Qantas discloses breach affecting up to 6 million customers.

Summary

By the CyberWire staff

At a glance.

Qantas discloses breach affecting up to 6 million customers.
France describes hacking campaign targeting Ivanti appliances.
US sanctions bulletproof hosting provider.

Qantas discloses breach affecting up to 6 million customers.

Australian airline Qantas has disclosed a data breach affecting up to 6 million customers, Reuters reports. The airline said a cybercriminal "targeted a call centre and gained access to a third party customer servicing platform," which contained customer names, email addresses, phone numbers, birth dates, and frequent flyer numbers. Qantas says it's "continuing to investigate the proportion of the data that has been stolen, though we expect it will be significant." The incident hasn't affected the airline's operations or safety.

The US FBI warned last week that the Scattered Spider cybercriminal group was targeting airlines, though Qantas hasn't attributed the attack to any particular threat actor. Scattered Spider typically gains initial access via social engineering attacks against organizations' help desks. The group is believed to be responsible for recent attacks on WestJet and Hawaiian Airlines.

Beyond the Stack: Why Cyber Readiness Starts with People

We focus so much on tools—but readiness comes from people. Real cyber defense starts when your team is trained, confident, and prepared to act on day one. In our upcoming episode on the CyberWire Daily podcast, airing June 30, 2025, we unpack how proactive, simulation-based training turns potential into performance, giving SOC and IR teams the edge they need to respond fast, smart, and in sync with today’s evolving threats. Visit our website to learn more.

France describes hacking campaign targeting Ivanti appliances.

France's cybersecurity agency, ANSSI, said yesterday that multiple government, utility, and private sector entities were hacked last year in a campaign targeting zero-days affecting Ivanti’s Cloud Service Appliance, the Record reports. ANSSI believes the campaign is connected to the China-based threat actor UNC5174, noting that the group may be an initial access broker. The agency says the threat actor "might correspond to a private entity, selling accesses and worthwhile data to several state-linked bodies while seeking its own interests leading lucrative-oriented operations."

The exploited vulnerabilities, which were disclosed last year, are tracked as CVE-2024-8190, CVE-2024-8963, and CVE-2024-9380.

What do you think of N2K CyberWire?

Your insights help us grow. Our annual audience survey is your chance to shape how N2K can better meet your needs. Complete the survey here.

US sanctions bulletproof hosting provider.

The US Treasury Department has sanctioned Aeza Group, a Russia-based bulletproof hosting provider that allegedly provides services for ransomware gangs, online drug markets, and Russian disinformation campaigns, BleepingComputer reports. Treasury says the hosting provider offered services for the Meduza, RedLine Lumma infostealer operators, as well as the BianLian ransomware and the BlackSprut drug marketplace.

Three of Aeza Group's operators, including its CEO, were arrested by Russian authorities in April on drug trafficking charges.

Notes.

Today's issue includes events affecting Australia, China, France, Russia, and the United States.

Selected Reading

Attacks, Threats, and Vulnerabilities

Ransomware gang attacks German charity that feeds starving children (The Record) Cybercriminals are extorting the German humanitarian aid group Welthungerhilfe (WHH) for 20 bitcoin. The charity said it will not pay.

Cyberattack in Missouri healthcare provider Esse Health exposes data of over 263,000 patients (BeyondMachines) Esse Health, a physician group serving the Greater St. Louis area, suffered a cyberattack discovered on April 21, 2025, that compromised personal and medical information of 263,601 individuals. The attack disrupted the organization's electronic medical record system and phone communications, forcing them to use manual processes and alternative communication channels.

Security Patches, Mitigations, and Software Updates

Security Advisories on Agorum Core Open (usd AG) Our colleagues discovered critical vulnerabilities in Agorum Core Open that could be exploited to compromise the entire system.

Trends

Thales 2025 Global Cloud Security Study Reveals Organizations Struggle to Secure Expanding, AI-Driven Cloud Environments (Thales) Thales, a global leader in technology and cybersecurity, today released the findings of its 2025 Cloud Security Study conducted by S&P Global Market Intelligence 451 Research, revealing that AI-specific security has rapidly emerged as a top enterprise priority, ranking second only to cloud security.

Products, Services, and Solutions

VulnCheck - Outpace Adversaries (VulnCheck) Vulnerability intelligence that predicts avenues of attack with speed and accuracy.

Litigation, Investigation, and Law Enforcement

Russian bulletproof hosting service Aeza Group sanctioned by US for ransomware work (The Record) Support for ransomware, darknet drug markets and other cybercrime activity landed the Russian company Aeza Group on the U.S. government's sanctions list, the Treasury Department said.

Industry Events

For a complete running list of events, please visit the Event Tracker.

Events

International Space Station Research and Development Conference (Seattle, Washington, USA, Jul 28 - 31, 2025) At ISSRDC, learn how to harness the International Space Station (ISS) and the unique conditions of space to help solve your most pressing research and development (R&D) challenges.

DEF CON 33 (Las Vegas, Nevada, USA, Aug 7 - 10, 2025) DEF CON is one of the oldest continuously running hacker conventions around, and also one of the largest.

39th Annual Small Satellite Conference (Salt Lake City, Utah, USA, Aug 11 - 13, 2025) During the 39th Annual Small Satellite Conference, we will delve into the innovations, demands, and cross-market collaborations shaping the future of satellite capabilities and driving new opportunities allowing us to collectively reach new horizons.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listeners all over the world, companies trust the CyberWire to get the message out. Learn more.

Daily Briefing for 07.02.25

At a glance.

Qantas discloses breach affecting up to 6 million customers.

France describes hacking campaign targeting Ivanti appliances.

US sanctions bulletproof hosting provider.

Notes.

Attacks, Threats, and Vulnerabilities

Security Patches, Mitigations, and Software Updates

Trends

Products, Services, and Solutions

Litigation, Investigation, and Law Enforcement

Events