
Top 5 Cyber Attacks of 2025
All Sectors under Cyber Attack in 2025
The first half of 2025 has seen several large-scale cyber attacks around the world. These attacks have targeted private companies, government institutions, and providers of essential services. The incidents have shown that no sector is safe from cyber threats. Below is an overview of the five biggest cyber attacks of 2025 (as of early August).
1. Food Supply Chain Disruption in the US (UNFI)
In June this year, the largest distributor of natural and organic food in the US, United Natural Foods Inc. (UNFI), was hit by a cyber attack that forced the company to temporarily shut down its electronic ordering systems. The incident disrupted UNFI’s automated ordering and delivery operations, causing supply issues across the US. Many store shelves went empty, highlighting the vulnerability of a centralized food supply chain that depends on digital systems.
According to UNFI, the company lost between 350 and 400 million dollars in 2025 revenue, reducing annual profit to around 50–60 million dollars. The company’s reputation and customer trust were also damaged. The case has been described as one of the most serious cyber attacks in the food logistics sector.
UNFI responded quickly by taking critical systems offline and restoring core services within about three weeks. The company also recognized the need to strengthen its emergency plans. Cybersecurity experts see the incident as a strong example of how a single weak link in a supply chain can cause widespread and long-lasting disruption.
2. Data of 42 Million Customers Exposed (Bank Sepah)
In March this year, Iran’s oldest and strategically important state-owned bank, Bank Sepah, fell victim to a large-scale cyber attack. A hacker group called Codebreakers claimed they had stolen 12 terabytes of data, including personal and financial information of 42 million customers. The leak also contained sensitive details about senior government officials and members of the Islamic Revolutionary Guard Corps. The hackers demanded 42 million dollars in ransom, threatening to release the data if not paid. At first, Bank Sepah denied any data breach, but the hackers published confidential information belonging to the bank’s spokesperson and 20,000 customers, causing serious reputational damage.
In June, the bank was also targeted by a distributed denial-of-service (DDoS) attack claimed by a group known as Predatory Sparrow. The attack temporarily disrupted the bank’s websites, payment services, and ATMs.
After the incidents, Bank Sepah strengthened its cybersecurity measures and involved Iran’s cyber defense units in the investigation. However, authorities have not officially confirmed the intrusion or data theft. The investigation is ongoing, with suspicions of insider involvement or exploitation of a technical vulnerability.
3. US Officials’ Metadata Leaked (TeleMessage)
In May, the company TeleMessage suffered a cyber incident in which an anonymous hacker breached its cloud infrastructure. TeleMessage is a popular messaging application in the US, designed for government agencies and the financial sector. It is a modified version of Signal, created to allow message logging. The attacker gained access to the app’s archiving server API, obtaining metadata from the communications of 60 US government officials, including usernames, phone numbers, group chat names, and message timestamps. While the full content of messages was not accessed, fragments of sensitive data were exposed, including interactions involving officials from President Trump’s administration and members of the Secret Service.
The incident posed a significant security risk, as metadata can reveal communication networks and behavioral patterns of officials. Although no top-secret information was exposed, the case caused notable reputational damage and raised public concerns about the cybersecurity of US government agencies.
Smarsh, the company managing TeleMessage, responded quickly by suspending the service and fixing the vulnerability within a few days. The event forced several government agencies to look for alternative communication channels and highlighted the need to assess the security of other third-party applications.
4. Zero-Day Vulnerability Impacting Hundreds of Companies (SAP NetWeaver)
In the spring of this year, a critical zero-day vulnerability (CVE-2025-31324) was discovered in SAP NetWeaver, a widely used business application server. The flaw allowed attackers to upload malicious files and execute code on victim systems without authentication. The vulnerability was rated with the maximum severity score (CVSS 10), as it allowed full remote takeover of servers without requiring login credentials.
Exploitation of the flaw began in late March, almost a month before SAP released an official security patch. Both cybercriminals and state-sponsored groups (APTs) took advantage of the weakness, targeting strategically important companies and government institutions worldwide. Experts estimate that nearly 600 organizations were affected, including critical infrastructure and manufacturing companies. Victims suffered workflow disruptions and possible leaks of confidential data.
The consequences varied by organization. Some companies managed to stop the attackers quickly, while others faced major service outages, production shutdowns, and costly recovery efforts. In many cases, backdoors were left behind, creating future security risks.
SAP responded quickly by releasing an emergency patch and issuing guidelines to secure vulnerable systems. Cybersecurity agencies such as the US CISA also published warnings, urging organizations to apply updates and conduct active monitoring. The incident illustrates the importance of fast vulnerability management, since even strong security practices cannot prevent serious damage from unknown flaws.
5. Retail Incident with 300 Million Pounds in Losses (Marks & Spencer)
At the end of March this year, Marks & Spencer (M&S), one of the UK’s largest retailers, was hit by a major cyber attack that shut down its online store and ordering systems for six weeks. The attack was carried out by the notorious group Scattered Spider, which used social engineering by impersonating M&S IT staff. They convinced an IT support subcontractor from Tata Consultancy Services to reset two employee accounts, gaining access to the M&S internal network. The attackers then encrypted and blocked access to critical servers, including the popular “click & collect” service.
The attack cost M&S nearly 300 million pounds in lost profits, mainly due to the shutdown of online sales and logistical issues with stock redistribution. The suspension of the online store alone caused about 25 million pounds in weekly sales losses. Physical store deliveries were also disrupted. In addition, customer data was leaked, exposing thousands of personal records, though financial data was not affected. While the company’s relatively fast and transparent response limited further damage, the incident had a major impact on its reputation and customer trust, also leading to a temporary drop in share price.
M&S responded quickly and decisively by suspending its online systems, activating its crisis plan, and strengthening its security processes in cooperation with national cybersecurity agencies. According to the company, a similar exercise carried out the previous year had helped them respond faster and more effectively.