March 14, 2025 – Cyber Briefing

👉 What are the latest cybersecurity alerts, incidents, and news?

North Korea, ScarCruft Group, APT37, Android, KoSp Malware, Surveillance Tool, GitHub, Ruby-SAML Flaws, Accounts Takeover, Microsoft 365, Phishing Campaigns, OAuth Flaws, ClickFix, Booking, Hospitality Sector, MassJacker Malware, Cryptocurrency Transactions, Piracy Users, Rivers Casino Philadelphia, Data Breach, IKAV Energy, Sensitive Information, Ransomware, Micronesia Health, Data Breach, Trinity Petroleum Management, France, Côte d’Or Department, Russia, EU Commissioner, Trans-Atlantic Data Privacy Framework, UK, Apple, Encryption Dispute, South Korea, Supreme Court, Meta, Data Privacy Fine, Ransomware Surge, Cl0p, Wi-Fi Networks, Deauthentication Attacks.

Listen to the full podcast

🚨 Cyber Alerts

1. KoSpy Spyware Distributed via Google Play

ScarCruft, a North Korean APT group, has been using a new Android surveillance tool called KoSpy to target Korean and English-speaking users. Active since March 2022, KoSpy masquerades as legitimate apps on Google Play to steal sensitive data like SMS messages, call logs, location, screenshots, and even audio and photos. The malware uses Firebase Firestore to dynamically load configurations and adjust its command-and-control server, allowing it to operate stealthily. Although the affected apps have been removed from Google Play, the campaign’s persistence across third-party stores highlights ongoing cybersecurity threats.

2. GitHub Finds ruby-saml Flaws Exposing Users

GitHub discovered two critical vulnerabilities in the ruby-saml library that could allow malicious actors to bypass authentication protections. The flaws result from differences in how XML parsers REXML and Nokogiri handle document structures, leading to a Signature Wrapping attack. These vulnerabilities could be exploited by attackers with a valid signature to impersonate users and take over accounts. GitLab has released updates to address the issues in ruby-saml versions, urging users to update to avoid potential exploitation.

3. Phishing Attacks Target Microsoft 365 Users

Sophisticated phishing campaigns are targeting Microsoft 365 users by exploiting OAuth redirection vulnerabilities and impersonating trusted brands like Adobe and DocuSign. These attacks bypass traditional security measures, enabling attackers to gain unauthorized access to sensitive data and perform account takeovers. The malicious apps are designed to redirect victims to credential-harvesting sites and malware delivery pages within the Microsoft ecosystem, which makes them harder to detect.

4. Microsoft Uncovers ClickFix Phishing Attack

Microsoft uncovered an ongoing phishing campaign targeting the hospitality sector by impersonating Booking.com. The campaign, named Storm-1865, uses the ClickFix social engineering technique to deceive users into executing malware under the guise of fixing a non-existent error. Attackers trick recipients into copying and pasting a command into their Windows system, which downloads malicious payloads such as XWorm and Lumma Stealer.

5. MassJacker Malware Steals Cryptocurrency

MassJacker, a newly discovered clipper malware, specifically targets individuals searching for pirated software, aiming to steal cryptocurrency. This malware monitors clipboard content and swaps legitimate cryptocurrency wallet addresses with those controlled by attackers, rerouting the funds. The infection begins when users visit a site offering pirated software, which then infects them with botnet malware and a series of other binaries. Researchers at CyberArk identified over 778,000 unique attacker-controlled wallet addresses, with millions of dollars in cryptocurrency stolen.

💥 Cyber Incidents

6. Rivers Casino Philadelphia Data Incident

Rivers Casino Philadelphia recently disclosed a data breach affecting several Pittsburgh customers. The breach, which occurred on February 16, exposed sensitive information, including Social Security numbers, dates of birth, and driver’s license details. Many of the affected individuals had never visited the Philadelphia casino, which raised concerns about how their data was compromised. Rivers Casino explained that the breach stemmed from unauthorized access to files containing patron information from both the Philadelphia and Pittsburgh locations.

