March 5, 2025 – Cyber Briefing

👉 What’s trending in cybersecurity today?

Malicious Go Packages, Linux, Apple, macOS, Loader Malware, Scammers, Fake Ransom Notes, US Companies, BianLian Group, Iran-Linked Hackers, UAE Organizations, Sosano Malware, GrassCall Malware, Job Seekers, Sensitive Information, Broadcom, VMware, Zero-Day Vulnerabilities, NBA X Account, Fake $NBA Coin, Cryptocurrency Scam, NASCAR, Social Media Accounts, Whitman Hospital, Medical Clinics, Cyberattack, LRT, Lithuanian News Website, Japan, NTT Communications, Data Breach, US Lawmakers, COPPA 2.0 Bill, Children, FTC, Phantom Debt Collection Scam, NSO Group Executives, Spyware Abuse, Jamf, Identity Automation, iGaming Sector, Fraud, AI Threats.

Listen to the full podcast

🚨 Cyber Alerts

1. Malicious Go Packages Target Linux and macOS

Researchers have uncovered a malicious campaign targeting the Go ecosystem with typosquatted packages designed to deploy loader malware on Linux and macOS. The attack involves seven fake packages, some of which impersonate popular Go libraries, aiming to compromise systems and steal credentials. Despite GitHub repositories being taken down, the malicious packages remain on the official repository, showing a highly coordinated and persistent adversary.

2. Fake BianLian Ransom Notes Target US CEOs

Scammers are impersonating the BianLian ransomware gang by mailing fake ransom notes to US companies. The letters are addressed to CEOs, detailing fabricated claims of data breaches and demanding ransoms between $250,000 and $500,000. While these notes attempt to appear legitimate by including real Tor leak sites and compromised passwords, experts confirm they are scams designed to intimidate executives without any actual breach.

3. New Sosano Malware Campaign Target UAE

A new malware campaign has targeted several sectors in the United Arab Emirates (UAE), including aviation, satellite communications, and critical infrastructure. The attackers, identified as the group UNK_CraftyCamel, are believed to be Iran-backed, likely linked to the Islamic Revolutionary Guard Corps (IRGC). The group used a compromised email account from an Indian electronics company to deliver the custom Sosano malware, which could allow the hackers to execute follow-up payloads.

4. GrassCall Malware Targets Job Seekers

The GrassCall malware campaign, attributed to the Crazy Evil threat group, has been targeting job seekers since early 2025. By advertising fake job opportunities on platforms like LinkedIn, the attackers lure victims into downloading malicious software disguised as video conferencing tools. Once installed, the malware extracts sensitive information such as authentication cookies, saved credentials, and cryptocurrency wallet data, with devastating consequences for both personal and financial security.

5. VMware Warns of Three Exploited Zero Days

Broadcom issued a security alert warning VMware customers about three zero-day vulnerabilities affecting VMware ESXi, Workstation, and Fusion. The flaws, tracked as CVE-2025–22224, CVE-2025–22225, and CVE-2025–22226, allow attackers with elevated privileges to exploit critical security weaknesses in these products. While patches have been released, no workarounds are available for the issues, which have likely been used in targeted attacks by threat actors with initial access to compromised systems.

💥 Cyber Incidents

6. NBA X Account Hacked to Promote Fake Coin

The NBA’s official X account was compromised on Tuesday, with a series of posts promoting a fake cryptocurrency called $NBA Coin. The posts claimed that the NBA was launching the digital asset on the Solana blockchain to enhance fan engagement and sports transactions, complete with a fake press release and contract address. The fraudulent posts were made multiple times to the NBA’s main account, its Spain account, and others before being removed. The league confirmed the hack but refrained from providing further details.

7. NASCAR Social Media Accounts Hacked Tuesday

NASCAR’s social media accounts were hacked on Tuesday, with a fake post promoting a $NASCAR Token built on Solana to enhance fan engagement. The scam was quickly removed, but not before some fans noticed inconsistencies, such as the odd capitalization and the questionable contract address. This attack follows a similar one targeting the NBA’s social media accounts, showing a growing trend of cybercriminals exploiting major sports brands for cryptocurrency scams.

