The Weekly Round-Up: Feb. 28th, 2025

The Weekly Round-Up: Feb. 28th, 2025

Cybersecurity remains a battleground as high-impact breaches, ransomware attacks, and cyber-espionage campaigns continue to threaten businesses, governments, and individuals worldwide. This week, we examine DISA’s massive data breach affecting 3.3 million individuals, Northstar Telecom’s cybersecurity boost for Bahrain, a ransomware leak exposing Black Basta’s tactics, and a new espionage case involving Chinese hackers in Belgium. Additionally, the Philippines Army confirms a breach and Lynx ransomware reminds us why it is such a serious threat.

Let’s dive into this week’s biggest cybersecurity events, their implications, and what organizations can do to protect themselves.


1. U.S. Drug Testing Firm DISA Breach Impacts 3.3 Million Individuals

Summary:

DISA, a major U.S. background screening and drug and alcohol testing firm, disclosed a massive data breach affecting 3.3 million people. Across a number of different industries, DISA has over 55,000 customers, with a staggering 30% of Fortune 500 companies employing their services. While the exact cause of the breach remains unclear, initial investigations point to unauthorized access to DISA’s systems. The breach was discover in January, however it is believe that it occurred between February 9, 2024, and April 22, 2024. There has been no evidence, until now, of the use of this information or its sale.

Exposed Data:

  • Full name
  • Social Security number
  • Driver's license number
  • Government ID number
  • Financial account information
  • & more...

Key Implications:

  • The exposure of sensitive health data can lead to identity theft, discrimination, and potential blackmail, especially for employees subject to mandatory drug testing.
  • Given the scale of the breach, DISA may face significant legal and regulatory consequences under HIPAA, GDPR, and other compliance frameworks.
  • Organizations depend on third-party testing firms for regulatory compliance. A breach of this magnitude undermines confidence in outsourced compliance services and may lead businesses to re-evaluate their partnerships.

Key Implications for the Healthcare Industry:

Healthcare companies, especially those dealing with clinical trials or drug testing, need to reevaluate their data protection strategies. Healthcare organizations must comply with privacy laws like HIPAA (in the U.S.) and the GDPR (in Europe), which impose stringent requirements for safeguarding patient and research data. However, despite these regulations, breaches continue to occur, highlighting the necessity for advanced threat detection technologies such as AI-powered monitoring systems and end-to-end encryption of sensitive data in transit and at rest.

Actionable Steps for Organizations & Individuals:

  1. Organizations handling sensitive data must prioritize encryption, multi-factor authentication, and real-time security monitoring.
  2. Affected individuals should monitor their credit reports, freeze credit if necessary, and consider identity theft protection services.
  3. Affected individuals may pursue legal action, potentially leading to class-action lawsuits and financial repercussions for DISA.

Read more at Bleeping Computer


2. Lynx Ransomware Strikes, Stealing Sensitive Data

Summary:

A new ransomware strain, Lynx, is making waves by not only encrypting victims' files but also exfiltrating sensitive data. The malware is being distributed through phishing emails and exploits in remote desktop protocols (RDPs). Unlike traditional ransomware, Lynx ensures double extortion—threatening to leak stolen data if victims refuse to pay.

>Key Implications for Data Protection:/p

  • Attackers increasingly exfiltrate data before deploying encryption, pressuring organizations to pay.
  • Many Lynx infections start with social engineering tactics targeting employees.
  • Organizations need to go beyond traditional backup strategies to prepare for ransomware attacks.

The Innate Danger of Double Extortion:

The Lynx ransomware attack is a classic example of a data exfiltration tactic used by cybercriminals to compromise both the availability and confidentiality of sensitive data. The attackers didn’t just lock files, they also stole sensitive data, putting organizations at further risk. These types of attacks can have long-term consequences, including reputational damage and regulatory fines, especially if the breach involves sensitive data under regulation (e.g., health data, financial records). The risk of double extortion in ransomware attacks is growing, where attackers demand ransom not only for decryption keys but also for the stolen data not to be published or sold on the dark web.

