Cybersecurity in January saw high-stakes incidents across industries, from ransomware attacks on major corporations to hackers exploiting global platforms and cryptocurrency networks.
Organizations faced new threats and evolving tactics, highlighting that constant vigilance remains essential for defending digital assets.
Before diving into this month’s updates, we’re sharing a new practical guide based on our experience as a CREST-accredited provider. Choosing the Right Penetration Testing Model helps organizations understand when Elite, Essential, or Continuous testing is the right fit – and how to align assurance with real business risk.
Get it now and reduce uncertainty with the right level of assurance.
Cybercrime Breaking News
- A major federal contractor confirms a significant cyber incident involving stolen data.
- European hospitality firms targeted in sophisticated malware campaigns.
- Internal documents and limited user data allegedly stolen from top tech and dating platforms.
Cybersecurity Justice & Regulation
- International authorities dismantle a major cybercrime-as-a-service platform linked to multi-million-dollar fraud.
- One of the world’s largest residential proxy networks disrupted, affecting millions of hijacked devices.
- Europol and Spanish authorities arrest dozens and seize assets in a global criminal network crackdown.
Explore January’s top cybercrime incidents, justice actions, and lessons for safeguarding your organization.
Cybercrime Breaking News
Sedgwick confirmed a cyber incident at its federal contractor subsidiary after the TridentLocker ransomware gang claimed to have stolen 3.4GB of data. The company says the affected system was isolated and core operations were not impacted, and services to agencies like DHS and CISA continue uninterrupted.
Threat actors are targeting European hospitality firms with phishing lures impersonating booking platforms, using fake “Blue Screen of Death” errors and click-fix social engineering to deploy the DCRat malware via trusted Windows tools like MSBuild.
Bumble and Match Group are investigating cybersecurity incidents after the ShinyHunters group claimed to steal internal documents and limited user data, though both companies say critical information like login credentials and private messages were not accessed.
Nike is investigating a potential cyber incident after the ransomware group WorldLeaks claimed to have leaked 1.4 terabytes of the company’s internal data.
Cybersecurity Justice
Microsoft, working with international law enforcement, dismantled the RedVDS cybercrime-as-a-service platform used to fuel phishing and payment diversion scams, linking it to more than $40 million in fraud losses in the U.S. alone.
Google and partners disrupted IPIDEA, one of the world’s largest residential proxy networks, taking down its domains and software that hijacked millions of consumer devices to obscure cybercrime, espionage, and botnet operations.
The U.S. Department of Justice seized three popular Bulgarian piracy domains (zamunda.net, arenabg.com, and zelka.org) used to illegally distribute millions of copyrighted works, with the operation coordinated alongside Bulgarian authorities and Europol.
Europol and Spanish authorities arrested 34 members of the transnational Black Axe criminal network in Spain, disrupting their cyber‑enabled fraud, drug trafficking, human trafficking, and other crimes while freezing assets and seizing cash.
The notorious Russia‑based RAMP cybercrime forum appears to have been seized by the FBI after its sites were replaced with a U.S. law enforcement takedown notice, though officials have yet to publicly confirm the operation.
Ukrainian and German police raided the homes of suspected Black Basta hackers, seized crypto and digital evidence, and placed the group’s alleged Russian ringleader on an international wanted list over global ransomware attacks.
A Jordanian national pleaded guilty to acting as an initial access broker after selling unauthorized network access to at least 50 companies via a cybercrime forum, facing up to 10 years in prison following his extradition to the U.S.
FinTech Updates
Hackers stole over $26 million in cryptocurrency from the Truebit platform.
Cybersecurity News Across The Globe
- Greek police arrested suspected scammers who used a fake cell tower hidden in a car trunk to force nearby phones onto 2G networks and blast phishing SMS messages across the Athens area.
- Romanian authorities are investigating two nationals over a suspected hitman-for-hire website that used cryptocurrency to conceal identities and transactions, seizing devices, cash, and crypto during raids.
- Kyowon Group, one of South Korea’s largest conglomerates, shut down parts of its internal network after a suspected ransomware attack, warning that some data may have been leaked while the investigation continues.
Want to find out more about:
- The Path to CREST Certification and Its Impact on AMATAS’ Penetration Testing
- 2025 in Review: Cybersecurity Lessons That Will Shape What Comes Next
- The phishing attack that doesn’t look like phishing
AMATAS will continue to monitor this space and deliver salient information regularly.
Stay tuned for our next report and if you are interested in any of our privacy and cybersecurity services, please do reach out through our website www.amatas.com or by e-mailing office@amatas.com.
As always – be vigilant, stay alert, and think twice.
