Svoboda Cybersecurity Brief October 20, 2025

Russian Hackers Leak Sensitive UK Military Data

Russian cybercriminals (group Lynx) breached a UK Ministry of Defence contractor, Dodd Group, stealing hundreds of sensitive files on RAF and Royal Navy bases, including nuclear-capable sites like RAF Lakenheath. The stolen data, posted on the dark web, includes staff names, emails, and base details.
Source: DataBreaches.net

Europol Shuts Down SIM Farm Network Linked to 49M Fake Accounts

Operation SIMCARTEL dismantled a CaaS platform operating 1,200 SIM boxes with 40,000 active SIMs, used for phishing, fraud, and CSAM distribution. The network facilitated 49M fake accounts across 80+ countries. Seven suspects were arrested, and assets worth €700K+ seized.
Source: The Hacker News

Cyber Insurer Refuses Ransom Payment Due to Policy Exposure

Allardyce Bower Consulting’s $14K cyber insurance policy (with Coalition) was voided after ransomware group Securotrop discovered the policy on their servers. Insurer cited violation of “Duty to Cooperate” clause, which prohibits revealing coverage details to attackers.
Source: DataBreaches.net

TikTok ClickFix Attacks Spread Aura Stealer Malware

Cybercriminals are using TikTok videos (impersonating Windows, Adobe, Netflix) to push PowerShell commands that download Aura Stealer. The malware harvests credentials, cookies, and crypto wallets via Cloudflare-hosted payloads (updater.exe, source.exe).
Impact: Credential theft, account compromise.
Mitigation: Avoid executing commands from untrusted sources; reset compromised credentials.
Source: BleepingComputer

ScatteredLAPSUS$Hunters Dox 1,467 US Government Employees

The group leaked .csv files with FBI, DHS, FAA, and DOJ employee data (emails, addresses, phone numbers) before Telegram banned their channel. Files included 680 DHS entries (FEMA, CBP, ICE) and 174 FBI agents’ details.
Source: DataBreaches.net

Share this brief: https://svo.bz/SZS5