Impact on Cyber Insurance:

  • Ransomware attacks like Lynx are causing cyber insurance premiums to skyrocket. Insurers are now requiring better cybersecurity postures from organizations to qualify for coverage.
  • Even if companies pay ransoms, stolen data often ends up for sale on dark web marketplaces, exposing businesses to further risk.

Actionable Steps:

  1. Data loss prevention (DLP) and continuous monitoring should be implemented to track any unauthorized access to sensitive data, detecting potential breaches in real-time before they escalate.
  2. Conduct frequent phishing awareness training and implement email security filters to prevent malicious attachments.
  3. Regularly update software and enforce strict access controls to minimize vulnerabilities.

Read more at Cybersecurity News


3. Northstar Telecom Partners with SonicWall to Strengthen Bahrain’s Cybersecurity

Summary:

Northstar Telecom has teamed up with SonicWall to provide Bahrain with cutting-edge cybersecurity solutions. The partnership aims to enhance the country’s digital defenses by deploying next-gen firewalls, this fully-managed solution delivers advanced threat protection with the implenmentation of 24/7 security monitoring and expert oversight.

Broader Implications for Regional Cybersecurity:

Cybersecurity investments in the Middle East, especially by nations like Bahrain, reflect a growing recognition of the geopolitical importance of secure digital infrastructure. As nations in the region embrace digitization, including in sectors like finance and energy, cybersecurity becomes a central concern. This partnership is an example of public-private collaboration to tackle increasing cyber threats and data breaches. Such partnerships can be a force multiplier in enhancing national cybersecurity resilience and can foster an ecosystem where emerging technologies are developed and deployed to mitigate advanced threats. Countries in the region should consider strategic alliances with cybersecurity firms to build national defenses against increasing cyberattacks.

Actionable Steps for Organizations in the Middle East:

  1. The adoption of AI-based threat intelligence is becoming a standard for national cybersecurity strategies.
  2. Other nations should explore similar partnerships to enhance their cybersecurity postures.
  3. Organizations in Bahrain should assess their security frameworks and consider adopting advanced threat detection systems.

Read more at Tech Africa News


4. Leaked Ransomware Chat Logs Reveal Black Basta’s Attack Strategies

Summary:

Leaked chat logs from the Black Basta ransomware gang provide rare insight into how cybercriminals select, target, and negotiate with victims. The logs, reportedly obtained from underground hacker forums, reveal the group’s preference for exploiting known vulnerabilities in corporate networks and using customized ransom demands based on a company’s perceived ability to pay. The logs reference 62 unique CVEs, 53 of which are known to have been exploited in the wild.

A Peak Behind the Curtain:

The Black Basta ransomware group’s operations are now more transparent, the logs show that Black Basta carefully analyzes financial records, cybersecurity defenses, and industry trends to set ransom amounts, as well as uses reconnaissance, extortion techniques, and double-encryption methods to increase pressure on victims. This provides an important intelligence opportunity for security professionals to understand the specific CVE (Common Vulnerabilities and Exposures) the group is targeting. By revealing the tactics, techniques, and procedures (TTPs) used by the attackers, the logs give valuable insight into the cybercrime ecosystem and help organizations better defend against such threats.

Key Implications for Vulnerability Management:

Organizations must proactively patch known vulnerabilities, particularly those mentioned in the leaked chat logs. Regular vulnerability scanning and patch management should be part of every organization's cyber hygiene routine. Security teams should also implement red teaming to simulate ransomware attacks and test the organization’s ability to respond to advanced persistent threats (APTs). If authorities can trace the chat participants, this leak could lead to major arrests and disrupt Black Basta’s operations.

Actionable Steps for Organizations:

  • As attackers refine their methods, organizations must adopt a zero-trust architecture and continuous monitoring to prevent intrusions.
  • Employees should be trained on ransomware negotiation tactics to reduce panic and make informed decisions.

