This month’s cyber landscape reveals a troubling escalation in both the scope and sophistication of cyberattacks, with threat actors honing in on high-value sectors like healthcare, insurance, and telecommunications. Groups like Scattered Spider and Salt Typhoon are demonstrating calculated, persistent campaigns that exploit human trust, weak segmentation, and outdated infrastructure. From ransomware paralyzing hospitals and leaking sensitive patient data, to espionage operations breaching telecom giants, June’s cyber activity underscores a clear pattern: attackers are deliberate, targeted, and capable of evading traditional defenses.

Scattered Spider Ramps Up Attacks on U.S. Insurance Sector

Scattered Spider, a sophisticated cybercriminal group known for its aggressive social engineering tactics, has shifted its targeting from the UK retail space to the U.S. insurance industry. Google researchers report that the group is executing ransomware and extortion campaigns by exploiting help desks and IT support channels to gain access. Erie Insurance recently disclosed a disruptive cyber incident that aligns with the group’s tactics, and Aflac confirmed it suffered a breach suspected to be linked to Scattered Spider. In Aflac’s case, attackers may have accessed highly sensitive data including Social Security numbers and health information. The group’s sector-specific strategy and effective manipulation of human trust signals a continued evolution in targeted cybercrime.

Implementing certain Zero Trust controls, such as segmentation, can ensure that even if an attacker gains initial access through social engineering, they are prevented from moving laterally across the network or escalating privileges. Through granular identity-based access controls, policy enforcement, and tamperproof logs, Xage can block attempts to access sensitive systems or exfiltrate customer data.

Cyberattacks Continue to Cripple Global Healthcare Systems

Ransomware attacks on the healthcare sector continue to escalate, inflicting severe operational disruptions and long-term harm to public health. In June 2025 alone, Kettering Health in Ohio remained in recovery weeks after an Interlock ransomware attack paralyzed its systems and led to the leak of patient data. Similarly, the American Hospital in Dubai was targeted by the Gunra group, which claimed to have stolen hundreds of millions of patient records and brought operations to a standstill. Hospitals across Maine and New Hampshire, part of Covenant Health, also endured prolonged outages due to a separate ransomware campaign, reflecting a global pattern of healthcare systems under siege. 

These attacks highlight the urgent need for healthcare organizations to strengthen their cyber defenses. Xage helps providers protect critical systems and patient data by enforcing Zero Trust access across every asset and identity—ensuring threats are isolated early and the impact of breaches is contained. Its security fabric seamlessly integrates with the diverse, often legacy systems found in hospital environments, delivering modern protection without costly or disruptive overhauls. In a sector where downtime can mean the difference between life and death, Xage empowers healthcare organizations to ensure continuity of care, operational resilience, and patient trust—even in the face of advanced cyber threats.

Viasat Targeted in Expansive Salt Typhoon Espionage Campaign

U.S. satellite communications provider Viasat is one of the latest victims identified in the wide-reaching Salt Typhoon cyberespionage campaign, attributed to China-linked threat actors. The stealthy operation also targeted major telecom providers including Verizon, AT&T, and Lumen, focusing on credential harvesting and device compromise to establish long-term surveillance access. Although Viasat reported no evidence of customer data loss, the campaign is notable for its methodical, persistent approach and its emphasis on collecting sensitive metadata. 

This campaign underscores the strategic priority state-sponsored APT groups place on telecommunications infrastructure as a high-value intelligence target. For organizations like Viasat operating in these high-risk environments, Xage’s zero trust architecture delivers essential protection against stealthy, persistent threats. By enforcing proactive segmentation, continuous identity verification, and tamperproof auditability, Xage helps telecom and satellite operators prevent lateral movement, detect intrusions early, and resist long-term espionage efforts—all without compromising operational performance.

Security Giants Harmonize APT Naming

Microsoft, CrowdStrike, Google, and Palo Alto Networks are launching an initiative to align their threat actor naming conventions. The effort includes mapping documents to help researchers correlate names like APT29, Cozy Bear, and NOBELIUM across platforms. While not a universal naming standard, this step aims to reduce confusion and improve cross-vendor threat tracking. Industry observers welcome the move, though caution that sharing of IOCs remains limited.