Finland Detains Vessel Linked to Cable Sabotage

Each week, ISMG compiles notable cybersecurity incidents from around the globe. This week included the detention of a Russian tanker by the Finnish transport agency, concerns over location data leaks following the Gravy Analytics breach, and a Mirai-based botnet leveraging zero-day vulnerabilities for widespread attacks.

Recent reports highlight a significant breach involving Gravy Analytics and its subsidiary Venntel, where hackers claimed to have stolen 17 terabytes of sensitive data, including detailed smartphone location information. This breach raises considerable concerns as the attackers, communicating through a cybercrime forum, have shared samples of the compromised data that includes precise location coordinates, timestamps, and associated personal information. With root server access purportedly gained during the attack, the methodologies employed could align with tactics for initial access and exploitation as outlined in the MITRE ATT&CK framework.

In an operations move highlighting cybersecurity and maritime safety intersections, Finland’s authorities detained a Russian tanker, the Eagle S, associated with the severing of submarine cables critical for telecommunications and power between Europe and Finland. Authorities discovered 32 critical deficiencies in the ship’s operations, including fire safety protocols and equipment reliability. These lapses raise questions surrounding adherence to maritime operational standards and cybersecurity practices to safeguard against physical and digital threats.

In the realm of Internet of Things (IoT) security, a newly identified Mirai-based botnet, reportedly named “gayfemboy,” has been exploiting both zero-day and existing vulnerabilities in industrial routers and consumer smart devices. Since its detection in early 2024, this botnet has rapidly evolved, compromising approximately 15,000 devices across multiple countries including the U.S. and China. The implications of such a botnet exploiting widespread vulnerabilities—leading to distributed denial-of-service (DDoS) attacks—illustrate an advancing threat landscape where adversaries effectively utilize persistence and lateral movement techniques.

Cybersecurity researchers have flagged a critical vulnerability (CVE-2025-22395) in the Dell Update Package Framework that allows local attackers to escalate privileges. This flaw can potentially facilitate arbitrary script execution, which might lead to denial-of-service attacks, impacting sensitive data integrity. Prompt action from Dell included a release of an updated framework to mitigate these risks, underscoring the ongoing need for vigilance against privilege escalation tactics as identified in the MITRE ATT&CK framework.

In legal proceedings, Cristine Petitfrere, a Florida resident, received a 30-month prison sentence for her role in laundering over $2.7 million obtained through online romance scams. This case highlights the significant economic impact and legal consequences tied to cyber fraud operations that exploit personal relationships for financial gain. The complexities of such schemes often involve layered techniques for obfuscation and resource misappropriation, which remain high on the radar of law enforcement and cybersecurity professionals.

Insights from the Latest Cybersecurity Landscape

With a continuous evolution of cyber threats, business owners are advised to remain informed about emerging vulnerabilities and the measures necessary to combat them. Proactive engagement in cybersecurity strategies and staying abreast of regulatory developments significantly enhances defense against both internal and external risks.

This report includes insights from Information Security Media Group’s Akshaya Asokan.