Cyber attack disrupts Network Rail Wi-Fi Services 

A cybersecurity investigation is underway at Network Rail after inappropriate messages were displayed to users accessing free Wi-Fi at major UK train stations. The messages, referencing the 2017 Manchester Arena bombings, have led to the suspension of Wi-Fi services across all 20 Network Rail-managed stations, including key hubs in London, Manchester, Birmingham, and Glasgow. 

Network Rail and the British Transport Police (BTP) are leading the investigation. A BTP spokesperson confirmed: "We received reports yesterday of a cyberattack affecting some Wi-Fi services. We are working closely with Network Rail to investigate." 

The Wi-Fi system, operated by Telent, is under review, with the company cooperating in the investigation. Cybersecurity experts warn that this attack highlights vulnerabilities in public networks and emphasises the need for stronger protections for critical national infrastructure. This incident underscores the growing threat to public transport systems from cybercriminals. 

Necro Malware infects 11 Million Android devices via Google Play 

A new variant of the Necro malware loader has infected 11 million Android devices through malicious SDK supply chain attacks on Google Play. The malware, hidden within legitimate apps, game mods, and modified versions of popular software such as WhatsApp, Spotify, and Minecraft, was installed via compromised advertising software development kits (SDKs). 

Necro delivers multiple harmful payloads, including adware that opens links through invisible windows, modules that execute arbitrary JavaScript and DEX files, and tools for subscription fraud. It also uses infected devices as proxies to route malicious traffic. 

Security researchers discovered the Necro Trojan on two popular Google Play apps, including the Wuta Camera app with over 10 million downloads. Outside Google Play, Necro spreads through unofficial modified versions of popular apps, such as ‘GBWhatsApp’ and ‘Spotify Plus,’ promising extra features or premium services for free. 

This attack highlights the growing threat of supply chain malware targeting legitimate apps and users via trusted platforms. 

Dell investigates alleged Data Breach exposing employee information 

Dell Technologies is reportedly investigating a data breach involving 3.5GB of internal data, allegedly impacting 10,000 employees. The claim, made by a threat actor named "grep," suggests that Dell suffered a "minor data breach" earlier this month exposing sensitive employee and partner information. 

According to the dark web post, the stolen data includes employee identifiers, full names, employment status, and internal identification strings. There are also claims of a second breach involving Jira files, database tables, and schema plans. 

While Dell has not yet issued a public statement, the company confirmed that its security team is actively investigating the incident. 

Cyber security experts have warned that Dell must assess the extent of the breach and protect sensitive information.  

English Football League issues cyber security alert after attacks on clubs 

The English Football League has alerted clubs following recent cyberattacks on Bristol City and Sheffield Wednesday. Hackers targeted both clubs, breaching their systems and sending phishing emails from official accounts. These attacks, which aimed to steal personal data from season ticket holders and email lists, have sparked concern across the league. 

Phishing emails from senior officials at Bristol City and Sheffield Wednesday included malicious links, prompting swift responses from both clubs. The EFL warned clubs not to open emails from Bristol Sport CFO Vicki Long or Sheffield Wednesday finance director John Redgate. 

The attacks are part of a growing trend, with other clubs, including Charlton Athletic, also affected. The EFL has urged clubs to increase cybersecurity vigilance, with Leeds United's information security manager Graham Peck coordinating efforts to share security intelligence across teams. 

Aston Villa launched an investigation into a potential breach in May but found no evidence of unauthorised access. 

If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively Get in touch to find out how you can protect your organisation. 

The Threat Intel Roundup was prepared by Integrity360 summarising threat news as we observe it, current at the date of publishing. It should not be considered to be legal, consulting or any other professional advice. Any recommendations should be considered in the context of your own organisation. Integrity360 does not take any political stance in the information that we share. Moreover, the opinions expressed may not necessarily be the views of Integrity360.