🔹 Incident 1: NightSpire Ransomware Attack on Tohpe Corporation

📅 Date/Time (EST): March 20, 2025, at 12:00 a.m.

📌 Summary:

• Japanese chemical manufacturer Tohpe Corporation hit by NightSpire ransomware.
• 159 GB of confidential corporate data (paints & high-performance materials) compromised.
• Attribution: NightSpire RaaS, active since early 2025.
• Status: No public mitigation efforts; disclosed via underground forums.

📄 Source: Cyberfirma Weekly Intelligence Report, March 21, 2025 – www.cyfirma.com/news/weekly-intelligence-report-21-mar-2025

🔹 Incident 2: RansomHub Ransomware Compromises HexoSys Group

📅 Date/Time (EST): March 20, 2025, at 12:00 a.m.

📌 Summary:

• Malaysian tech firm HexoSys Group breached via RansomHub ransomware.
• 336 GB exfiltrated (FPGA designs, source code, employee contracts, competitor research).
• Attackers: Selling data on darknet forums.
• Status: HexoSys has not publicly acknowledged the breach.

📄 Source: Cyberfirma Weekly Intelligence Report, March 21, 2025 – www.cyfirma.com/news/weekly-intelligence-report-21-mar-2025

🔹 Incident 3: SpyX Data Leak Exposes Surveillance Software Users

📅 Date/Time (EST): March 20, 2025, at 8:00 a.m.

📌 Summary:

• Spyzie, Spyic, Cocospy surveillance apps breached.
• 519K+ user emails & device data leaked (call logs, messages, photos).
• Exploited shared app architecture vulnerability; no vendor mitigation disclosed.
• Data added to Have I Been Pwned (HIBP) on Feb 27, 2025; public disclosure today.

📄 Source: CyberPress – www.cyberpress.org/spyx-data-leak

🔹 Incident 4: Microsoft 365 Phishing Campaign Exploits Tenant Misconfigurations

📅 Date/Time (EST): March 19, 2025, at 3:00 p.m.

📌 Summary:

• Phishing campaign abuses Microsoft 365 tenants to send fraudulent billing notifications.
• Attackers create admin accounts in compromised tenants to send credential-stealing emails.
• Targets: Enterprises using Microsoft services (no specific sector).
• Guardz researchers confirmed exploitation; no vendor mitigation details disclosed.

📄 Source: Security Magazine – www.securitymagazine.com/articles/101483-phishing-campaign-leverages-microsoft-365-infrastructure-for-attacks

🔹 Incident 5: Fortinet Vulnerability Exploited in SuperBlack Ransomware Campaign

📅 Date/Time (EST): March 19, 2025, at 10:00 a.m.

📌 Summary:

• CISA confirms active exploitation of Fortinet’s CVE-2025-24472 (CVSS 8.1).
• Mora_00 group (linked to LockBit) deployed SuperBlack ransomware.
• Affected products: FortiOS 7.0.0–7.0.16, FortiProxy 7.2.0–7.2.12.
• Mitigation: Update to versions 7.0.17, 7.2.13, or 7.0.20 ASAP.

📄 Source: Infosecurity Magazine – www.infosecurity-magazine.com/news/fortinet-vulnerability-ransomware

🌍 Geopolitical Context

• Hospitality sector remains high-risk due to Storm-1865’s ongoing ClickFix phishing campaigns (since March 13, 2025).
• Ransomware groups targeting APAC critical manufacturing & tech sectors.