CISA and partners respond to cyber attack on Nevada state services

First reported

27.08.2025 15:00

Last updated

05.09.2025 16:00

📰 2 unique sources, 2 articles

Summary

Hide ▲

On August 24, 2025, a ransomware attack targeted the state of Nevada, impacting essential services and leading to data theft. The Cybersecurity and Infrastructure Security Agency (CISA) and its partners are providing real-time incident response to assist in restoring critical services and rebuilding systems. The attack's origins are under investigation. CISA's Threat Hunting teams are actively examining state networks to identify the full scope of the situation and mitigate threats. The Federal Bureau of Investigation (FBI) is assisting in the investigation, and the Federal Emergency Management Agency (FEMA) is advising on emergency response grants and other available assistance. The attack on Nevada is part of a broader trend of ransomware attacks on local governments, exacerbated by federal budget and staffing cuts.

Timeline

27.08.2025 15:00 📰 2 articles · ⏱ 20d ago

CISA and partners respond to cyber attack on Nevada state services
The cyber attack on Nevada was a ransomware attack that led to service outages and data theft. The FBI and CISA are continuing to assist Nevada in recovery efforts. The attack is part of a broader trend of ransomware attacks on local governments, which are increasingly vulnerable due to federal budget cuts. The City of St. Paul, Minnesota, also suffered a major ransomware attack in July 2025, highlighting the growing threat to smaller government entities. The sophistication of ransomware attacks continues to evolve, targeting operational infrastructure and causing significant financial and operational impacts.
Show sources

CISA and Partners Providing Real-Time Incident Response to Cyber Attack on State of Nevada — www.cisa.gov — 27.08.2025 15:00

Federal Cuts Put Local, State Agencies at Cyber-Risk — www.darkreading.com — 05.09.2025 16:00
Open in new tab

Information Snippets

The cyber attack on Nevada occurred on August 24, 2025.
First reported: 27.08.2025 15:00

📰 2 sources, 2 articles
Show sources
- CISA and Partners Providing Real-Time Incident Response to Cyber Attack on State of Nevada — www.cisa.gov — 27.08.2025 15:00
- Federal Cuts Put Local, State Agencies at Cyber-Risk — www.darkreading.com — 05.09.2025 16:00
CISA and its partners are providing real-time incident response to assist Nevada.
First reported: 27.08.2025 15:00

📰 2 sources, 2 articles
Show sources
- CISA and Partners Providing Real-Time Incident Response to Cyber Attack on State of Nevada — www.cisa.gov — 27.08.2025 15:00
- Federal Cuts Put Local, State Agencies at Cyber-Risk — www.darkreading.com — 05.09.2025 16:00
CISA's Threat Hunting teams are actively examining state networks.
First reported: 27.08.2025 15:00

📰 2 sources, 2 articles
Show sources
- CISA and Partners Providing Real-Time Incident Response to Cyber Attack on State of Nevada — www.cisa.gov — 27.08.2025 15:00
- Federal Cuts Put Local, State Agencies at Cyber-Risk — www.darkreading.com — 05.09.2025 16:00
The FBI is assisting in the investigation of the attack.
First reported: 27.08.2025 15:00

📰 2 sources, 2 articles
Show sources
- CISA and Partners Providing Real-Time Incident Response to Cyber Attack on State of Nevada — www.cisa.gov — 27.08.2025 15:00
- Federal Cuts Put Local, State Agencies at Cyber-Risk — www.darkreading.com — 05.09.2025 16:00
FEMA is advising on emergency response grants and other available assistance.
First reported: 27.08.2025 15:00

📰 1 source, 1 article
Show sources
- CISA and Partners Providing Real-Time Incident Response to Cyber Attack on State of Nevada — www.cisa.gov — 27.08.2025 15:00
The cyber attack on Nevada was a ransomware attack.
First reported: 05.09.2025 16:00

📰 1 source, 1 article
Show sources
- Federal Cuts Put Local, State Agencies at Cyber-Risk — www.darkreading.com — 05.09.2025 16:00
The attack led to service outages and data theft in Nevada.
First reported: 05.09.2025 16:00

📰 1 source, 1 article
Show sources
- Federal Cuts Put Local, State Agencies at Cyber-Risk — www.darkreading.com — 05.09.2025 16:00
The FBI and CISA are continuing to assist Nevada in recovery efforts.
First reported: 05.09.2025 16:00

📰 1 source, 1 article
Show sources
- Federal Cuts Put Local, State Agencies at Cyber-Risk — www.darkreading.com — 05.09.2025 16:00
The attack on Nevada is part of a broader trend of ransomware attacks on local governments.
First reported: 05.09.2025 16:00

📰 1 source, 1 article
Show sources
- Federal Cuts Put Local, State Agencies at Cyber-Risk — www.darkreading.com — 05.09.2025 16:00
Federal budget and staffing cuts have increased the risk for state and local governments.
First reported: 05.09.2025 16:00

📰 1 source, 1 article
Show sources
- Federal Cuts Put Local, State Agencies at Cyber-Risk — www.darkreading.com — 05.09.2025 16:00
The City of St. Paul, Minnesota, also suffered a major ransomware attack in July 2025.
First reported: 05.09.2025 16:00

📰 1 source, 1 article
Show sources
- Federal Cuts Put Local, State Agencies at Cyber-Risk — www.darkreading.com — 05.09.2025 16:00
The City of St. Paul declared a state of emergency and called in the National Guard for assistance.
First reported: 05.09.2025 16:00

📰 1 source, 1 article
Show sources
- Federal Cuts Put Local, State Agencies at Cyber-Risk — www.darkreading.com — 05.09.2025 16:00
The Lower Sioux Indian Community in Minnesota and the Attorney General's Office for Pennsylvania also experienced ransomware attacks in 2025.
First reported: 05.09.2025 16:00

