The halfway point of 2025 has brought another wave of significant cybersecurity news, with June seeing one of the largest collections of leaked credential data in history alongside several other developments that will have both short- and long-term impacts on network security. This month’s recap by SWK Technologies covers the biggest headlines from June of this year, and dives deeper into how these may affect your business’s cyber risk:
Largest Data Breach in History Leaks 16 billion Passwords
Security researchers discovered what appeared to be one of the largest password exposures in history, with over 16 billion login credentials found accessible online. Investigators from the Cybernews outlet were able to identify 30 separate datasets containing information from several platforms, including Google, Apple, IBM, Facebook and others. The data did not likely all come from one breach, but was probably collected by infostealer malware over different periods of time until it was aggregated into one major treasure trove of passwords.
Infostealers work by secretly extracting information from infected devices, capturing login credentials, browser data, authentication cookies and other details that can be used to further breach locked systems. The researchers were able to identify the collection after stumbling upon the online cloud storage for the files before they were secured against outside access. Cybercriminals typically work in a complex ecosystem of selling and reselling data, tools and more, so the stolen information was likely being hosted on an unsecured database as the “vendor” accumulated as much as they could before trying to attract buyers.
There is good and bad news with this story, as there was no one massive breach that exposed all of this data, but the fact that the collection exists reflects perhaps the biggest challenge for managing modern cybersecurity. Cybercrime has evolved alongside the systems in place, and no simple login is enough to protect any database anymore. You need multiple layers if you want to defend your network today, including leveraging authentication methods like MFA.
DHS Warns Conflict with Iran Will See Hacking Rise
The Department of Homeland Security released a bulletin warning of heightened cyber threats following U.S. military strikes on suspected nuclear facilities in Iran. The advisory, issued on June 22, cautioned that pro-Iranian hacktivists and state-sponsored actors will likely target American networks in retaliation. This warning comes as the U.S. joins the escalating conflict between Israel and Iran, and as the latter openly vows retaliation for the strikes against both countries.
Even during peacetime, Iranian hackers have been suspected of making direct and indirect attacks against American targets for various political reasons as well as for monetary gain. Though the effectiveness of these attempts have varied – among those that could be traced to hackers based in or affiliated with Iran – the cyber capabilities of Iranian operatives is predicted to have improved significantly by experts. Past examples have shown that this could range from theft and extortion to attacks against critical infrastructure like water treatment plants and reservoirs.
Politically-motivated hacking is tricky to separate from “normal” cybercrime, but even an increase in malware campaigns from gangs with nationalist leanings could become devastating for many American businesses. Full-blown cyberwarfare can be even more destructive as Russia demonstrated during their conflict with Georgia in 2008, yet it can be curtailed with the right amount of preparation as Ukraine showed when they were invaded in 2022 and mitigated any widespread takedown of their critical infrastructure.
Research Shows How Russia Leverages Cyber Attacks
A study by European research firm, Quointelligence, shed new light into the complex ecosystem the Russian Federation employs to expand their cyberwarfare capabilities. This web includes various private entities, hacktivist groups, independent cybercriminals and state-sponsored actors to create a “hybrid model” that leverages these non-state resources to help achieve political goals.
This model has evolved over time and due to more recent events, namely the 2022 invasion of Ukraine and the aftermath of the Ukrainian government’s initially successful cyber defense strategy. However, the core functions of this approach are still generally the same:
- Private entities are obliged to share information and resources by legal obligation, providing scale and reach
- Hacktivists that share the same or similar political goals are contracted to help spread disinformation
- Cybercriminals are contracted to attack targets opportunistically
- Various Russian intelligence services have operatives managing and intermixed with any of the previous three
State-sponsored cyber attacks, no matter their reason, create the possibility that hacking and malware campaigns will ramp up. There will always be a threat to businesses of all sizes during conflict periods, but companies involved in logistics, transportation or technology sectors should implement enhanced monitoring and consider their risk profile given the current environment.
Maine Healthcare Facilities Face Fallout of Hacks
Multiple healthcare organizations in Maine experienced cyber incidents within days of each other, disrupting operations at several hospitals and medical facilities across the state. The attacks affected both the Covenant Health and Central Maine Healthcare networks, forcing providers to implement manual processes while working to restore electronic systems.
Both organizations discovered they had been targeted by external attackers and worked to take their connected IT infrastructure down to isolate the compromised systems. They have each since contracted outside service firms to investigate the sources of their respective breaches and restored their networks, though have still had to reschedule or postpone elective procedures while trying to maintain more critical patient services with limited electronic access.
The healthcare industry is one of – if not, the – most targeted sectors by cybercrime, due to the timely nature of many medical services that can end up stalled by shutdowns and the difficulty organizations have in protecting all of their systems all of the time. There is no “magic bullet” to solve all these challenges, but healthcare organizations and networks can work to address these problems at scale with the help of the right managed service provider (MSP).
Stay Up to Date on Cybersecurity News with SWK
From massive credential exposures to nation-state cyber warfare and healthcare-targeted attacks, the threat landscape continues to evolve at an unprecedented pace. The experienced team at SWK Technologies actively tracks these developments and stays ahead of emerging risks – partner with SWK today to leverage our award-winning managed services for IT and network security, and ensure your organization is equipped to handle whatever threats emerge.
Contact SWK here to discover more about current cybersecurity challenges and what your organization needs to do to maintain protection against sophisticated cyber threats.