March 26, 2025 – Cyber Briefing

👉 What’s trending in cybersecurity today?

IOControl Malware, Critical Infrastructure, US, Israel, ARACNE, Penetration Testing, AI, Safeguards, C2 Domains, Raspberry Robin, Access Broker, Android Malware, .NET MAUI, Sensitive Data, Google Chrome, Zero-Day Exploit, Espionage Attacks, Russian Targets, Abracadabra Finance, Crypto Heist, GMX Exchange, Numotion Data Breach, Personal Information, Heritage South Credit Union, Embargo Ransomware Group, Ukrainian Hackers, Russian Internet Provider, Lovit, NIST, Security Risks, AI, Machine Learning, HIPAA Compliance Audits, Cyber Threats, Snowflake Cyberattack, Hacker Extradition, U.S. Charges, Charm Security, AI-Powered Scams, Social Engineering.

Listen to the full podcast

🚨 Cyber Alerts

1. IOCONTROL Malware Targets US and Israel

IOCONTROL, a new malware strain, poses a significant threat to critical infrastructure in the United States and Israel, particularly targeting fuel-management and IoT systems. Linked to the pro-Iranian hacktivist group Cyber Av3ngers, it utilizes advanced evasion techniques such as a modified UPX packer to avoid detection. The malware exploits vulnerabilities in industrial control systems and uses encrypted command-and-control communications to maintain persistent access and exfiltrate sensitive data, making it difficult for security teams to identify and block the threat.

2. ARACNE AI Penetration Agent Bypasses Limits

ARACNE is an advanced autonomous penetration testing agent that leverages large language models (LLMs) to execute commands on real Linux shell systems. It connects to remote systems, plans attacks, generates shell commands, and evaluates the results entirely on its own, without human intervention. While this agent demonstrates remarkable efficiency and flexibility in testing, its use of jailbreak techniques to bypass AI ethical safeguards raises concerns about potential misuse in cyberattacks.

3. 200+ C2 Domains Linked to Raspberry Robin

A recent investigation revealed nearly 200 command-and-control (C2) domains linked to the Raspberry Robin malware. This evolving threat actor provides initial access broker services to various criminal groups, many of which have ties to Russia. Since its emergence in 2019, Raspberry Robin has facilitated malware distribution for strains like LockBit, Dridex, and IcedID, often using compromised QNAP devices. New distribution techniques include downloading the malware through archives and Windows Script Files via Discord, and utilizing USB-based propagation.

4. Android Malware Uses .NET MAUI to Steal Data

McAfee Labs researchers uncovered a sophisticated Android malware campaign exploiting Microsoft’s .NET MAUI framework. This malware disguises itself as legitimate banking and social media apps to target users, primarily in India and China. It uses advanced evasion techniques, such as hiding core functionalities in encrypted blob binaries and employing multi-stage dynamic loading, making it hard to detect. Once installed, the malware silently steals sensitive data, including personal details and financial information, which is then sent to a command-and-control server.

5. Google Patches Chrome Zero-Day Exploit

Google released a patch for the CVE-2025–2783 vulnerability, which was exploited in espionage attacks targeting Russian organizations. The flaw allowed attackers to bypass Chrome’s sandbox security and deploy sophisticated malware through phishing emails. The targeted attacks were part of the Operation ForumTroll campaign, which focused on media, educational, and government entities in Russia. Kaspersky researchers identified the vulnerability and reported it to Google, leading to an immediate fix, though the company has not yet disclosed full details of the attacks.

💥 Cyber Incidents

6. Abracadabra Finance Loses $13M in Heist

Abracadabra Finance experienced a significant cyberattack that resulted in the theft of approximately $13 million worth of cryptocurrency. The exploit targeted the platform’s gmCauldrons, a product based on GMX liquidity tokens, and drained 6,260 Ethereum coins. While the breach was traced back to Abracadabra’s system, GMX confirmed its platform was unaffected, and the company is working closely with security experts to track the stolen funds. Abracadabra has offered a 20% bug bounty to the hacker in exchange for the return of the stolen assets.

