, low-converting, and extremely risky," due to law enforcement operations and instead the group would focus on data theft-only tactics.
SO WHAT?
Law enforcement operations continue to be effective against criminal operations. The cyber security industry has seen a slow upward trend in ransomware gangs abandoning encryption and opting for pure theft extortion tactics.
[Researcher: Milda Petraityte]
5. North Korea 'IT worker army' expands into Europe
North Korea’s remote IT workers have been expanding operations across Europe. Previously charged and targeted with sanctions in the US, these workers are now seeking remote positions in Germany, Portugal and the United Kingdom to generate revenue for the Democratic People’s Republic of Korea (DPRK). These individuals mask their true identities using a combination of real and fabricated identities, and once discovered, some have used insider knowledge to extort former employers by threatening to leak stolen, sensitive, information.
So What?
It is important for organisations to conduct pre-employment checks on remote workers to mitigate their risk exposure and avoid breaching financial sanctions.
[Researcher: Lester Lim]
6. Data from dating apps exposed and Cardiff council impacted by data breach
Millions of private images from specialist dating apps developed by M.A.D Mobile have been found to be stored unprotected and publicly accessible. The pictures were kept in Google Cloud storage buckets without password protection.
Separately, Cardiff council has been informed of a breach that potentially compromised the data of vulnerable children under its care. The director of Cardiff Children’s services has acknowledged issues around cyber security and confirmed that work is being done to address these risks.
SO WHAT?
It is important to identify the sensitivity of data being held and to implement the appropriate security controls to ensure confidentiality is not compromised.
[Researcher: Adelaide Parker]
