Skip to content
Contact Us
All posts

07.07.25 Threat Report

By  Craig Pepper  ·  2 minute read

This week’s threat report we cover a major ransomware incident at Ingram Micro, a phishing campaign abusing Spanish domains, and a Department for Work and Pensions (DWP) impersonation scam targeting UK residents.

 

1. Ingram Micro Hit by SafePay Ransomware, Causing Major IT Supply Chain Interruption

Ingram Micro, a global leader in tech distribution and cloud services, has suffered a serious ransomware attack attributed to the SafePay group. The attack caused major operational outages, with critical platforms like Xvantage and Impulse offline, and employees advised to work remotely without VPN access.

Key Developments:

  • Ransom notes reportedly appeared across employee systems on Thursday morning.

  • SafePay is suspected of exploiting the GlobalProtect VPN to gain unauthorised access.

  • While Teams and SharePoint remained functional, core logistics and ordering services were disrupted.

  • No official breach notification has been issued by the company, raising compliance and trust concerns.

Impact:
The outage disrupted global IT supply chains and delayed cloud provisioning, potentially affecting digital health and medtech firms reliant on Ingram Micro for hardware, software, or cloud deployment. This serves as a stark reminder of the risks posed by third-party vendors in your security posture.


2. Spain's .gob.es Domains Hijacked in Government-Themed Phishing Campaigns

A sophisticated phishing campaign has emerged in Spain, where threat actors are abusing .gob.es domains—commonly used by legitimate government institutions—to send out malicious links under the guise of official communications.

Attack Details:

  • Fraudulent emails appear to originate from trusted Spanish government departments, increasing the likelihood of user engagement.

  • Malicious redirects and fake login portals are used to harvest credentials or deploy malware.

  • The campaign has reportedly tricked hundreds of users and remains active, despite some domains being disabled.

Why It Matters:
Although this campaign is currently targeting Spanish speakers, the abuse of legitimate domains is a growing global concern. Digital health companies operating internationally or with Spanish partnerships should alert staff and clients to these tactics, particularly where shared systems or multi-lingual communications are involved.


3. New Phishing Attack Impersonates UK Department for Work and Pensions (DWP)


A newly discovered phishing campaign is impersonating the UK’s Department for Work and Pensions to steal personal and financial information from citizens. The emails claim to offer support payments and direct recipients to malicious login portals.

Key Points:

  • Victims receive official-looking messages requesting identity verification or bank details.

  • The attack employs spoofed DWP branding to increase authenticity.

  • This campaign could lead to identity theft, financial fraud, and exploitation of vulnerable individuals.

Implications for Healthcare Services
Given the overlap between welfare services and healthcare delivery, this type of campaign can erode trust and exploit patients who depend on digital government support. Health tech providers should consider public awareness messaging and phishing simulation training for users who may receive similar lures.

Threat Intelligence

Stay ahead of emerging cyber threats with real-time insights from our Threat Intelligence service. Contact us to find out more.