7. Numotion Data Breach Exposes Data of 500000

Numotion, the largest U.S. provider of mobility solutions, experienced a significant data breach affecting nearly 500,000 individuals. Between September and November 2024, hackers gained unauthorized access to employee email accounts, exposing sensitive personal information. The compromised data includes names, dates of birth, medical and financial details, health insurance information, and in some cases, Social Security numbers and driver’s license details. Although Numotion has not confirmed any misuse of the data, they are offering identity theft protection and advising affected individuals to monitor their accounts for suspicious activity.

8. Rome Waste Management Hit by Cyberattack

Rome’s municipal waste management company Ama recently experienced a cyberattack on its IT systems. The company acted swiftly to address the issue and has been collaborating with the postal police and National Cyber Security Agency to investigate the origin of the attack. While the company’s core services continue to operate, some online services are still being restored, with efforts focused on limiting user disruptions and ensuring full system recovery.

9. Heritage South Credit Union Data Breach

Heritage South Credit Union in Alabama recently reported a significant data breach attributed to the Embargo ransomware group. The attack, which compromised personal data such as Social Security numbers, financial details, and loan information, was detected in February 2025. The credit union is working with relevant authorities, offering victims two years of credit monitoring and identity theft protection, while the group demands a ransom to delete the stolen data.

10. Ukrainian Hackers Disrupt Russian ISP

Ukrainian hacker group IT Army claimed responsibility for a major cyberattack on Russian internet provider Lovit, disrupting services in Moscow and St. Petersburg for three days. The attack targeted Lovit’s critical infrastructure, disabling mobile apps, websites, and user accounts. Affected residents in apartment buildings were unable to access their homes due to malfunctioning intercom systems, while businesses reported payment terminal failures. The cyberattack led to significant disruptions in daily life, with Lovit’s lack of preparedness drawing criticism from Russian authorities.

📢 Cyber News

11. NIST Highlights AI Security Challenges

The US National Institute of Standards and Technology (NIST) has raised concerns about the security of AI and machine learning systems, citing significant challenges in mitigating adversarial attacks. These attacks target various phases of ML operations, such as manipulating training data and exploiting model vulnerabilities to extract sensitive information. The report also highlights the trade-offs between AI accuracy and robustness against attacks, urging more research to develop cost-effective verification methods and reliable benchmarks for assessing mitigation performance.

12. HHS Resumes HIPAA Compliance Audits

The U.S. Department of Health and Human Services has resumed HIPAA compliance audits after nearly a decade. The audits focus on provisions of the HIPAA security rule that help prevent ransomware and hacking incidents, which have surged in recent years. These audits target 50 healthcare organizations and business associates, with the goal of identifying security gaps and vulnerabilities. Between 2020 and 2024, the number of hacking incidents and ransomware attacks increased significantly, prompting the agency to act.

13. Hacker to Be Extradited in Snowflake Case

Connor Riley Moucka has consented to be extradited from Canada to the U.S. to face charges connected to the 2024 cyberattack on Snowflake, a large data storage company. The attack breached the accounts of 165 companies, including major organizations like AT&T, Ticketmaster, and Neiman Marcus, exposing millions of sensitive records. While Moucka is suspected of being a key figure in the attack, the full extent of his involvement has not yet been confirmed, and he faces several serious charges, including conspiracy to commit computer fraud, wire fraud, and identity theft.

In 2024, AI-related cyber threats significantly increased, with malicious actors exploiting popular large language models (LLMs) such as ChatGPT. Criminals are actively sharing jailbreaking techniques on underground forums, enabling the creation of harmful content like phishing emails and malware. One popular method, word transformation, bypassed 27% of safety tests, further amplifying the risk. Additionally, compromised accounts on platforms like ChatGPT and Gemini skyrocketed, with millions of accounts affected.

15. Charm Security Raises $8M to Prevent Scams

Charm Security, a New York-based startup, recently emerged from stealth mode with $8 million in seed funding to combat AI-driven scams and social engineering fraud. Founded by cyber intelligence expert Roy Zur and AI-driven fraud prevention pioneer Avichai Ben, the company offers a platform that analyzes human vulnerabilities and customer risk patterns to prevent scams before they occur. The platform disrupts deception in real time across various channels, including digital, voice, and in-person, providing tailored mitigation strategies for businesses.