February 24 2025 – Cyber Briefing

👉 What’s happening in cybersecurity today?

LockBit, Atlassian Confluence, Counter-Strike 2, Streamjacking, GhostSocks, SOCKS5 Proxy, India, SpyLend, Loan App, Data Theft, Extortion, ChatGPT, Phishing Scam, Subscription Requests, Bybit, Ethereum Heist, Lazarus Group, Infini, Tornado Cash, Black Basta, Paratus Namibia, Canada, Rainbow District School Board, Cyberattack, Sensitive Data, UK, Apple, iCloud, Advanced Data Protection, Oxford University, Quantum Information Teleportation, Warby Parker, Health Data, OpenAI, AI Surveillance, Google Cloud, Quantum Safe, Digital Signatures, Cloud KMS.

Listen to the full podcast

🚨 Cyber Alerts

1. LockBit Targets Atlassian Confluence Servers

LockBit ransomware operators quickly exploited a critical vulnerability in Atlassian Confluence servers, utilizing a remote code execution flaw (CVE-2023–22527) to target an exposed Windows server. After gaining access, they used various tools like AnyDesk, Metasploit, and Rclone for persistence, lateral movement, and data exfiltration. Within two hours, they deployed LockBit ransomware, encrypting files and leaving ransom notes, highlighting the importance of timely vulnerability patching and robust monitoring.

2. CS2 Streamjacking Scam Steals Gamer Accounts

Threat actors are exploiting major Counter-Strike 2 (CS2) competitions like IEM Katowice and PGL Cluj-Napoca 2025 to defraud gamers. Using hijacked YouTube accounts, they impersonate popular CS2 players and promote fake giveaways to steal Steam accounts and cryptocurrency. Victims unknowingly grant access to their accounts, allowing scammers to steal valuable skins and items while transferring cryptocurrency to their wallets.

3. GhostSocks Malware Evades Detection Methods

GhostSocks, a Golang-based malware, utilizes a SOCKS5 proxy to reroute network traffic through compromised systems, enabling attackers to bypass geographic restrictions and IP-based security measures. By integrating with the LummaC2 information stealer, it enhances its ability to perform advanced credential abuse and evade detection. The malware’s anti-sandboxing techniques and obfuscation methods make it particularly effective in high-value sectors like financial institutions, offering threat actors persistent access and greater opportunities for exploitation.

4. SpyLend Malware Steals Data Through Loans

SpyLend, a malicious Android app, has been downloaded over 100,000 times from Google Play, disguising itself as a financial tool while actually operating as a predatory loan app. Once installed, the app requests excessive permissions, stealing sensitive personal data such as contacts, call logs, and location information. This stolen data is then used to extort users, often leading to harassment and blackmail if they fail to repay loans under unfair terms.

5. ChatGPT Phishing Campaign Targets User Data

A phishing campaign impersonating OpenAI’s ChatGPT Premium subscription service has rapidly spread across the globe. Cybercriminals are using fraudulent emails with fake payment requests to steal personal and financial details. The emails, which appear to come from legitimate OpenAI sources, prompt users to update payment information to maintain access to premium features, directing them to malicious websites designed to harvest login credentials.

💥 Cyber Incidents

6. Bybit Suffers $1.5 Billion Crypto Heist

A sophisticated attack on cryptocurrency exchange Bybit resulted in the theft of over $1.5 billion worth of Ethereum and stETH from one of its cold wallets. The attack manipulated a scheduled transfer, altering the smart contract logic and masking the wallet’s signing interface to gain control. The Lazarus Group, a notorious North Korean cybercrime organization, is believed to be behind the attack, marking it as the largest-ever cryptocurrency heist in history.

7. Developer Behind $49 Million Infini Hack

Infini, a crypto fintech company, fell victim to a $49 million theft in USDC, traced back to one of its own developers. Cyvers, a blockchain security firm, revealed the hacker had secretly retained admin access and manipulated the system for over 100 days. After funding their wallet via Tornado Cash and executing a small ETH transaction, the developer drained the entire contract, further shaking trust in the security of smart contracts.

8. Black Basta Group Hit by Chat Logs Leak

The Black Basta ransomware group has faced a significant blow after the leak of internal chat logs, potentially exposing critical details about the individuals and operations behind the attacks. The leak, involving nearly 200,000 messages from September 2023 to September 2024, reveals insights into the group’s activities, including their targeting of Russian domestic banks and high-profile victims like Ascension Health and Capita.

9. Paratus Namibia Targeted by Cyberattack

Paratus Namibia was targeted by a cyberattack early Thursday, compromising internal operational files related to its systems. The company responded swiftly, isolating affected environments and securing impacted services. Paratus has also enlisted international experts to restore its infrastructure and enhance cybersecurity measures as part of its recovery efforts. The company’s managing director, Andrew Hall, expressed regret over the attack, emphasizing the importance of customer data and the ongoing investigation into the full extent of the breach.

10. Rainbow District School Board Cyberattack

The Rainbow District School Board, located in Ontario, Canada, was recently targeted by a cyber attack, resulting in a data breach that exposed sensitive information about staff and students. The breach compromised personal details such as social insurance numbers, bank account information, and medical records from as far back as 2010. The board has offered a two-year credit monitoring service to those affected and is working with authorities to address the situation.

📢 Cyber News

11. Apple Removes Advanced Data Protection in UK

Apple has removed its Advanced Data Protection (ADP) feature for iCloud in the United Kingdom following a government demand for backdoor access to encrypted user data. ADP, which ensures that users alone control their encryption keys, will no longer be available to UK users despite growing concerns over data breaches and privacy. Apple expressed disappointment at the move, which restricts the added protection of end-to-end encryption for iCloud data, such as backups, photos, and notes, in the UK.

12. First Distributed Quantum Computing Achieved

A groundbreaking experiment from the University of Oxford has achieved the first successful transmission of quantum information between two distant quantum processors. Using quantum entanglement, the researchers demonstrated how quantum computers can communicate wirelessly, opening the door to distributed quantum computing. This achievement marks a significant step toward solving scalability issues in quantum computing, with the potential to create more powerful machines by connecting processors through “quantum teleportation.”

13. Warby Parker Fined $1.5M Over Data Breach

Warby Parker was fined $1.5 million by the U.S. Department of Health and Human Services (HHS) for failing to adequately protect customer health data. A 2018 credential stuffing attack exposed personal details of nearly 200,000 people, including addresses, payment information, and eyewear prescriptions. Despite detecting the breach in 2018, the company did not conduct a thorough risk analysis or implement necessary security measures until several years later, resulting in the substantial fine.

14. OpenAI Bans Accounts Developing AI Spy Tools

OpenAI banned several accounts for using ChatGPT to develop an AI-powered surveillance tool. The tool, likely originating from China, analyzed social media platforms to collect data on anti-China protests in Western countries and share insights with Chinese authorities. OpenAI disrupted other campaigns, including fraudulent schemes, disinformation operations, and influence activities by actors from North Korea, Iran, and Cambodia.

15. Google Cloud Adds Quantum Safe Signatures

Google Cloud has launched quantum-safe digital signatures in Cloud KMS to address future security threats posed by quantum computing. The new feature, which aligns with NIST’s post-quantum cryptography standards, is available in preview and aims to protect sensitive data from potential quantum-enabled attacks. Financial institutions, large enterprises, government agencies, and developers relying on Cloud KMS can now begin testing quantum-resistant cryptographic algorithms to future-proof their security strategies.