8. Whitman Hospital Deals with Cyberattack

Whitman Hospital and Medical Clinics, located in Colfax, Washington, reported a significant cyberattack that has left its internal systems down since February 28. The hospital’s internal electronic systems were compromised, and as of March 4, the disruption continues, with no confirmed timeline for the systems’ restoration. Although the attack has caused considerable disruption, the hospital and its clinics remain open, and patients are still receiving care, albeit with potential delays for those with appointments.

9. LRT News Website Targeted by Cyberattack

LRT, Lithuania’s national public broadcaster, recently thwarted a cyberattack that targeted its news website. The attack, which started on Sunday, intensified by Monday, resulting in error messages for some users. LRT, recognizing cyberattacks as a serious risk to its operations, took immediate steps to ensure that the disruption was minimized, emphasizing the importance of keeping its platform active, especially in emergencies when it serves as a primary source of information.

10. NTT Communications Confirms Data Breach

NTT Communications discovered unauthorized access to its systems on February 5, 2025, leading to a breach of sensitive corporate customer data. The breach involved the Order Information Distribution System, which handles service activations and modifications for businesses. A total of 17,891 corporate customers were impacted, with exposed data including company names, contact details, service usage, and contract information. However, personal customer data was not compromised in this attack.

📢 Cyber News

11. US Lawmakers Reintroduce COPPA 2.0 Bill

US lawmakers have reintroduced the Children and Teens’ Online Privacy Protection Act, a bill aimed at regulating how digital platforms collect and use children’s data. Sponsored by Senators Ed Markey and Bill Cassidy, the legislation prohibits targeted advertising to minors, mandates the minimization and deletion of personal data, and ensures that companies cannot collect data from 13- to 16-year-olds without consent. This bill, known as COPPA 2.0, has gained significant backing from advocacy groups concerned with the growing surveillance of children in digital spaces as they use social media and gaming platforms.

12. FTC Freezes Assets in Phantom Debt Scheme

The Federal Trade Commission (FTC) has successfully halted a widespread phantom debt collection scam that exploited consumers nationwide. The fraudulent operation, led by Ryan and Mitchell Evans and their network of companies, falsely claimed consumers owed debts linked to payday loans, using tactics like harassing phone calls and threatening legal action. These deceptive tactics included impersonating law firms and government agencies to manipulate victims into paying non-existent debts.

13. Court Orders Indictment of Former NSO Execs

A Catalan court in Barcelona has ordered the indictment of three former executives from NSO Group for their involvement in a spyware scandal. The executives are accused of using the company’s surveillance technology to target at least 63 members of the Catalan civil society, including government officials and independence advocates, with the powerful Pegasus spyware. The indictment marks a significant step in the fight against spyware abuse in Europe, as the men will now face investigation under Spain’s “discovery and disclosure of secrets” statute.

14. Jamf Acquires Identity Automation for $215M

Jamf has announced its acquisition of identity and access management firm Identity Automation for approximately $215 million in cash. The deal is set to close in the second quarter of fiscal year 2025 and will enhance Jamf’s security solutions. Identity Automation’s platform, which focuses on managing dynamic identities, will be integrated into Jamf’s offerings, streamlining user access and improving efficiency for organizations with shared devices and changing roles.

15. iGaming Sector Faces Billions in Losses

The European iGaming industry faces massive losses from fraud, with nearly half of compliance professionals reporting over 10% of revenue lost to fraud last year, amounting to over €5bn annually. Fraud has become more prevalent, driven by AI-powered technology, such as deepfakes used for identity fraud and bots exploiting bonuses. With outdated fraud prevention tactics in place, iGaming companies struggle to keep up, as existing methods only prevent 54% of fraud attempts, urging experts like Kris Galloway to call for more robust and multi-layered security measures throughout the entire user journey.