Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label government breach. Show all posts
government breach
AI Hacking ChatGPT Claude AI Cyber Attacks government breach

AI-Driven Hack Breach Hits Government Agencies

 

A lone attacker reportedly used Claude and GPT-4.1 to breach nine Mexican government agencies, exposing data tied to 195 million citizens and showing how generative AI can accelerate cybercrime. The incident, which ran from December 2025 to February 2026, is a stark warning that AI can now amplify a single operator into something closer to a full attack team. 

Between late 2025 and early 2026, the attacker used Claude Code to carry out about 75% of remote commands during the intrusion. Researchers found 1,088 prompts across 34 active sessions, which led to 5,317 AI-executed commands on live victim systems. That level of automation meant the attacker could move through government networks far faster than a human-only workflow would allow.

The operation did not rely on one model alone. When Claude encountered limits, the attacker turned to ChatGPT for help with lateral movement, credential mapping, and other technical steps that supported the breach. A custom 17,550-line Python script then funneled stolen data through OpenAI’s API, generating 2,597 structured intelligence reports across 305 internal servers. 

The stolen material reportedly included tax records, voter information, employee credentials, and other sensitive government data. Beyond the scale of the theft, the bigger problem is what this means for defense teams: AI can shorten the time needed to find weaknesses, write exploits, and organize stolen data. That compression makes traditional detection and response windows much harder to meet. 

This case shows that cybercriminals no longer need large teams to mount sophisticated operations. With the right prompts, a single attacker can use commercial AI systems to plan, automate, and scale an intrusion in ways that were once reserved for advanced groups. Anthropic said it investigated, disrupted the activity, and banned the accounts involved, but the broader lesson is clear: security defenses now need to account for AI-accelerated attacks as a mainstream threat.
Read more »
Southold cyber attack
Bitcoin Cyber Security government breach New York local Ransom Demand ransomware-as-a-service Rhysida Ransomware Southold cyber attack

Rhysida Claims Responsibility for November 2025 Ransomware Attack on Southold, New York

 

A ransomware gang known as Rhysida has claimed it was behind a cyberattack carried out in November 2025 against the local government of Southold, New York.

Town authorities first disclosed the incident on November 24, 2025, revealing that a ransomware attack had disrupted critical municipal services. Impacted systems included email communications, payroll processing, tax collection, permitting, and other essential operations. While most systems were restored within two weeks, some remained offline through mid-January.

On its data leak portal, Rhysida demanded a ransom payment of 10 bitcoin—valued at approximately $661,400 at the time of reporting. The group gave the town a seven-day deadline, threatening to auction the allegedly stolen data to other cybercriminal actors if the ransom was not paid. Southold Supervisor Al Krupski stated that the town does not plan to comply with the ransom demand.

Town officials have not confirmed Rhysida’s involvement, and independent verification of the gang’s claims has not been established. It remains unclear what specific data may have been compromised or how attackers gained access to the town’s network. Officials were contacted for further comment, and updates are expected if additional information becomes available.

Following the breach, the town allocated $500,000 toward cybersecurity enhancements.

“Please be advised that the Town of Southold is investigating a potential cyber incident affecting town servers, which affects our ability to communicate with residents via email,” said the city’s November 24 announcement. “During the course of this investigation, we regret to inform you that all town services will be limited.”

Rhysida emerged in May 2023 and operates a ransomware-as-a-service (RaaS) model. The group’s malware is capable of encrypting systems and exfiltrating sensitive data. Victims are typically pressured to pay for both a decryption key and assurances that stolen information will be deleted. Affiliates can lease Rhysida’s infrastructure to conduct attacks and share in ransom proceeds.

In 2025, the group claimed responsibility for 21 verified ransomware incidents and made an additional 70 unconfirmed claims. Several confirmed attacks targeted public-sector entities, including:
  • Oregon Department of Environmental Quality (April 2025 – $2.6 million ransom, unpaid)
  • Maryland Department of Transportation (August 2025 – $3.4 million ransom, unpaid)
  • Cleveland County Sheriff’s Office (November 2025 – $782,000 ransom)
  • Cheyenne and Arapaho Tribes (December 2025 – $682,000 ransom, unpaid)
So far in 2026, the group has claimed six additional breaches.

Security researchers documented 84 confirmed ransomware incidents targeting U.S. government entities in 2025, exposing roughly 639,000 personal records. The average ransom demand across these cases reached $987,000.

In 2026, confirmed government-sector victims include Midway, Florida, Winona County, Minnesota, New Britain, Connecticut, and Tulsa International Airport.

Ransomware attacks on public institutions often involve both data theft and system encryption, disrupting services such as bill payments, court records management, and emergency response operations. Governments that refuse to pay may face prolonged outages, data loss, and heightened risks of fraud for affected residents.

Southold is a town located on Long Island in New York, with a population of approximately 24,000 residents. It falls within Suffolk County, which experienced a significant ransomware incident in 2021 that exposed the personal data of around 470,000 residents and severely disrupted county services.
Read more »
Subscribe to: Posts (Atom)