7. IKAV Energy Reports Breach Impacting Users

IKAV Energy, a company specializing in infrastructure energy assets, reported a data breach on March 13, 2025. The breach involved unauthorized access to sensitive personal identifiable information, including names and Social Security numbers. Although the details surrounding the breach remain scarce, IKAV has initiated a process to notify the affected individuals, according to a report filed with the Attorney General of Texas.

8. Ransomware Hits Micronesia Health System

A ransomware attack struck the health network of Micronesia’s Yap state, forcing the entire system offline. The Department of Health Services shut down computers and disconnected the network to prevent further damage. Officials are working with private IT contractors to assess the extent of the breach and restore services. Despite disruptions, essential services are continuing but at a slower pace, and the department is investigating which data may have been compromised.

9. Trinity Petroleum Management Data Breach

Trinity Petroleum Management, a company specializing in oil and gas services, recently disclosed a data breach involving sensitive consumer information. The breach occurred when an unauthorized party accessed personal data, including names, addresses, and Social Security numbers. The company completed an internal investigation and began notifying affected individuals through breach notification letters. While the exact cause of the breach remains under investigation, Trinity Petroleum indicated that it may involve third-party vendors.

10. Côte d’Or Targeted by Massive Cyberattack

Côte d’Or, a French department, was targeted by a massive cyberattack on March 12, 2025, causing significant disruption to its official website and internal communications. The department quickly responded, noting that while the attack aimed to block communication between various administrations, no personal data leaks were reported. The attack, which began three days earlier, caused the website to experience an overwhelming surge of 100 million requests per minute, leading to its saturation.

📢 Cyber News

11. EU Backs Trans-Atlantic Data Flow Agreement

On March 13, 2025, European Union Commissioner Michael McGrath confirmed the EU’s commitment to the Trans-Atlantic Data Privacy Framework (DPF). During a meeting with U.S. Federal Trade Commission Chair Andrew Ferguson, McGrath received reassurances regarding the U.S. support for the DPF. Despite challenges, McGrath expressed confidence that both the EU and U.S. would continue upholding the framework for mutual benefit.

12. UK Calls for Public Hearing on Apple Dispute

Politicians and civil liberties groups in the UK are calling for a secret court hearing to be opened to the public. The hearing involves a legal order demanding Apple provide access to encrypted iCloud data, which has raised concerns about privacy and government surveillance. Rights groups, including Big Brother Watch, argue that the public has a right to know when and why the government seeks to force private companies to compromise user privacy.

13. South Korea Court Upholds Meta Data Fine

South Korea’s top court upheld a 4.6 million-dollar fine against Meta for sharing user data without consent. The fine followed an investigation revealing that Meta provided the personal information of 3.3 million South Korean users to third parties between 2012 and 2018. Despite Meta’s appeal, arguing that the data was shared with user agreement, the court dismissed the case, and the Personal Information Protection Commission will now enforce corrective measures against Meta.

14. Ransomware Attacks Surge 126% in February

Ransomware attacks reached a record high in February 2025, surging 126% compared to the previous year. Cl0p ransomware was behind over a third of the attacks, exploiting vulnerabilities in file transfer systems. Despite global initiatives to disrupt ransomware operations, the threat continues to grow, especially targeting healthcare, manufacturing, and critical infrastructure sectors. Experts predict that automated, opportunistic attacks will keep increasing, urging organizations to bolster cybersecurity measures to combat the rising threat.

15. 94% of Wi-Fi Networks Vulnerable to Attacks

A Nozomi Networks Labs report shows that 94% of Wi-Fi networks worldwide are vulnerable to deauthentication attacks. These attacks, targeting weaknesses in network protocols, can disrupt critical systems, especially in industries like healthcare and manufacturing. The study also emphasizes rising risks, with cyber threats increasingly targeting vulnerable infrastructure systems, potentially compromising operations and safety.