Svoboda Cybersecurity Brief June 05, 2025

Jun 05, 2025

Ransomware Group Gunra Claims Exfiltration of 450 Million Patient Records from Dubai Hospital

The ransomware group Gunra claims to have exfiltrated 450 million patient records from American Hospital Dubai, including sensitive fertility treatment data. The attack disrupted VMware vSphere and EMC Unity storage systems, encrypting critical hospital infrastructure. The group alleges the hospital attempted to conceal the breach by attributing downtime to system updates.
Source: DataBreaches.net

FBI: Play Ransomware Compromised 900 Victims, Including Critical Infrastructure

The FBI reports the Play ransomware gang has breached approximately 900 organizations since 2022, triple the number from 2023. The group uses recompiled malware per attack and exploits vulnerabilities like CVE-2024-57726 in SimpleHelp RMM. Victims are often threatened via phone calls to pay ransoms.
Impact: Data theft, encryption, and extortion targeting critical infrastructure.
Mitigation: Patch systems, enforce MFA, and maintain offline backups.
Source: BleepingComputer

Ukrainian Hacker Arrested for Cryptojacking 5,000 Hosting Accounts

A 35-year-old Ukrainian hacker was arrested for breaching 5,000 hosting accounts to mine cryptocurrency, causing $4.5 million in damages. The attacker used open-source intelligence to find vulnerabilities and rotated locations to evade detection. Seized evidence linked him to hacker forums and cryptocurrency wallets.
Source: BleepingComputer

Google Warns of UNC6040 Vishing Campaign Targeting Salesforce Data

UNC6040, a financially motivated group, uses voice phishing to trick employees into connecting malicious Salesforce Data Loader apps. The attackers exfiltrate data and later extort victims, sometimes claiming affiliation with ShinyHunters. Targets include education, hospitality, and retail sectors in the Americas and Europe.
Impact: Data theft and lateral movement to platforms like Okta and Microsoft 365.
Mitigation: Restrict API-enabled permissions and monitor for unauthorized app connections.
Source: The Hacker News

Cisco Patches Critical Flaws in ISE and CCP with Public Exploits

Cisco released patches for three vulnerabilities, including CVE-2025-20286, a critical static credential flaw in ISE cloud deployments. Attackers can exploit this to access sensitive data or disrupt services. Proof-of-concept exploit code is publicly available.
Impact: Unauthorized access to cloud deployments and potential service disruption.
Mitigation: Apply hotfixes or reset configurations for ISE cloud nodes.
Source: BleepingComputer

HPE Fixes Authentication Bypass and RCE Bugs in StoreOnce

HPE addressed eight vulnerabilities in StoreOnce, including CVE-2025-37093, an authentication bypass flaw rated 9.8 CVSS. Chaining these bugs could allow remote code execution as root. The flaws were reported in October 2024.
Impact: Full system compromise via authentication bypass and RCE.
Mitigation: Update to StoreOnce 4.3.11 or later.
Source: The Hacker News

BidenCash Carding Market Domains Seized in International Operation

Law enforcement seized 145 domains tied to the BidenCash carding marketplace, which trafficked 15 million payment card numbers. The operation, led by the U.S. Secret Service, disrupted the group’s $17 million revenue stream. BidenCash previously leaked millions of card records to promote its services.
Source: BleepingComputer

Malicious npm, PyPI, and Ruby Packages Target Developers and Crypto Wallets

Researchers identified malicious packages in npm, PyPI, and RubyGems, including wallet-draining tools and credential stealers. One Ruby gem redirected Telegram API traffic to exfiltrate bot tokens and messages. PyPI packages like solana-live stole Solana private keys via monkey-patched key-generation methods.
Impact: Data theft, wallet hijacking, and codebase destruction.
Mitigation: Verify package authenticity and monitor for unusual activity.
Source: The Hacker News

North Shore Sleep Center Employee Charged with Secretly Recording Patients

A former employee at North Shore University Sleep Disorders Center was charged for installing hidden cameras in restrooms, affecting 13,332 patients. The cameras, disguised as smoke detectors, captured hundreds of videos over two years. The breach was reported to HHS in May 2025.
Source: DataBreaches.net

Taiwan’s BitoPro Loses $11.5 Million in Cryptocurrency Hack

BitoPro, Taiwan’s second-largest crypto platform, was hacked for NT$345 million ($11.5 million) on May 8. Attackers exploited blockchains like Tron and Ethereum, using mixers like Tornado Cash to launder funds. BitoPro assured users their assets remain protected.
Source: DataBreaches.net

Share this brief: https://svo.bz/bWWw

If you want to support us, you can donate here: Donate