Top cyberattacks from the last six months: A deep dive into the digital battlefield
Cyberattacks today have become sophisticated digital disasters, capable of disrupting organizations within minutes. These attacks are no longer limited to surface-level exploits; threat actors now use advanced tactics to infiltrate and exploit trust within critical systems. As traditional security models struggle to keep up, organizations must adopt behavior-driven detection and proactive defense strategies.
In this blog, we break down two major cyber incidents, how they happened, why they mattered, and what they reveal about the future of cybersecurity.
1. Bybit crypto heist
In early 2025, a state-sponsored cyberattack drained $1.5 billion in Ethereum (ETH) from a major crypto exchange. Rather than exploiting code vulnerabilities, the attackers manipulated a trusted internal process. It was a precision strike that exposed cracks in transaction integrity and operational trust. Though the theft occurred in minutes, its impact reshaped how centralized platforms view infrastructure security.
Technical breakdown
The following breakdown highlights how the attackers exploited a compromised developer machine to manipulate wallet transactions and reroute $1.5B in ETH undetected:
Malware was planted on a developer machine linked to Safe{Wallet}, used for building ETH multisig transactions.
The attacker modified transaction details (like the recipient address and value) just before the signing stage.
The altered transactions were valid and bypassed Bybit’s internal checks due to the lack of post-build validation.
Around 400,000 ETH (~$1.5B) was redirected to wallets controlled by the Lazarus Group and instantly laundered via mixers and cross-chain bridges.
Bybit’s SIEM failed to detect abnormal token movement due to insufficient behavior-based alerting.
To recover, Bybit borrowed emergency liquidity from partner exchanges to fulfill withdrawals and stabilize operations.
Post attack response and recovery:
Once the breach was detected, Bybit immediately halted all withdrawals and activated its crisis management protocol. Recognizing the magnitude of the stolen assets, the exchange secured emergency liquidity from external partners such as Bitget, Antalpha, and Galaxy Digital, borrowing tens of thousands of ETH to fulfill a surge in withdrawal requests. This fast recovery action allowed them to restore partial operations within 72 hours, though it came at the cost of reputational damage and a significant drop in market share. The incident highlighted the critical need for a well-defined incident response strategy and real-time monitoring systems.
Solutions like ManageEngine Log360 can provide early threat detection, help isolate breaches faster, and support forensic analysis through integrated SIEM and UEBA capabilities.
2. Swiss government ransomware attack
In mid-2025, a ransomware attack on Swiss IT contractor Radix exposed the risks of third-party dependencies. Here’s how the breach unfolded:
Technical breakdown
Attackers targeted Radix, a nonprofit IT provider for Swiss federal agencies, exploiting weak credentials or phishing access.
Once inside, cyberattackers used tools like RDP, PowerShell, and Cobalt Strike for lateral movement across poorly segmented networks.
The Sarcoma ransomware group deployed malware to encrypt files and exfiltrate over 1.3 TB of sensitive government data.
A ransom demand went unanswered, leading to the public leak of stolen data on the dark web.
The breach disrupted Radix’s systems, affecting the operations of several Swiss agencies.
The attack highlighted a classic supply chain compromise, exposing the risks of weak third-party security in critical infrastructure.
After the breach, Swiss authorities and GovCERT.ch launched an investigation with Radix to assess the damage and restore operations. Although systems were eventually recovered, over 1.3 TB of sensitive data tied to federal agencies had already been stolen and leaked online, posing long-term risks to privacy and national security.
The attack exposed major gaps in vendor security and network isolation. Once inside Radix’s systems, the attackers moved laterally without triggering alerts. Experts noted that with stronger endpoint monitoring and tools like ManageEngine Log360, such movement could have been detected early. The incident underscored the need for stricter third-party risk controls and continuous threat detection beyond organizational boundaries.
Key takeaways
The Bybit crypto heist and the Swiss government ransomware attack may have targeted different sectors, but both reveal a common theme: Modern cyberattacks thrive on blind trust and weak links in digital ecosystems. In both cases, attackers exploited overlooked dependencies, be it a compromised developer machine or an under-secured third-party vendor.
These incidents highlight the urgent need to rethink traditional security postures. It’s no longer enough to secure only the core systems; organizations must validate every trust relationship, enforce strong controls across the supply chain, and ensure network segmentation to contain lateral movement.
Cybersecurity today isn’t just about reacting to breaches; it’s about proactively minimizing risk across your entire ecosystem. That means embracing zero-trust architectures, running regular audits, investing in threat intelligence, and prioritizing employee awareness.
In a world where attackers only need one weak link, your resilience must start everywhere.
Stay vigilant. Stay secure.