Massive Surge in Cyber Attacks Targeting Real Estate and Utilities Organizations

Cyber attacks are becoming increasingly sophisticated as threat actors continuously evolve their tools and tactics. 

They leverage advanced technologies, use social engineering techniques, and collaborate in sophisticated cybercrime networks.

The real estate and utilities industries have seen a noticeable increase in intrusions over the last three months, according to the recent study report shared with the Cyber Security News (CSN) team from CYFIRMA.

Past 90 Days in Numbers

Real estate and utilities appeared in 13 of the 59 observed campaigns, accounting for 22% of the total, lower than industries with greater appeal to nation-state threat actors.

Besides this, the Chinese cyber activity also surged with Barracuda ESG vulnerability use. However, no new real estate or utilities victims have been observed in these campaigns since then.

Attack countAttack count
Attack count (Source – Cyfirma)

Here below, we have mentioned all the involved threat actors:-

Threat actors (Source – Cyfirma)

Real estate and utilities draw both financially motivated and nation-state actors. Europe, potentially targeted by Russian-linked threat actors amid the Ukraine conflict, experiences the highest attack activity.

Geographical Distribution (Source – Cyfirma)

Cyberattacks primarily target web applications and operating systems across industries, with instances of compromised VPN and application infrastructure.

Most attacked technologies (Source – Cyfirma)

Phishing attacks

This report excludes internet service providers from the analysis, focusing instead on water and energy utilities. Phishing lures targeting utilities are highly localized, deterring threat actors seeking broader targets.

CYFIRMA’s telemetry detected only 42 phishing attacks targeting utilities and none related to real estate in the past 3 months, with a primary focus on broader phishing campaigns.

Global Distribution of Phishing Themes per Sector (Source – Cyfirma)

Impersonated brands

Here below, we have mentioned all the real estate and utilities industry brands that are impersonated:-

  • Pkn Orlen
  • Swiss Office of Energy
  • ENEL Energia S.P.A
  • Polska Grupa Energetyczna

ASN telemetry revealed PKN Orlen phishing linked to the USA, while the Swiss Office of Energy had Swiss roots, and Italian Enel Energia and Polska Grupa Energetyczna traced back to German ASN, indicating an international PKN Orlen campaign versus local cybercriminals.

Attack origins (Source – Cyfirma)

CYFIRMA found 117 ransomware victims in real estate and utilities in the last 90 days, 7.4% of 1,579 incidents, with a sharp rise in August.

Lockbit3’s August surge leads, driven by Cl0p (+Torrents), while 8base with ALPHV and Akira maintain steady numbers. The top 5 gangs make up 59% of victims, but smaller groups still cause significant harm.

Major ransomware gangs (Source – Cyfirma)

Out of 45 active gangs, 29 targeted real estate and utilities, with Cl0p showing minimal interest in this sector.

Victims Targeted

The United States leads with 65 out of 112 victims, highlighting global ransomware threats that know no boundaries, as cyber attackers target vulnerable organizations worldwide.

Geographic Distribution Of Victims (Source – Cyfirma)

Nation-state APTs show limited interest in real estate and utilities, mainly focusing on energy, notably in Europe in the middle of the Ukraine-Russia conflict.

Real estate and utilities lack appeal for widespread phishing due to localized fragmentation. Lockbit3 is the top gang, while Cl0p has fewer victims in this industry. However, besides this, the real estate developers and construction businesses are the most affected sectors.

Protect yourself from vulnerabilities using Patch Manager Plus to quickly patch over 850 third-party applications. Take advantage of the free trial to ensure 100% security.

Tushar Subhra

Tushar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Recent Posts

Hackers Bypass AI Filters from Microsoft, Nvidia, and Meta Using a Simple Emoji

Cybersecurity researchers have uncovered a critical flaw in the content moderation systems of AI models…

51 minutes ago

Microsoft Alerts That Default Helm Charts May Expose Kubernetes Apps to Data Leaks

Microsoft’s cybersecurity research team has issued a stark warning about the risks of using default…

54 minutes ago

Popular Instagram Blogger’s Account Hacked to Phish Users and Steal Banking Credentials

A high-profile Russian Instagram blogger recently fell victim to a sophisticated cyberattack, where scammers hijacked…

2 hours ago

Ransomware Attacks on Food & Agriculture Industry Surge 100% – 84 Attacks in Just 3 Months

The food and agriculture industry is facing an unprecedented wave of cybersecurity threats in 2025,…

2 hours ago

Microsoft 365 Copilot and Office Apps Now Protected by SafeLinks at Click Time

Microsoft announced a major update aimed at bolstering the cybersecurity of its flagship AI-powered productivity…

2 hours ago

Hackers Targeting Schools and Universities in New Mexico with Cyber Attacks

A major cyberattack on the Coweta County School System's computer network occurred late Friday night, which is a worrying development for New Mexico's educational institutions. The unauthorized intrusion, detected around 7:00 p.m., prompted immediate action from the school…

2 hours ago