By Ashwani Mishra, Editor-Technology, 63SATS
Maharashtra Cyber flagged vulnerabilities across key government departments, while Pakistan-linked hackers expanded attacks on Indian infrastructure using new RATs. Healthcare and pharma sectors faced a new threat in ResolverRAT, targeting global victims via tailored phishing.
Hertz confirmed a data breach through Cleo zero-day flaws, exposing customer data. U.S.-based Conduent disclosed client information theft in a January cyberattack, and dialysis giant DaVita suffered a ransomware hit, disrupting patient services. These incidents highlight the rising complexity, reach, and consequences of cyberattacks across public, private, and healthcare sectors worldwide.
Maharashtra Government Departments at Risk of Cyber Attacks
According to India Herald, an internal investigation by Maharashtra Cyber Cell has flagged several state government departments—including the Police, DGIPR, Electricity Department, and MPSC—as vulnerable to cyberattacks. The probe revealed inadequate cybersecurity measures, raising concern over potential breaches.
Following the findings, the Cyber Cell issued advisories urging immediate action to bolster digital defenses. DIG Yashasvi Yadav confirmed the threat, citing a lack of proactive security steps across departments. Officials have now been asked to enhance preparedness. With vital public services at risk, authorities are pushing for stronger cyber hygiene to prevent any exploitation by threat actors targeting government infrastructure.
Pakistan-Linked Hackers Widen Target List in India with New RATs
A Pakistani threat group believed to be associated with APT36 (Transparent Tribe) has been detected using new remote access tools—CurlBack RAT, Spark RAT, and Xeno RAT—to target Indian government sectors. According to SEQRITE, entities in oil and gas, railways, and external affairs were hit in campaigns observed in late 2024.
Notably, attackers shifted from HTML Application (HTA) files to Microsoft Installer (MSI) packages for delivery. This evolution reflects a broadening in both scope and technique. The group, particularly its SideCopy sub-cluster, mimics SideWinder’s tactics to evade detection and exploit defense gaps across critical infrastructure.
ResolverRAT Targets Global Healthcare and Pharma in Phishing Campaign
Cybersecurity firm Morphisec has uncovered a new malware strain—ResolverRAT—targeting healthcare and pharmaceutical sectors worldwide. The malware uses in-memory execution and evasion tactics to bypass traditional security systems. ResolverRAT stands out for its original architecture, despite leveraging components from older phishing infrastructures.
Phishing emails, themed around copyright violations or legal threats, were tailored in local languages, indicating a well-coordinated, global operation. The campaign’s use of cultural nuance enhances click-through success rates. This latest wave highlights the evolving nature of phishing-based cyberattacks and the urgent need for better awareness and detection tools in the healthcare domain.
Hertz Confirms Data Breach in Cleo Zero-Day Attack
Car rental giant Hertz has confirmed that customer data tied to its Hertz, Thrifty, and Dollar brands was compromised in a cyberattack exploiting Cleo platform zero-day vulnerabilities. The attack, identified in February 2025, took advantage of flaws first exploited in October and December 2024.
Hertz is currently analyzing the stolen data to determine affected individuals. The breach is part of a broader pattern of exploitation tied to Cleo’s file transfer software, which has impacted multiple high-profile organizations. The incident raises serious concerns around third-party risk and data security within the travel and logistics industries.
Conduent Cyberattack Exposes Sensitive Client Information
U.S.-based govtech and business services provider Conduent confirmed a significant data breach in a cyberattack that occurred in January 2025. In its latest SEC filing, the company admitted that threat actors accessed and exfiltrated files containing client information.
Conduent offers digital platforms across sectors like transportation, human resources, and healthcare, serving over 600 government agencies and half of the Fortune 100. While the breach’s full impact is still being assessed, the company is working closely with cybersecurity experts to mitigate risks. The incident underscores the vulnerabilities in companies managing vast digital infrastructure for public and private clients alike.
DaVita Ransomware Attack Disrupts Patient Services
Dialysis services provider DaVita suffered a ransomware attack on April 12, 2025, affecting portions of its network and disrupting operations at outpatient centers. The breach was disclosed in an April 14 SEC filing. With more than 2,650 U.S. clinics and over 500 international locations, DaVita serves approximately 200,000 kidney patients who rely on regular treatment.
The healthcare giant reported $12.82 billion in 2024 revenue and employs 76,000 people worldwide. The attack poses potential health risks due to treatment disruptions. Investigations are ongoing, and patient safety remains a top priority as DaVita works to restore normal operations.
