Five high-profile cyberattacks so far in 2025

Discover inspiration and insights from the global Black Hat MEA community, and take your career to the next level. 

This week we’re focused on…

The most damaging cyberattacks so far in 2025. Well, five of them. 

The last six months have been marked by a series of high-profile (and highly disruptive) attacks across various sectors. From critical infrastructure to personal data breaches, these incidents highlight the intensity of the threat landscape right now. 

Here are five major attacks reported this year. 

1. Bybit cryptocurrency exchange hack – USD $1.5 billion stolen

In February, the FBI attributed a massive cryptocurrency theft of approximately $1.5 billion from Bybit to North Korea's Lazarus Group, also known as TraderTraitor or APT38. 

During a routine transfer between cold and hot wallets, the attackers intercepted and redirected the funds into wallets under their control. 

The FBI responded by issuing an alert advising cryptocurrency services to monitor and block activity tied to TraderTraitor, releasing 51 Ethereum wallet addresses involved in money laundering operations.

2. Codebreakers attack on Bank Sepah – 42 million records exposed 

In March, the hacker collective Codebreakers claimed responsibility for breaching Bank Sepah, one of Iran's oldest and most strategically significant financial institutions. 

The group alleged it had accessed over 12 terabytes of confidential data belonging to more than 42 million individuals, including account numbers, passwords, mobile phone numbers, residential addresses, bank transaction histories, and information related to military personnel. 

The breach exposed the vulnerabilities of Iran's financial infrastructure and caused widespread criticism against the bank and its customers from the military and government sectors. 

3. NTT Communications breach – data of nearly 18,000 corporate clients exposed

Also in March, NTT Communications Corporation, a major Japanese telecommunications provider, confirmed that a cyberattack led to the unauthorised access and potential leakage of corporate customer information. 

The breach affected nearly 18,000 corporate entities through NTT’s 'Order Information Distribution System.' The stolen data may include company names, representative names, contract numbers, email addresses, and service usage information. 

NTT acted quickly to block initial access, but further investigation revealed that the attackers had pivoted to another internal device, prompting additional containment measures.

4. Lee Enterprises cyberattack – disruption of US newspaper operations

In February, Lee Enterprises (one of the largest newspaper groups in the US) suffered a ransomware attack that disrupted its operations. 

The incident impacted the distribution of products, billing, collections, and vendor payments. Distribution of print publications across the portfolio of products experienced delays, and online operations were partially limited.

In the second month of disruption, TechCrunch reported the firm had halted freelancer and contractor payments with (at that time) no clear communication with freelancers/contractors about when payments would resume. 

5. WEMIX Blockchain gaming platform breach – $6.1 million stolen

At the end of February, blockchain gaming platform WEMIX was breached in a cyberattack that resulted in the theft of 8.65 million WEMIX tokens – valued at approximately $6.1 million. 

The attackers reportedly gained access through stolen authentication keys tied to the platform’s NFT service, NILE, which had been exposed in a shared developer repository. 

After two months of planning, the threat actors executed 15 withdrawal attempts, 13 of which succeeded, and laundered the stolen funds via cryptocurrency exchanges.

A relentless half-year ahead 

If there’s one message we can pull from the high-impact attacks reported so far this year, it’s that the second half of the year won’t be any gentler. 

The volume and diversity of attacks will keep growing, and as a global cybersecurity community, we need to work together to increase vigilance and protection. 

On that note…see you at Black Hat MEA 2025?