Daily Briefing for 05.27.25

At a glance.

• New Russian cyberespionage actor targets NATO countries.
• Ransomware disrupts MathWorks applications.
• Nova Scotia Power confirms ransomware attack.

New Russian cyberespionage actor targets NATO countries.

Dutch intelligence agencies have attributed several hacks to a previously unknown Russian threat actor dubbed "Laundry Bear," the Record reports. The agencies note that the group's modus operandi overlaps with that of Fancy Bear (APT28), but they consider the two groups to be distinct. The Netherlands' Ministry of Defence says Laundry Bear was responsible for several hacks on Dutch organizations in September 2024, including a major data breach affecting the Dutch national police. The Ministry says the threat actor has "a specific interest in armed forces, governments, defense (sub) suppliers, social organizations, and IT and digital service providers. Laundry Bear has also conducted cyberespionage attacks against companies that produce high-end technologies, which Russia has difficulty accessing due to current Western sanctions."

Microsoft this morning published its own report on the threat actor, which the company tracks as "Void Blizzard." Microsoft says the group is likely conducting cyberespionage to further Russian strategic objectives, conducting "opportunistic yet targeted high-volume cyberoperations against targets of intelligence value to the Russian government." The researchers add, "Their operations predominately leverage unsophisticated techniques for initial access such as password spray and using stolen authentication credentials. Microsoft assesses that Void Blizzard procures cookies and other credentials through criminal ecosystems. These credentials are then used to gain access to Exchange and sometimes SharePoint Online for information collection."

Ransomware disrupts MathWorks applications.

Mathematical computing software provider MathWorks has disclosed that a ransomware attack is disrupting some of its online applications and internal IT systems, BleepingComputer reports. The company, which develops the MATLAB numeric computing platform, said the attack affected its cloud center, file exchange, license center, and the MathWorks store. The incident also disrupted multi-factor authentication and account SSO, though the company has since brought these back online. MathWorks said yesterday that MATLAB Grader and Cody have been restored for existing users.

Nova Scotia Power confirms ransomware attack.

Nova Scotia Power has confirmed that a cybersecurity incident the company sustained last month was a ransomware attack, the Register reports. The Canadian electric utility says it refused to pay a ransom, and the threat actor has since published stolen data belonging to around 280,000 customers. The leaked information may have included personal information, billing details, and, for customers on autopay, bank account numbers.

The company warns customers to be on the lookout for targeted phishing attacks, and is offering free subscriptions to the TransUnion credit monitoring service.