- Exzec Cyber Newsletter
- Posts
- Cyber Strikes, Olympic Spies, and Two Years of Silent Intrusion
Cyber Strikes, Olympic Spies, and Two Years of Silent Intrusion
This Week in Cybersecurity
🧠 CyberFact of the Week:
The term "hacker" originally had a positive connotation. In the 1960s at MIT, it referred to individuals who pushed systems beyond their limits in clever ways — a far cry from today’s criminal undertones.
📬 This Week’s Clickables
🛠 Big News Breakdown: A ransomware attack and international cyber-espionage make the headlines.
🚨 Can’t Miss: These stories shook the industry — read them in a sentence.
👀 Might Have Missed: Just as important, but buried by the big headlines.
🕵️♂️ Strange Cyber Story of the Week: Iranian hackers quietly lurked for two years — here's how and why.
🚨 Big Stories This Week
Marks & Spencer Grapples with a Devastating Ransomware Attack
The Intro:
UK retail giant Marks & Spencer suffered a severe cyberattack that disrupted major digital and in-store operations over the Easter weekend.
What Happened:
The attack, reportedly by ransomware gang Scattered Spider, halted online orders, disabled contactless payments, and impacted VPN and stock forecasting systems. Losses are estimated at £40 million a week.
Why It's Important:
This is a prime example of how even well-established enterprises with strong growth trajectories can be derailed by cybersecurity incidents — especially when critical services are digitized.
The Other Side:
Some argue that M&S had received warnings about its vulnerability to social engineering and remote access attacks, suggesting the incident could have been preventable with stronger security training.
The Takeaway:
Retailers, especially those expanding digital operations, must prioritize ransomware defenses and incident response planning to maintain resilience and consumer trust.
TL;DR:
Marks & Spencer’s Easter weekend cyberattack left its retail operations crippled and customers inconvenienced — a sharp reminder that ransomware remains a top enterprise threat.
Further reading: The Times | Infosecurity Magazine | Sky News
France Accuses Russian APT of Olympics-Targeted Cyberattacks
The Intro:
France publicly named APT28 — a group linked to Russia’s GRU — as responsible for a years-long cyber campaign against French institutions.
What Happened:
Between 2021 and 2024, APT28 reportedly targeted French ministries, local governments, and organizations preparing for the 2024 Paris Olympics. The attacks were intended to gather intelligence and destabilize operations.
Why It's Important:
State-sponsored cyber operations targeting global events like the Olympics highlight the increasing convergence between cyber-warfare and geopolitical influence.
The Other Side:
Russia has denied involvement, and critics suggest the timing of France’s announcement may be politically motivated ahead of the Games.
The Takeaway:
Global sporting and diplomatic events are becoming battlegrounds for cyber-espionage, requiring unprecedented collaboration between national security agencies and event organizers.
TL;DR:
France publicly blamed APT28 for a coordinated cyber campaign, adding cyber tensions to an already strained geopolitical climate.
Further reading: AP News | Moscow Times | Recorded Future
🔥 Can’t Miss This Week
SK Telecom Shares Plunge After Breach: South Korea’s largest mobile carrier confirms customer data was compromised in a malware attack.
Commvault Confirms Nation-State Exploited Zero-Day: Backup software provider reveals CVE-2025-3928 was exploited in the wild.
UK's Ministry of Defence Loses Employee Data: Hackers stole MoD payroll data, prompting a massive internal investigation.
CISA Adds Zero-Day to KEV Catalog: Agencies must patch Commvault flaw by May 19 under federal mandate.
👀 Might Have Missed
Cobb County Faces Ransomware Threat: Qilin ransomware group claims a 150GB data heist from Georgia's Cobb County, threatening to leak autopsy photos and HR data.
Harrods Joins UK Retailers Targeted by Cyber Attacks: After other major stores were hit, Harrods confirmed a cyber attack disrupted internet systems but not operations.
Apple AirPlay Bug Allows Wi-Fi Takeovers: A newly revealed AirPlay flaw could let attackers hijack Apple devices on shared Wi-Fi networks.
Craft CMS Zero-Day Under Active Exploitation: A critical zero-day in the popular CMS platform is being exploited to hijack vulnerable websites.
Proposed CISA Budget Cuts Stir Security Concerns: The Trump campaign’s suggested CISA defunding over censorship claims is raising alarms in cyber circles.
🧟♂️ Strange Cyber Story of the Week
Iranian Hackers Maintain Two-Year Access to Middle East Critical Infrastructure
The Intro:
A state-sponsored Iranian hacking group maintained long-term, unauthorized access to critical infrastructure across the Middle East for two years — and no one noticed until now.
What Happened:
Security researchers from a U.S. defense contractor discovered persistent malware implants across various energy and telecom networks. The attackers leveraged known VPN vulnerabilities and credential harvesting techniques to stay undetected.
Why It's Important:
The fact that such access went unnoticed for years raises alarm bells for all nations managing critical infrastructure. It’s a case study in how cyber persistence can rival physical sabotage in impact.
The Other Side:
Some experts argue that the failure to detect the intrusion reflects a systemic underinvestment in OT (operational technology) cybersecurity and not necessarily exceptional hacker capability.
The Takeaway:
This incident highlights the urgent need for persistent monitoring, zero-trust architecture, and rapid response strategies within industrial control systems and national infrastructure.
TL;DR:
Iranian hackers quietly maintained long-term access to Middle East infrastructure — a wake-up call for all critical sectors on the dangers of underestimating stealthy threats.
Further reading: The Hacker News | SC Magazine | CyberScoop
Thanks for reading this week’s edition. If you have feedback or advice, want to submit a dog, or just hate everything you see? Reply back to this email!