Read more at Cybersecurity Dive


5. Belgium Investigates Chinese Hackers for Intelligence Agency Breach

Summary:

Belgium is investigating a major cyber-espionage incident in which Chinese state-sponsored hackers reportedly infiltrated the country’s intelligence service. Initial findings suggest the attackers exfiltrated around 10% of all emails to and from agency staff via access to the external email server, used by public prosecutors, government ministries, law enforcement, and numerous public administrative bodies, between 2021 and May 2023. The server was likely breached using a Barracuda's Email Security Gateway (ESG) appliance zero-day vulnerability.

Global Implications:
  • Governments worldwide are increasingly becoming prime targets for state-backed hacking groups.
  • The attack highlights the need for European nations to strengthen intelligence-sharing and cybersecurity cooperation.
  • This incident follows a pattern of Chinese cyber-espionage targeting Western governments, defense contractors, and critical infrastructure.
  • If proven, this breach could strain Belgium-China relations and trigger sanctions or retaliatory cyber operations.
  • Enhanced threat intelligence collaboration between European nations is essential to mitigate similar attacks.
  • Governments should prioritize cybersecurity investments for intelligence agencies and defense sectors.

Why it Matters:

The breach of Belgium’s intelligence service is alarming for several reasons, not least of which is the potential geopolitical fallout and the sophistication of the state-sponsored hackers behind the attack. With the involvement of China-backed threat actors, the breach may have targeted sensitive governmental and diplomatic information. The incident reflects the vulnerability of critical government infrastructure and signals a growing trend of cyber espionage carried out by nation-state actors.

Read more at Bleeping Computer


6. Philippines Army Confirms Data Breach

Summary:

The Philippines Army has confirmed that it suffered a cyberattack, courtesy of Exodus Security, one of the most active hacker groups in the region, who breached internal systems and potentially accessed sensitive military records. While officials claim no classified intelligence was leaked, security experts warn that troop movements, operational details, and personnel records may have been compromised. The exact volume of stolen data have not been verified.

Key Implications:

  • If details about military officers and soldiers were leaked, it could pose direct security risks for individuals.
  • Even non-classified data can be leveraged for phishing, impersonation attacks, and espionage.
  • Given the geopolitical tensions in Southeast Asia, foreign intelligence agencies could be behind this attack. Nation-state attackers frequently target military databases to gather intelligence or disrupt operations. If local threat actors are able to accomplish this level of infiltration, foreign state-sponsored threat actors could be even more damaging.

Broader Implications for National Security:

This breach serves as a warning for other nations to prioritize the protection of their government agencies and critical infrastructure. The increased geopolitical targeting of government entities shows the need for robust countermeasures, such as advanced intrusion detection systems (IDS) and threat intelligence sharing among allied nations. National cybersecurity strategies should include mechanisms for rapid response and coordination across agencies and industries.

Mitigation Strategies:

  • Military institutions should segment their networks, restrict access, and enforce multi-layer authentication.
  • Regular red teaming exercises should be conducted to simulate cyberattacks and test defenses against intrusion attempts.

Read more at The Record


7. SecurityScorecard & KPMG Canada Form Strategic Cybersecurity Alliance

Summary:

SecurityScorecard and KPMG Canada have announced a strategic partnership aimed at enhancing cybersecurity for critical sectors, including healthcare, financial services, and government infrastructure. The partnership brings SecurityScorecard MAX to the Canadian market, marking a step forward in helping to secure critical infrastructure which will focus on real-time security risk monitoring, compliance automation, and cyber resilience strategies.

Key Implications:

  • Many businesses struggle to assess the cybersecurity posture of their vendors. This alliance could help streamline security audits for enterprises.
  • With rising cyber threats, this partnership represents a proactive move to improve national cybersecurity resilience.

Mitigation Strategies:

  1. Organizations should evaluate their third-party risk exposure and implement continuous vendor monitoring.
  2. Cybersecurity teams should consider automating compliance reporting to reduce manual workload and improve efficiency.
  3. Ensuring that personnel are properly trained in cyber defense tactics and incident response can make a critical difference in responding to future attacks and mitigating risks before they escalate.
  4. As cyber threats become increasingly global in nature, defense agencies should enhance their cooperation with international cybersecurity organizations to share intelligence on new tactics and evolving threats.

