Ingram Micro confirms ransomware attack. Spanish police shut down investment scam operation.

Summary

By the CyberWire staff

At a glance.

Ingram Micro confirms ransomware attack.
Spanish police shut down investment scam operation.
Brazil arrests suspect in $140 million bank hack.

Ingram Micro confirms ransomware attack.

California-based IT giant Ingram Micro has confirmed that it sustained a ransomware attack that disrupted its ability to process and ship orders. BleepingComputer reports that the attack occurred last Thursday and involved the SafePay ransomware. The publication cites sources as saying the company was breached through its GlobalProtect VPN platform.

The SafePay ransomware gang has claimed more than 220 victims since its emergence in November 2024. BleepingComputer notes that the group "has been previously observed breaching corporate networks through VPN gateways using compromised credentials and password spray attacks."

ThreatLocker, the Zero Trust solution that stops ransomware in its tracks

Ransomware is a growing threat to businesses — but ThreatLocker stops it before it can execute. Built for business environments, ThreatLocker is a Zero Trust cybersecurity solution that puts you in control. With default deny, application control, and ringfencing, only approved software runs. It’s easy to install, simple to manage, and powerful enough to meet enterprise demands. Protect your organization with a solution that blocks ransomware at the source — without adding complexity to your stack.

Spanish police shut down investment scam operation.

Spanish law enforcement agencies have shut down a criminal network that was launching investment scams from call centers in Barcelona. The police arrested 21 suspects as part of the operation. The crooks allegedly made more than €10 million (US$11.7 million) over several years.

The Spanish National Police said in a press release, "The criminal group used psychological manipulation techniques to lure their victims into a spiral of financial contributions, taking advantage of their emotional weaknesses. First, they established what the criminal group called an 'emotional bond,' through which they gained the victim's trust and gradually encouraged them to make larger financial transfers, in a process they called 'burning their accounts.'"

Are You Future Ready? Secure Your Machine Future With Confidence.

CyberArk is the leader behind the world’s most comprehensive machine identity security solution. With capabilities that span secrets, certificate management and workload identities, we enable customers to secure more machine identity use cases with the right level of privilege control. Find out exactly how we’re helping modern organizations secure their machine future.

Brazil arrests suspect in $140 million bank hack.

Brazilian police have arrested a suspect in a hack that led to the theft of $140 million from several banks last week, SecurityWeek reports. The hackers targeted financial technology software provider C&M, which connects financial institutions to Brazil’s central bank to enable the country's PIX payment infrastructure. The arrested suspect is a C&M employee who allegedly sold his credentials to the hackers, then took an additional payment to execute commands within C&M's systems.

Notes.

Today's issue includes events affecting Brazil, Spain, and the United States.

Attacks, Threats, and Vulnerabilities

Qantas Contacted by Potential Cybercriminal Following Data Breach (Infosecurity Magazine) Qantas said it is currently validating the contact, and has informed law enforcement

Cyber crooks jump on .es domain for credential phishing trip (The Register) ¡Cuidado! Time to double-check before entering your Microsoft creds

Marketplace

Hewlett Packard Enterprise closes acquisition of Juniper Networks to offer industry-leading comprehensive, cloud-native, AI-driven portfolio (HPE) Combination accelerates HPE’s strategic vision with a full, secure networking IP stack

Litigation, Investigation, and Law Enforcement

Apple Accuses Ex-Engineer Of Stealing Vision Pro Secrets, Silently Accepting Job At Snap Inc., And Covering His Tracks By Wiping Data From Work Laptop (Wccftech) Apple is legally pursuing former employee for stealing Apple Vision Pro secrets and handing them over to Snap

Industry Events

For a complete running list of events, please visit the Event Tracker.

Events

International Space Station Research and Development Conference (Seattle, Washington, USA, Jul 28 - 31, 2025) At ISSRDC, learn how to harness the International Space Station (ISS) and the unique conditions of space to help solve your most pressing research and development (R&D) challenges.

DEF CON 33 (Las Vegas, Nevada, USA, Aug 7 - 10, 2025) DEF CON is one of the oldest continuously running hacker conventions around, and also one of the largest.

39th Annual Small Satellite Conference (Salt Lake City, Utah, USA, Aug 11 - 13, 2025) During the 39th Annual Small Satellite Conference, we will delve into the innovations, demands, and cross-market collaborations shaping the future of satellite capabilities and driving new opportunities allowing us to collectively reach new horizons.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listeners all over the world, companies trust the CyberWire to get the message out. Learn more.

Daily Briefing for 07.07.25