Ah, the ever-tempestuous Middle East, where conflicts extend beyond the physical battlefield into the digital realm. Hacktivist groups and state-sponsored hackers are joining the fray, turning critical infrastructure into virtual battlegrounds. Disturbing reports emerge of compromised systems, painting a grim picture of the region's cybersecurity landscape.

In a scene straight out of a cyber thriller, a notorious threat actor group, known to frequent our weekly insights, has been making waves. They've allegedly breached a major gas station company, flaunting their access by sharing screenshots of control panels for petrol and diesel storage, along with temperature controls. As if that weren't enough, they've also flexed their digital muscles by showcasing videos of havoc wreaked upon a prominent energy provider's power grid.

The damage doesn't stop there. Reports detail the group's interference with transformers and electrical cables, prompting the affected company to scramble for hefty generators while parts of their network undergo a digital makeover. And it's not just the power grid feeling the heat; screenshots of access to water waste treatment plants have also made their way online. One can't help but wonder why these critical systems aren't tucked away behind the digital equivalent of a fortress wall – you know, the old 'air-gapping' trick.

Meanwhile, across the pond, America's favorite pipeline is making headlines once again. Fresh off the heels of a devastating ransomware attack in 2021, this vital artery supplying half of the east coast's oil finds itself in the crosshairs once more. A new ransomware gang, with a penchant for digital mischief, has managed to snag 2.9 GB of sensitive files. While they haven't pulled the trigger on encryption or disrupted operations (yet), the stolen loot includes contracts, employee emails, and even staff photographs – talk about a digital treasure trove.

But here's the kicker: despite the FBI's best efforts, the gang's spam-delivery infrastructure remains stubbornly operational. These 'Qakbot' affiliates seem unfazed by law enforcement's attempts to shut them down, continuing their nefarious activities like cyber cockroaches that just won't quit. It's a stark reminder that even in the face of adversity, the digital underworld persists, lurking in the shadows, ready to strike at a moment's notice.

Breach Exposure Monitoring | Dark Web Monitoring + Surface Web Monitoring
Scan Any Domain for Free https://breachaware.com/scan

THIS MONTHS SPOTLIGHT, VULNERABILITY CHAT & PRIVACY HEADLINES

He hired out various criminal gangs to fire bomb and brick houses.
https://breachaware.com/research/he-hired-out-various-criminal-gangs-to-fire-bomb-and-brick-houses
A total of 32 breaches were found and analysed resulting in 21,344,925 leaked accounts containing a total of 24 different data types. The breaches found publicly and freely available included CDEK, Appen [2], Stealer Log 0369, PokerStars and Stealer - Meta 0359.

Former Navy IT manager stole PII from over nine thousand service men and women.
https://breachaware.com/research/former-navy-it-manager-stole-pii-from-over-nine-thousand-service-men-and-women
A total of 26 breaches were found and analysed resulting in 67,367,045 leaked accounts containing a total of 20 different data types. The breaches found publicly and freely available included Apollo [2], Hurb [2], TaiLieu, TigerAir Taiwan and Lamoda.

The STEM camp company still remains quiet on the breached data.
https://breachaware.com/research/the-stem-camp-company-still-remains-quiet-on-the-breached-data
A total of 23 breaches were found and analysed resulting in 1,710,241 leaked accounts containing a total of 23 different data types. The breaches found publicly and freely available included Zarina, Ministero della Giustizia, Reg Me, Stealer - RedLine 0336 and University of La Guajira.

Threat actor says the compromised charity has been stealing and laundering money for years.
https://breachaware.com/research/threat-actor-says-the-compromised-charity-has-been-stealing-and-laundering-money-for-years
A total of 41 breaches were found and analysed resulting in 38,464,662 leaked accounts containing a total of 24 different data types. The breaches found publicly and freely available included Evite, Viva Air (3), Craft Rise, La Poste Mobile and Stealer - Mixed Logs 0349.

Leaked voice recordings reveal customers and staff exchanging security questions.
https://breachaware.com/research/leaked-voice-recordings-reveal-customers-and-staff-exchanging-security-questions
A total of 17 breaches were found and analysed resulting in 2,028,772 leaked accounts containing a total of 20 different data types. The breaches found publicly and freely available included Sphero, Cyber Photo, Comp and Save, Cover King and ICT Billet.