Read more at Business Wire


8. GS Retail Data Breach Exposes Personal Information of 1.58 Million Customers

Summary:

GS Retail, a major retail company in South Korea, recently disclosed that 1.58 million customers had their personal information leaked from its home shopping platform, GS Shop. This data breach follows a previous hacking incident on the GS25 convenience store website, which compromised around 90,000 customers' details. The breach was discovered during the investigation of the previous breach at GS25 which led to the discovery of this newest data breach which had been leaking sensitive information from June 2021 to February 2025. In response, GS Retail took swift action by blocking compromised internet protocols, notifying customers, and advising them to change passwords.

Compromised Data:

  • Names
  • Contact Info
  • Birthdates
  • Marital Status
  • Customer IDs

Financial data such as payment methods and membership points was not exposed.

Key Implications:

  • The leak of sensitive personal information, such as names, contact details, and identifiers, increases the risk of identity theft and fraudulent activity. Although financial data was not leaked, the exposure of other personal details can still enable cybercriminals to exploit this information for targeted phishing attacks, social engineering, or account takeovers.
  • Data breaches of this scale often lead to a significant erosion of consumer trust. As GS Retail has promised to resolve the issue, the company’s ability to recover its reputation will depend on the effectiveness and transparency of its efforts. Customers might be hesitant to continue using the platform unless their personal data is adequately protected going forward.

Points of Consideration:
  • The rise of fully remote work has made it easier for adversarial nations to plant operatives within global tech companies.
  • If these infiltrators gain access to software development pipelines, they could introduce backdoors and security flaws into critical software products.

Broader Implications for Retail Industry:

The GS Retail breach is a significant incident as it highlights a critical vulnerability within major retail companies' customer data security practices. As more retail businesses digitize their operations and customer data grows, they must prioritize secure systems and protocols. Even though the breach did not involve financial data, the exposure of sensitive personal information—including customer contact information, personal identification details, and marital status—still poses a major risk to affected individuals. Cybercriminals can use this personal data for targeted attacks such as phishing or social engineering, potentially leading to identity theft. The breach serves as a stark reminder that even non-financial data can be incredibly valuable to cybercriminals and that retail businesses need to bolster their cybersecurity defenses. Additionally, GS Retail’s decision to extend the inspection of login records for up to a year shows proactive efforts to detect and mitigate breaches. However, the time lag in discovering the breach demonstrates the importance of real-time monitoring and immediate response protocols. Retail businesses should also incorporate regular penetration testing, security audits, and staff training to spot vulnerabilities before they are exploited by attackers.

Read more at Korea Times


Threat actors continue to target government agencies, healthcare providers, and private businesses on a global scale. From nation-state espionage to large-scale data breaches, organizations must take proactive measures to enhance their cybersecurity postures.



How EIP Networks Can Help Mitigate Risks

At EIP Networks, we specialize in proactive cybersecurity solutions to help businesses mitigate threats before they escalate. From threat intelligence monitoring and vulnerability management to ransomware prevention and compliance consulting, our team is equipped to safeguard your digital assets.

What We Offer:

  • AI-Powered Threat Detection & Real-Time Monitoring - Keeps your network secure 24/7 with minimal manual intervention
  • Vulnerability Assessments - to prevent exploits like those used by Black Basta
  • Incident Response Planning - Ensures quick, coordinated action in case of a breach, reducing downtime, prioritizing business continuity and maintaining customer trust.
  • Zero-Trust Security Frameworks - Strengthening overall network security by assuming no trust, even internally

Don’t wait for a breach to take action. Need expert guidance on fortifying your business against cyber threats? EIP Networks specializes in advanced threat detection, zero-trust architecture, and cyber resilience strategies. Contact us today for a comprehensive security assessment! #WeDoThat

Subscribe to our Newsletter

We hate spam as much as you do. Subscribe to our Newsletter and receive knowledgeable, insightful information no more than once per month.

Quick Links

Policies & Disclosures

Follow Us