Telecom providers hit by cyberattacks in UK and Australia

This week saw major telecoms providers hit by cyber incidents across the globe. In the UK, Colt confirmed a ransomware attack by the Warlock gang that forced it to take some support systems offline as a precaution. The company stressed that customer infrastructure remained unaffected but admitted that monitoring and support services were being run in a more manual way than usual. Colt is working with third-party experts to restore systems and has notified relevant authorities.

Meanwhile, in Australia, TPG-owned iiNet revealed a third-party breach that exposed data on 280,000 customers, including 10,000 phone numbers and addresses and 1,700 modem passwords. The attackers reportedly gained access using stolen employee credentials. iiNet has engaged cyber security experts, notified authorities, and is directly contacting affected customers.

These incidents highlight the persistent risks facing critical infrastructure, with experts warning that service providers remain prime targets due to the sensitive data and essential services they hold.

Pro-Russian hackers target polish hydropower plant in ongoing OT attacks

Pro-Russian hackers struck a small hydropower plant in Poland’s Pomeranian Voivodeship for the second time in recent months. Attackers published video footage showing manipulation of the plant’s control interface, adjusting operational parameters to extreme levels that forced the generator and rotor offline. Analysts confirmed the August incident as active interference in a functioning energy facility.

This latest attack adds to a string of intrusions against Polish and other European water and energy infrastructure, including wastewater plants, water treatment facilities, and public utilities across the region over the past year. Polish officials recently revealed they had thwarted a separate cyberattack aimed at disrupting the water supply to a major city.

Authorities warn that critical infrastructure remains a prime target as Russia intensifies hybrid operations against Poland. CERT Polska has urged operators of industrial systems to tighten security amid what it describes as an ongoing and serious threat.

German court ruling revives legal fight over ad blockers

Germany’s Federal Supreme Court (BGH) has reignited a high-profile legal dispute over whether browser-based ad blockers infringe copyright, raising concerns about a possible ban. The case centres on Axel Springer’s lawsuit against Eyeo, the developer of Adblock Plus. Springer argues that website code such as HTML and CSS should be treated as a protected computer program, and that ad blockers unlawfully modify its in-memory execution during page rendering.

A lower court in Hamburg had dismissed these claims, but the BGH overturned part of that ruling, sending the case back for re-examination. The court stated that bytecode and its generated code could potentially qualify as protected software, meaning ad blockers might infringe exclusive rights.

Mozilla has warned that such a precedent could extend beyond ad blocking, affecting accessibility, privacy, and other browser extensions. The renewed proceedings could take years, but developers fear a chilling effect on innovation and user freedom.

South Africa hit by over 2,000 cyberattacks per week, reports show

Check Point Research’s 2025 Global Threat Intelligence Report has revealed that South African organisations face an average of 2,113 cyberattacks per week, marking a 14% year-on-year increase. This places the country among Africa’s top four most-targeted nations, though Nigeria remains hardest hit, averaging 6,101 weekly attacks per organisation. Kenya and Angola also face high volumes of attacks but saw year-on-year declines.

Telecommunications, government, and financial services were the most targeted sectors across Africa, closely followed by energy and utilities. In South Africa, cybercriminal activity costs the economy an estimated R2.2 billion annually, with ransomware and phishing scams identified as leading threats. IBM’s 2025 Cost of a Data Breach report placed the average cost of a breach in South Africa at R44.2 million, with the financial sector experiencing the highest impact. Experts warn that prevention-first strategies, bolstered by AI and stronger supply chain defences, are urgently needed.

Russian hackers exploit old cisco flaw for global espionage campaign

Cisco Talos has warned that Russian state-sponsored hackers known as Static Tundra are exploiting a seven-year-old vulnerability in Cisco IOS and IOS XE software to gain persistent access to global networks. The flaw, tracked as CVE-2018-0171 with a CVSS score of 9.8, affects the Smart Install feature and allows attackers to execute arbitrary code or trigger denial-of-service conditions.

The group, linked to Russia’s FSB Center 16 and considered a sub-cluster of Berserk Bear, has been targeting telecoms, higher education, and manufacturing sectors across multiple continents. Recent campaigns have focused on Ukraine and its allies.

The FBI reported that attackers are harvesting and modifying configuration files from thousands of U.S. networking devices, using tools like the SYNful Knock implant to maintain stealthy, long-term access. Cisco urges organisations to patch affected systems or disable Smart Install immediately, warning that exploitation of the flaw remains ongoing worldwide.

If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively Get in touch to find out how you can protect your organisation. 

The Threat Intel Roundup was prepared by Integrity360 summarising threat news as we observe it, current at the date of publishing. It should not be considered to be legal, consulting or any other professional advice. Any recommendations should be considered in the context of your own organisation. Integrity360 does not take any political stance in the information that we share. Moreover, the opinions expressed may not necessarily be the views of Integrity360.