Cybersecurity & Threat Intelligence – September 15

This week’s Weekly Cyber Security and Threat Intelligence Report highlights critical incidents including manufacturing shutdowns, large-scale data breaches, and the takedown of a global phishing-as-a-service operation. These developments show how cyber threats in 2025—ranging from ransomware and zero-day exploits to phishing networks—are evolving faster than ever. From factory floor disruptions to cloud and SaaS breaches, the expanding attack surface reinforces the essential need for layered cyber security strategies, advanced network detection and response (NDR), continuous SOC monitoring, and proactive threat intelligence to identify, contain, and mitigate threats in real time.

Jaguar Land Rover Extends Shutdown After Cyberattack

Category: Operational Disruption | Manufacturing | Ransomware Suspected

Jaguar Land Rover (JLR) has extended its production shutdown by another week following a major cyberattack that disrupted operations at multiple plants. The incident has halted vehicle production and delayed ongoing projects, impacting both supply chains and retail operations.

Although the company has not disclosed technical details, the scale of disruption points to a significant compromise of critical IT and OT systems. JLR is currently working with cybersecurity experts to restore operations.

SOC Monitoring Takeaway: The JLR case underscores the vulnerabilities of manufacturing environments where IT and OT converge. Strong SOC monitoring, segmentation of critical networks, and adaptive network detection and response are essential to minimizing operational downtime from ransomware or zero-day attacks.

Salesforce Data Breach with Over 1.5 Billion Records Stolen

Category: Data Breach | Cloud Security | Vendor Exploitation

A massive breach involving Salesforce integrations has reportedly exposed over 1.5 billion CRM records. The hacking group ShinyHunters claims responsibility, leveraging OAuth tokens tied to Drift, a third-party AI chat agent.

Attackers allegedly gained access by exploiting exposed credentials from a compromised GitHub repository belonging to Salesloft. The stolen records include accounts, contacts, opportunities, and even sensitive embedded data such as API keys, cloud credentials, and passwords.

Salesforce and partners have revoked affected tokens, pulled the Drift app from their marketplace, and advised organizations to audit integrations, rotate credentials, and scrub sensitive data stored in CRM fields.

Threat Intelligence Note: This campaign, linked to UNC6395 and potentially groups like Scattered Spider, illustrates the escalating risk of supply chain and SaaS exploitation. Enterprises must harden integrations, adopt zero-trust security, and enforce continuous monitoring across third-party systems.

Massive Phishing Network RaccoonO365 Disrupted by Microsoft and Cloudflare

Category: Phishing-as-a-Service | Credential Theft | Cloud Security

Microsoft and Cloudflare have disrupted RaccoonO365, a Phishing-as-a-Service (PhaaS) operation run by the group known as Storm-2246. The network had been active since mid-2024, stealing more than 5,000 Microsoft credentials across nine countries.

RaccoonO365 customers could subscribe for $355 per month (or $999 for 90 days) to target up to 9,000 email addresses daily, using advanced kits capable of bypassing MFA. Microsoft’s investigation traced the service to Nigerian developer Joshua Ogundipe, believed to be the primary author of the phishing kit.

Through coordinated action, 338 websites and worker accounts tied to RaccoonO365 were seized, disrupting operations and limiting further credential theft.

Network Security Lesson: The takedown reinforces the value of collaboration between tech providers and security teams. Organizations should complement email security with network detection and response tools, ensuring rapid visibility and automated defenses against large-scale phishing campaigns.

Analyst Insight

This week’s incidents reflect the breadth and scale of today’s cybersecurity challenges:

• Manufacturing giants like Jaguar Land Rover continue to suffer operational disruptions from large-scale cyberattacks.
• SaaS and cloud integrations pose major vulnerabilities, as highlighted by Salesforce’s 1.5 billion record breach.
• Global phishing campaigns persist, though coordinated disruption efforts show promising results.

As we move further into 2025, one thing is clear: cybersecurity threats are intensifying in scale, speed, and sophistication. Attackers are leveraging AI, automation, and supply chain weaknesses to bypass traditional defenses, disrupt global industries, and exfiltrate massive datasets. From manufacturing shutdowns to billion-record breaches and industrialized phishing campaigns, the pressure on enterprises is greater than ever. Staying secure in 2025 requires not just awareness but essential investments in adaptive security, continuous SOC monitoring, and proactive threat intelligence to stay ahead of the curve.

Enterprises must double down on SOC monitoring, threat intelligence, and AI-powered network detection and response to defend against ransomware, phishing, and zero-day exploits.

📢 Contact us to learn how AI-driven NDR can strengthen your organization’s cybersecurity posture.