March 19, 2025 – Cyber Briefing

👉 What’s trending in cybersecurity today?

Massive Ad Fraud Campaign, Google Play, Malicious Apps, AI Code Editors, Supply Chain Attack, Rules File Backdoor, DLL Side-Loading Attack, Python Code, MirrorFace APT, Europe, Cyberattacks, AMI MegaRAC BMC Flaw, Remote Attacks, Servers, Devices, California Cryobank, Data Breach, Personal Information, Swedish Tax Agency, DDoS Attacks, Online Services, Royal Spanish Academy, Ransomware Attack, Atchison County, Kansas, Cyber Incident, Germany, Sozial-Holding Mönchengladbach, Google, Acquisition, Wiz, Cloud Security, Multicloud Services, China, Taiwanese Military Hackers, Cyberattacks, Espionage Operations, HP, Quantum Resistant Printers, VulnCheck, Vulnerability Intelligence Platform.

Listen to the full podcast

🚨 Cyber Alerts

1. Ad Fraud on Google Play Targets Millions

A large-scale ad fraud operation has been uncovered involving more than 330 malicious apps on Google Play. These apps, disguised as utility, fitness, and lifestyle tools, have been used to display intrusive full-screen ads and attempt phishing attacks to steal user credentials and credit card information. Despite being taken down by Google, the threat actors continue to bypass security measures and have already demonstrated the ability to update apps with malicious features after passing the initial review.

2. AI Tools Targeted in New Supply Chain Attack

A new supply chain attack, “Rules File Backdoor,” is targeting AI-powered code editors like GitHub Copilot. Hackers are injecting malicious instructions into seemingly harmless configuration files, allowing the code to bypass security measures and spread vulnerabilities undetected. This method exploits AI tools used in development workflows, posing a significant threat to global software projects and increasing the risk of widespread supply chain attacks. This attack vector is especially dangerous as it can affect all future code generations in the project.

3. DLL Side-Loading Delivers Python Malware

A sophisticated DLL side-loading attack has been targeting the financial and healthcare sectors. Hackers exploit the way applications load dynamic-link libraries (DLLs) to inject malicious Python-based payloads. These attacks use trusted apps to bypass security defenses, allowing persistent access and stealthy operations by using techniques like fileless execution and encrypted Python code. The attackers employ common libraries to avoid detection while executing malicious actions like credential harvesting and system reconnaissance.

4. MirrorFace Expands Targeting to Europe

MirrorFace, a China-aligned hacking group, has expanded its operations to Europe through a new campaign, AkaiRyū, which targeted a diplomatic organization. The group used spear-phishing tactics to trick the victim into opening malicious files. They deployed a customized version of AsyncRAT and revived the ANEL backdoor, marking a shift in their tools. MirrorFace’s sophisticated tactics and evasion techniques, including using Windows Sandbox, highlight the growing complexity of their cyberattacks.

5. AMI BMC Flaw Could Allow Remote Attacks

A critical vulnerability in AMI’s MegaRAC Baseboard Management Controller (BMC) software, tracked as CVE-2024–54085, could allow attackers to bypass authentication and exploit systems remotely. With a CVSS score of 10.0, this flaw affects multiple devices including servers from HPE, Asus, and Lenovo. Exploitation can result in unauthorized control, firmware tampering, malware deployment, and potential physical damage to hardware.

💥 Cyber Incidents

6. California Cryobank Confirms Data Breach

California Cryobank has disclosed a data breach impacting personal customer data between April 20–22, 2024. The breach exposed sensitive information including names, Social Security numbers, and bank details. The company has provided free one-year credit monitoring to affected individuals and has strengthened its security measures. It remains unclear if donor ID numbers were compromised, raising concerns over privacy for individuals who donated sperm anonymously.

7. Swedish Tax Agency Faces DDoS Attacks

The Swedish Tax Agency experienced repeated DDoS attacks, disrupting access to its login services, including My Pages. Initially thought to be caused by heavy traffic, it became clear that the issues were due to overload attacks. Despite ongoing countermeasures, users struggled to log in, while other services remained accessible. The Swedish Courts Administration also faced disruptions, but these did not impact trials or verdicts, and there were no signs of an overload attack in this case. The agency is working to resolve the situation as quickly as possible.

8. RAE Cyberattack Exposes Sensitive Data

The Royal Spanish Academy (RAE) experienced a ransomware attack by the Fog group in March 2024. The group gained access to sensitive information, including employee and client contacts, as well as internal documents. Despite the breach, RAE’s key linguistic tools and systems remained operational, with effective containment measures in place. The incident was reported to the authorities, ensuring continued public access to the Academy’s services while restoring specialized resources.

9. Atchison County Kansas Hit by Cyberattack

Atchison County, Kansas, shut down its offices for March 17 and 18 following a detected cyber incident. County officials began immediate investigations and are working with third-party cybersecurity experts to assess the impact. Emergency services like 911 remain fully operational. The offices are expected to stay closed while the county works on securing and restoring its systems, with state authorities notified about the incident.

10. Cyberattack Hit Mönchengladbach Care Service

Sozial-Holding der Stadt Mönchengladbach GmbH suffered a cyberattack that paralyzed its IT systems. Sensitive data, including personal, health, employee, and company information, was stolen or altered. The organization quickly implemented stronger security measures and involved authorities to investigate the breach. It has advised affected individuals to change passwords, be cautious of phishing attempts, and monitor for fraudulent activity.

📢 Cyber News

11. Rural Water Cybersecurity Bill Gains Support

The Cybersecurity for Rural Water Systems Act was reintroduced in the US Congress. The bill aims to expand the Circuit Rider Program to provide technical cybersecurity assistance for small rural water systems. By funding cybersecurity experts and offering ongoing training, the bill seeks to enhance protection against cyber threats for over 80% of US water and wastewater systems that currently lack sufficient defenses.

12. Google Acquires Wiz for $32B Cloud Deal

Google has finalized its acquisition of cloud security company Wiz for $32 billion, marking its largest-ever tech purchase. The deal aims to boost Google Cloud’s security offerings and promote multicloud adoption. Wiz will continue to operate independently and work with other cloud providers like AWS and Azure. The acquisition is expected to close in 2026, after regulatory approval, and will help accelerate Google Cloud’s growth in cybersecurity, especially in the AI-driven cloud era.

13. China Accuses Taiwan of Cyberattacks

China’s state security ministry has accused four Taiwanese military-linked individuals of conducting cyberattacks and espionage against the mainland. These individuals, allegedly members of Taiwan’s defense ministry, targeted critical infrastructure like power grids, water supplies, and telecommunications networks. Taiwan has denied these accusations, calling them a fabrication by Beijing to justify its ongoing cyberattacks against Taiwan.

14. HP Unveils Quantum-Resistant Printers

HP has unveiled the first business printers designed with quantum-resistant cryptography to combat future threats from quantum computing. The printers utilize the Leighton-Micali Signature system, ensuring protection against potential quantum decryption risks. This move not only safeguards commercial users but also aligns with national security requirements, helping HP maintain access to government markets. Additionally, these printers offer seamless integration with zero-trust architectures, providing robust security for edge devices often neglected in traditional cybersecurity strategies.

15. VulnCheck Raises $12M to Boost Platform

VulnCheck successfully raised $12 million in Series A funding, bringing its total funding to almost $20 million. The investment will enable the company to improve its vulnerability intelligence platform, accelerate its growth, and expand internationally. Used by nearly 7,000 organizations worldwide, VulnCheck offers comprehensive intelligence services, including exploit data and vulnerability tracking, crucial for proactive cybersecurity.