📰 1 source, 1 article
Show sources
- Federal Cuts Put Local, State Agencies at Cyber-Risk — www.darkreading.com — 05.09.2025 16:00
The sophistication of ransomware attacks continues to evolve, targeting operational infrastructure.
First reported: 05.09.2025 16:00

📰 1 source, 1 article
Show sources
- Federal Cuts Put Local, State Agencies at Cyber-Risk — www.darkreading.com — 05.09.2025 16:00
CISA and MS-ISAC provide critical services to smaller government entities, including threat intelligence and incident-response guidance.
First reported: 05.09.2025 16:00

📰 1 source, 1 article
Show sources
- Federal Cuts Put Local, State Agencies at Cyber-Risk — www.darkreading.com — 05.09.2025 16:00
Federal budget cuts have impacted CISA and MS-ISAC, potentially reducing their ability to assist local governments.
First reported: 05.09.2025 16:00

📰 1 source, 1 article
Show sources
- Federal Cuts Put Local, State Agencies at Cyber-Risk — www.darkreading.com — 05.09.2025 16:00
The St. Paul ransomware attack is expected to cost $17 million.
First reported: 05.09.2025 16:00

📰 1 source, 1 article
Show sources
- Federal Cuts Put Local, State Agencies at Cyber-Risk — www.darkreading.com — 05.09.2025 16:00
Local governments need to develop manual operations and backup plans to ensure continuity of services during cyberattacks.
First reported: 05.09.2025 16:00

📰 1 source, 1 article
Show sources
- Federal Cuts Put Local, State Agencies at Cyber-Risk — www.darkreading.com — 05.09.2025 16:00

Similar Happenings

GhostRedirector Campaign Targets Windows Servers with Rungan and Gamshen

A threat cluster named GhostRedirector has compromised at least 65 Windows servers in Brazil, Thailand, and Vietnam. The attacks deployed a passive C++ backdoor called Rungan and an IIS module named Gamshen. The threat actor has been active since at least August 2024. The primary goal of the attacks is to manipulate search engine results to boost the ranking of specific websites, including gambling sites. The campaign targets various sectors, including education, healthcare, insurance, transportation, technology, and retail. Initial access is gained through an SQL injection vulnerability, followed by the use of PowerShell to deliver additional tools. The threat actor is assessed with medium confidence to be China-aligned.

Open in new tab

Bridgestone manufacturing facilities impacted by cyberattack

Bridgestone Americas, the North American division of Bridgestone Corporation, is investigating a cyberattack that has disrupted operations at all manufacturing facilities in North America. The attack, detected on September 2, 2025, affected facilities in Aiken County, South Carolina, and Joliette, Quebec. Bridgestone's rapid response reportedly contained the incident early, preventing customer data theft or extensive network infiltration. The company is working to mitigate the impact on its supply chain and ensure business continuity. The exact nature and scope of the cyber incident remain unknown.

Open in new tab

Geolocation-based cyberattacks: Threats and mitigation strategies

Geolocation data is increasingly weaponized by cybercriminals to conduct targeted attacks. These attacks exploit location data to execute geographically precise phishing campaigns, malware deployments, and social engineering schemes. Traditional defenses often fail to detect these attacks until they are activated, making them particularly insidious. Examples include the Stuxnet worm and the Astaroth malware campaign, which targeted specific regions and industries. Effective mitigation requires a multilayered approach, including robust endpoint detection, decoy systems, and enhanced authentication methods. Geolocation-based attacks leverage the precision of location data to enhance social engineering and evade traditional defenses. The SideWinder APT group exemplifies this by using geofenced payloads in spear-phishing emails. As IoT and edge computing expand, the threat landscape will grow, necessitating stronger endpoint protection and authentication measures.

Open in new tab

Jaguar Land Rover Production Disrupted by Cyberattack

Jaguar Land Rover (JLR) experienced a cyberattack that severely disrupted its production and retail operations. The attack prompted the company to shut down several systems to mitigate the impact. Customer data was compromised, and the exact nature of the attack and the timeline for recovery remain unclear. The incident affected multiple systems, including those at the Solihull production plant, where popular models like the Land Rover Discovery and Range Rover are manufactured. The attack occurred over the weekend, a common time for such incidents due to reduced response capabilities. This is the second cyberattack JLR has suffered this year, raising concerns about potential vulnerabilities from the previous attack. JLR has extended the production shutdown for another week, with operations expected to resume on September 24, 2025. The company is still investigating the incident and has not attributed the breach to a specific cybercrime group.

Open in new tab

Massive Brute-Force Attacks on SSL VPN and RDP Devices from Ukrainian Network FDN3

Between June and July 2025, a Ukrainian IP network FDN3 (AS211736) launched extensive brute-force and password spraying attacks targeting SSL VPN and RDP devices. The activity is part of a broader abusive infrastructure involving multiple Ukrainian and Seychelles-based networks. These networks have been previously linked to spam distribution, network attacks, and malware command-and-control hosting. The attacks have been attributed to large-scale brute-force attempts, peaking between July 6 and 8, 2025. The techniques used are consistent with initial access vectors employed by various ransomware-as-a-service (RaaS) groups. The infrastructure includes networks such as VAIZ-AS (AS61432), ERISHENNYA-ASN (AS210950), and TK-NET (AS210848). These networks often exchange IPv4 prefixes to evade blocklisting and continue hosting abusive activities. The prefixes involved have ties to known bulletproof hosting providers and have been used for various malicious activities in the past.

Open in new tab