Greetings, Cybersecurity Enthusiasts!
September kept the cyber world on edge: new ransomware gangs appeared in force, familiar names resurfaced, and several high-impact breaches dominated headlines. Let’s dive into what defined the month.

Cyber Incidents Breakdown

Overall Count: We recorded 1,118 cyber incidents, showing a modest slowdown but continued heavy threat activity.
Defacements (468): Still a major disruption vector, with attackers maintaining pressure on public-facing systems.
News Coverage (134): Breaches at major organizations kept cybersecurity in the spotlight.
Official Reports (159): Disclosure requirements continue to drive transparency and accountability.
Ransomware Incidents (351): Holding steady, ransomware remains the leading driver of high-impact breaches.
SEC Filings (2): Regulatory reporting remains consistent as cyber disclosure enforcement ramps up.

Most Active Ransomware Gangs

• Qilin (38 victims): Continues its global targeting streak, though activity has slightly cooled. 
• INC (35 victims): Maintains strong momentum across multiple sectors. 
• Safepay (33 victims): Still an active player with consistent attack volume. 

New Ransomware Gangs We Are Tracking

• Miga 
• Blackshrantac 
• Obscura 
• Gentleman 
• Radar 
• Yurei 
• Toufan 
• Lunalock 
• Desolator 

These newly observed groups are carving out their own corners of the ransomware ecosystem: several showing early signs of industrial targeting.

Breaches That Made the News

September saw several high-profile compromises across both public and private sectors:

• Discord: https://app.hacknotice.com/#/hack/68e186e995c98b52af2a765b 
• Huawei: https://app.hacknotice.com/#/hack/68dfa35395c98b52af2ee2d3 
• Red Hat: https://app.hacknotice.com/#/hack/68de1a5995c98b52af0e4577 
• FEMA: https://app.hacknotice.com/#/hack/68dbcf5295c98b52af1e9f7d 
• RTX (Raytheon Technologies): https://app.hacknotice.com/#/hack/68cee40690fef583497ad3ea 

Industry and Geography Insights

🏭 Industries Most Impacted

• Manufacturing (19.8%) remains the top-targeted sector, consistent with its critical supply-chain role. 
• Professional, Scientific, and Technical Services (14.3%) continues to see persistent threats, especially from credential-theft-driven campaigns. 

📉 Notable Industry Trends

• Public Administration: Ransomware attacks surged 80%, with increased government-focused targeting. 
• Transportation & Warehousing: Up 70%, reflecting continued exploitation of logistics and shipping networks. 
• Healthcare: Ransomware down 40%, suggesting possible gang strategy shifts after major law-enforcement scrutiny. 
• Information Sector: Overall breaches up 35%, driven by large-scale credential leaks. 

🌍 Regions Most Affected

• North America (61.2%) remains the most attacked region by volume. 
• Europe (20.4%) holds steady as a global hotspot. 
• Asia (7.1%), South America (4.2%), and Oceania (2.8%) trail behind. 
• Middle East (2.4%) and Africa (1.9%) report consistent but lower-intensity targeting. 

🚨 Notable Regional Trends

• Asia: Breaches increased 45%, driven by both ransomware and credential-leak campaigns. 
• Oceania: Attack volume climbed 30%, highlighting expanding geographic reach of mid-tier gangs. 
• Middle East: Declined 20%, likely due to reduced regional targeting from Western-based actors. 

Closing Thoughts

September proved that a quieter month doesn’t mean a safer one.
The emergence of nine new ransomware gangs, alongside spikes in public-sector and logistics targeting, underscores the speed at which cyber risk evolves.

🔍 If you’re not tracking ransomware’s role in third-party breaches, you’re missing your biggest blind spot.

Stay ahead of shifting threats with HackNotice’s real-time intelligence across ransomware, leaks, and breach sources.

👉 Request a demo to see how HackNotice helps you manage third-party risk.