By Ashwani Mishra, Editor-Technology, 63SATS
Cyber threats intensified globally this week. Hunters International rebranded as “World Leaks,” shifting from ransomware to pure data extortion. Oracle admitted to a breach in its legacy cloud system, with stolen credentials possibly dating to 2025. In Washington, Highline Public Schools confirmed a ransomware attack leaking sensitive student and staff data.
Poland’s ruling party reported a cyberattack tied to alleged foreign election interference. Ukraine uncovered new malware, “Wrecksteel,” used in targeted espionage against state agencies. Meanwhile, the State Bar of Texas revealed a data breach after INC ransomware began leaking stolen files, exposing legal community vulnerabilities.
Hunters International Shifts to Pure Data Extortion Under ‘World Leaks’
Once known for ransomware, Hunters International has re-emerged as “World Leaks,” abandoning encryption for data theft and extortion. Despite announcing a shutdown in November 2024, the group launched this new campaign in January 2025. According to Group-IB, the group now uses a self-built exfiltration tool to automate data theft from victim networks.
This marks a shift from file encryption to pure extortion tactics. The tool appears to be an advanced version of the software used in earlier operations. The move reflects the growing trend among cybercriminals to bypass encryption in favor of quicker, less risky monetization strategies.
Oracle Quietly Confirms Legacy Cloud Breach and Credential Leak
Oracle has discreetly informed select clients of a security breach involving its legacy Cloud Classic (Gen 1) environment, exposing outdated credentials. Despite Oracle’s claim that compromised data is non-sensitive and from 2017, attackers reportedly posted newer data from late 2024 and early 2025.
Investigations by CrowdStrike and the FBI are underway. Cybersecurity firm CybelAngel disclosed that the breach likely involved a 2020 Java exploit, enabling attackers to deploy malware and web shells. While Oracle downplays the impact, the presence of recent data raises concerns about the integrity of legacy systems and the visibility of cloud-based vulnerabilities.
Ransomware Hits Washington Schools, Leaks Sensitive Staff and Student Data
Highline Public Schools in Washington State, serving over 17,000 students and 2,000 staff, confirmed a 2024 ransomware attack that exposed highly sensitive personal data. A forensic investigation revealed that the attacker accessed names, Social Security numbers, financial and medical records, and even passport and digital signature details. The breach, initially discovered in September 2024, involved unauthorized access to internal systems and critical files.
The district is now notifying affected individuals and offering credit monitoring. The incident underscores the growing cybersecurity threats facing educational institutions and the need for stronger data protection frameworks across K-12 environments.
Polish PM Blames Cyberattack on Foreign Election Interference
Poland’s Prime Minister Donald Tusk reported that his Civic Platform party’s digital infrastructure was hit by a politically motivated cyberattack, days before the national election. Tusk suggested foreign interference, citing state intelligence pointing eastward, likely towards Russia or Belarus. Poland’s Digital Affairs Minister confirmed a formal investigation is underway, calling the incident serious.
Local reports revealed the attack targeted internal party communications, raising concerns about manipulation of democratic processes. This development aligns with an uptick in election-related cyber intrusions across Europe, reinforcing concerns about cybersecurity as a pillar of electoral integrity and national security.
Ukraine Uncovers ‘Wrecksteel’ Malware in Targeted Cyber Espionage Campaign
Ukraine’s CERT-UA reported three cyberattacks in March using a newly discovered spyware dubbed “Wrecksteel.” The malware, deployed via phishing emails containing malicious file-sharing links, was used to infiltrate government and critical infrastructure systems. Attackers leveraged compromised accounts to send fake salary-related alerts, luring victims into clicking links that executed PowerShell scripts. These scripts enabled data extraction and device screenshots.
CERT-UA attributes the campaign to hacking group UAC-0219, active since late 2024. While not officially attributed, the campaign bears hallmarks of Russian-origin attacks, continuing a trend of targeted espionage on Ukrainian institutions amid ongoing regional conflict.
Texas State Bar Confirms Data Breach After Ransomware Group’s Claim
The State Bar of Texas has confirmed a data breach following claims by the INC ransomware gang, which has begun leaking stolen files. The breach occurred between January 28 and February 9, 2025, and was detected on February 12. In a letter to members, the Bar acknowledged unauthorized access to its systems.
As the second-largest bar association in the U.S., overseeing more than 100,000 lawyers, the breach threatens personal and professional data tied to licensing and compliance. Investigations are ongoing, and affected members are being notified. The incident highlights escalating cyber risks within legal and regulatory institutions.
