Global Cyber Pulse: 04 February 2025

February 4, 2025 | Cybersecurity
By Ashwani Mishra, Editor-Technology, 63SATS

Cyber threats continue to escalate globally, with major breaches impacting governments, businesses, and critical infrastructure. Russian hackers allegedly compromised UK Prime Minister Keir Starmer’s personal email before his tenure, exposing security lapses.

Casio UK’s online store fell victim to a cyberattack, stealing customer credit card details. A phishing campaign hijacked high-profile X accounts, exploiting them for scams. Meanwhile, the Coyote banking malware expanded, now targeting over 1,000 websites and 73 financial institutions. Ransomware threats surged in 2024, with 75 active groups crippling businesses. In the U.S., a cyberattack on Mississippi’s Yazoo Valley Electric Power Association exposed 20,000 residents’ data. These incidents highlight the persistent and evolving nature of cyber risks, urging stronger security measures worldwide.

Russian Hackers Allegedly Breached UK PM’s Email Before Office

Russian cyber operatives are suspected of hacking the personal email of UK Prime Minister Keir Starmer before he assumed office, according to revelations from the book Get In. The Times reports that in 2022, Starmer, then Labour leader, was warned his account might have been compromised in a Kremlin-backed cyber campaign.

The breach prompted him to change his email and enable two-factor authentication—previously neglected. The National Cyber Security Centre (NCSC) had long advised such security measures. The attack coincided with other British officials being targeted by Russian-linked threat actors like Iron Frontier and Star Blizzard.

Casio UK Online Store Hacked: Customer Credit Cards Stolen

Casio UK’s online store was infiltrated by hackers who embedded malicious scripts to steal credit card details between January 14 and 24, 2025. Cybersecurity firm JSCrambler detected the breach and alerted Casio on January 28, prompting swift removal of the malicious code within 24 hours.

The attackers exploited Magento platform vulnerabilities, also compromising 17 other websites. The affected companies remain unnamed as security experts work on remediation. Customers who shopped during the breach period are urged to monitor financial statements for fraudulent transactions. Casio has yet to disclose the full extent of the impact.

High-Profile X Accounts Hijacked in New Phishing Wave

Cybercriminals are hijacking influential X (formerly Twitter) accounts, exploiting them for scams and fraudulent activity. SentinelLabs uncovered the campaign, which has affected political figures, journalists, tech firms, and cryptocurrency organizations.

Attackers deploy phishing tactics such as fake login alerts and copyright violation notices to trick victims into revealing credentials. Some campaigns leverage Google AMP to bypass security filters. Once compromised, accounts are locked out from their owners and repurposed for promoting crypto scams and phishing schemes. Similar operations were observed in 2024, indicating a persistent threat to high-value social media accounts.

Coyote Malware Spreads: Now Targets 1,030 Sites & 73 Banks

Brazilian banking malware Coyote has expanded its reach, now targeting over 1,000 websites and 73 financial institutions. Fortinet researchers discovered that Coyote deploys keyloggers, captures screenshots, and overlays phishing pages to steal sensitive banking credentials.

The malware spreads through Windows Shortcut (LNK) files containing PowerShell commands. Initially documented by Kaspersky in 2024, the attack chain involves a Squirrel installer triggering a Node.js application, which then executes a Nim-based loader to activate the Coyote payload. With its expanding footprint, Coyote poses an escalating risk to financial security in South America.

 Ransomware Surge: 75 Active Groups Targeting Businesses

A surge in ransomware groups in 2024 led to heightened cyber threats despite law enforcement crackdowns on gangs like LockBit and cybercriminal services like LabHost. According to Rapid7, ransomware operations surged from 43 to 75 active groups last year.

Ponemon Institute research found that over half of affected organizations had to shut down operations, resulting in severe financial losses. The increasing profitability of extortion fuels continued ransomware evolution. Experts warn that without stronger defenses, organizations will remain lucrative targets for cybercriminals seeking to exploit security gaps.

Mississippi Utility Breach Exposes 20,000 Residents’ Data

Cybercriminals targeted Yazoo Valley Electric Power Association, compromising data of over 20,000 residents across six Mississippi counties. Initially reported as a software outage in August, the attack was later confirmed as a breach. Investigators determined that hackers accessed sensitive customer files, though specifics remain undisclosed.

The review, completed in October, took months to identify affected individuals, delaying notification until December. Victims are being offered one year of identity protection. The breach underscores rising cybersecurity risks for critical infrastructure, especially smaller utilities with limited resources to defend against sophisticated attacks.