February 21 2025 – Cyber Briefing

👉 What are the latest cybersecurity alerts, incidents, and news?

February 21 2025 – Cyber Briefing

Bookworm Malware, ASEAN, DLL Sideloading, Darcula, Phishing-as-a-Service, Shadowpad Malware, Microsoft Power Pages Vulnerability, Ivanti, VPN Flaw, SPAWNCHIMERA Malware, NioCorp Developments, BEC Attack, HCRG Care Group, Medusa Ransomware, London Talent Agency, Rhysida Ransomware, Goodwill North Central Texas, NABCO, Personal and Health Information, US SEC, Cryptocurrency Fraud Unit, Emerging Tech Team, Microsoft, Majorana 1 Chip, Quantum Computing, California, CPPA, Data Broker, Russian Mafia, Money Laundering Network, Spain, Portugal.

Listen to the full podcast

🚨 Cyber Alerts

1. Bookworm Resurges Linked to Stately Taurus

Cybersecurity researchers from Palo Alto Networks’ Unit 42 have uncovered a resurgence of Bookworm malware, now linked to the Stately Taurus threat actor group. The malware uses sophisticated DLL sideloading to infiltrate Windows systems, revealing a continuity in tactics from previous attacks dating back to 2015. Researchers have identified a shared infrastructure between Bookworm and Stately Taurus, indicating the group’s ongoing cyber-espionage operations particularly targeting organizations within the Association of Southeast Asian Nations (ASEAN).

2. Darcula Suite 3.0 Features DIY Phishing Kits

The Darcula phishing-as-a-service platform is set to launch its third version, Darcula Suite, which introduces a do-it-yourself (DIY) phishing kit generator. This new feature allows users to create custom phishing kits targeting any brand by simply inputting a URL, after which the platform automatically generates the necessary templates. The update also includes a user-friendly admin dashboard, performance tracking, and improved anti-detection measures like IP filtering and bot blocking.

3. Shadowpad Used to Deliver New Ransomware

A sophisticated cyber espionage campaign, linked to Chinese state-aligned threat actors, has targeted organizations in 15 countries using an updated version of Shadowpad malware. Trend Micro’s analysis revealed that the attackers used weak passwords and MFA bypass techniques to infiltrate VPNs and deploy ransomware. The campaign, which started in November 2023, has primarily impacted sectors including manufacturing, energy, finance, and education, with the majority of attacks in Europe, the Middle East, and Asia.

4. Microsoft Patches Critical Power Pages Flaw

Microsoft recently patched a critical vulnerability in Power Pages, a low-code SaaS platform, that was being exploited in attacks. Tracked as CVE-2025–24989, the flaw allowed attackers to elevate privileges and bypass user registration controls. Microsoft confirmed that the vulnerability has been mitigated and affected customers have been notified with guidance on reviewing their sites for potential signs of exploitation.

5. SPAWNCHIMERA Malware Targets Ivanti VPN Flaw

Ivanti disclosed a critical buffer overflow vulnerability (CVE-2025–0282) impacting its Connect Secure VPN appliances. Attackers exploited this flaw, which stemmed from improper handling of the strncpy function in the web server component, to execute arbitrary code remotely. JPCERT/CC confirmed multiple exploitation cases in Japan, with cybersecurity researchers identifying the evolved SPAWNCHIMERA malware, which not only exploited the flaw but also deployed a self-contained patch to prevent other attackers from exploiting the same vulnerability.

💥 Cyber Incidents

6. NioCorp Reports $500,000 Loss in Cyberattack

NioCorp Developments reported a significant financial loss after a hacking incident on February 14. The breach involved the compromise of the company’s email system, which was used to conduct a business email compromise (BEC) attack. This attack led to misdirected vendor payments totaling approximately $500,000, and the company is working with law enforcement to recover the funds while continuing its investigation into the full scope of the incident.

7. HCRG Care Group Investigates Cyberattack

HCRG Care Group, a major healthcare provider in the U.K., is investigating a cybersecurity incident involving the Medusa ransomware gang. The gang claims to have stolen over two terabytes of sensitive data, including personal and medical records, from the company. While HCRG has not confirmed the details, they are working with forensic experts to determine the full scope of the breach and have notified the U.K.’s Information Commissioner’s Office.

8. Rhysida Ransomware Hits London Talent Agency

A London talent agency has reported a cyberattack by the Rhysida ransomware group to the UK’s Information Commissioner’s Office (ICO). The attackers, claiming to hold sensitive client data, are demanding a ransom of 7 Bitcoins, roughly $678,035, and have already published some of the stolen documents, including passport scans and internal spreadsheets. While the ICO investigates, the agency is under pressure as Rhysida’s auction for the stolen data nears its deadline.

9. Goodwill North Central Texas Reports Breach

Goodwill North Central Texas reported a data breach on February 20, 2025, revealing that unauthorized third-party access may have compromised sensitive personal and health data. The breached information potentially includes personal identifiers such as names, social security numbers, addresses, and health-related details. While the breach’s specifics remain unclear, Goodwill North Central Texas has notified affected individuals and is actively addressing the situation.

10. NABCO Reports Data Breach on Personal Data

North American Breaker Company (NABCO) reported a data breach to the Texas Attorney General on February 20, 2025. The breach potentially exposed sensitive personal and health information, including Social Security numbers, driver’s license numbers, and medical details. While specific breach details remain unclear, NABCO has started notifying impacted individuals and is cooperating with authorities to address the issue.

📢 Cyber News

11. SEC Replaces Crypto Unit with New Team

The SEC announced the formation of a new Cyber and Emerging Technologies Unit (CETU) to replace its previous Crypto Assets and Cyber Unit. CETU aims to combat cyber-related misconduct impacting investors, including fraud related to AI, social media, and blockchain. This shift in focus aligns with broader goals to foster innovation while protecting investors and clearing the way for new technologies.

12. Microsoft Introduces Majorana 1 Quantum Chip

Microsoft unveiled its Majorana 1 quantum computing chip, which features a new state of matter called topological superconductivity. The chip, built using topological superconductors, allows quantum systems to scale up to one million qubits on a single chip, significantly reducing errors. This breakthrough has the potential to revolutionize industries like materials science, agriculture, and chemical discovery by enabling faster, more accurate computations. Despite this progress, the Majorana 1 chip is still part of Microsoft’s ongoing research and not available for use on the Azure public cloud.

13. Cybersecurity Salaries Soar on US West Coast

Cybersecurity professionals working on the US West Coast are the highest paid in North America, earning an average base salary of $200,000 per year. The overall cash compensation, including bonuses and overtime, is $224,000 annually. The West Coast’s higher salaries are attributed to the higher cost of living and the concentration of major tech companies in the region, which offer premium pay to attract skilled workers.

14. California Seeks Fine Against Data Broker

California’s privacy regulator is pushing for a $46,000 fine against National Public Data, a data broker that suffered one of the largest data breaches in 2024. The breach exposed Social Security numbers and other personal data, affecting millions. The company failed to register as a data broker under state law, prompting the California Privacy Protection Agency (CPPA) to seek the fine following the company’s bankruptcy proceedings.

15. Russian Mafia Money Laundering Ring Broken

A massive money-laundering network, involving Russian mafia members, has been dismantled in Spain and Portugal, with 14 individuals arrested. The criminal organization laundered money from illegal drug trafficking, processing up to €300,000 per day. The ring used the Hawala method, which allowed money transfers across countries without physical or digital banking transactions, making detection difficult.