March 6, 2025 – Cyber Briefing

👉 What’s going on in the cyber world today?

Silk Typhoon, IT Supply Chains, Remote Tools, GiveWP Plugin, WordPress Sites, Remote Code Execution, BADBOX 2.0 Malware, Android Devices, Deceptive Apps, SecP0 Ransomware Group, Software Vulnerabilities, Desert Dexter, Middle East, North Africa,Flight Radar 24, DDoS Cyberattack, El Corte Inglés, Personal Data, Payment Information, Superior Court of Justice of Brazil, Stadtwerke Schwerte, Spain, Irún City Hall, US Rural Hospitals, Cybersecurity Improvements, U.S. DOJ, Chinese Nationals, Global Hacking Scheme, Google AI Scam Detection, Rite Aid Class Action.

Listen to the full podcast

🚨 Cyber Alerts

1. Silk Typhoon Shifts to Supply Chain Attacks

The China-linked hacking group Silk Typhoon has adjusted its tactics, targeting IT supply chains to gain initial access to corporate networks. Microsoft Threat Intelligence revealed the group is now exploiting remote management tools and cloud applications for espionage, using stolen keys and credentials to infiltrate networks. This shift to targeting IT services, government sectors, and more highlights their evolving strategy to conduct large-scale attacks across multiple industries globally.

2. Critical Flaw Exposes WordPress Sites to RCE

A critical security flaw in the GiveWP Donation Plugin, tracked as CVE-2025–0912, has exposed over 100,000 WordPress websites to remote code execution (RCE) attacks. The vulnerability, which has been assigned a CVSS 9.8 severity rating, stems from improper handling of user-supplied data in the plugin’s donation form processing logic. Attackers can exploit this flaw to inject malicious PHP objects through deserialization of untrusted input, potentially gaining full access to the compromised server.

3. BADBOX Malware Hits Over 50K Android Devices

Human Security’s Satori Threat Intelligence team uncovered BADBOX 2.0, a malware operation affecting over 50,000 Android devices. The campaign expanded from the original BADBOX, using 24 deceptive apps that primarily targeted off-brand devices. This operation involved multiple fraud schemes, including ad fraud and click fraud, leveraging a sophisticated backdoor for persistent access to compromised systems. Google responded by blocking malicious apps and terminating publisher accounts tied to the threat.

4. SecP0 Ransomware Demands Ransom for Flaws

A new ransomware group called SecP0 has emerged with a troubling tactic: demanding ransom payments not for encrypted data but for undisclosed software vulnerabilities. The group targets critical flaws in widely used enterprise applications, including password management tools, and threatens public disclosure unless a ransom is paid. This novel approach creates a significant risk for organizations, as vulnerabilities, especially zero-day flaws, could lead to mass exploitation and supply chain attacks if released.

5. Desert Dexter Malware Targets Middle East

Desert Dexter, a new malicious campaign uncovered by Positive Technologies, has infected nearly 900 victims across the Middle East and North Africa since September 2024. The operation uses social media ads and Telegram channels to distribute a modified version of AsyncRAT malware, which features sophisticated techniques like custom loaders and keyloggers. The malware primarily targets ordinary users, but some infections have been linked to critical sectors, with financial motives suggested by its focus on cryptocurrency-related data.

💥 Cyber Incidents

6. Flight Radar 24 Battles DDoS Cyberattack

Flightradar24, the widely used global flight tracking service, has been under a sustained Distributed Denial of Service (DDoS) attack for over 14 hours, impacting its users worldwide. The attack has caused significant disruptions, with users on both mobile and web platforms facing difficulties in tracking flights in real-time. While some users can view the flight’s current position, additional information such as the flight’s origin, destination, or estimated arrival times is unavailable. The platform has yet to disclose the source of the attack or its specific motivations but has assured users that it is actively working to mitigate the effects and restore normal service.

7. El Corte Inglés Breach Affects Customers

El Corte Inglés, Spain’s leading department store chain, has fallen victim to a cyberattack that has compromised the personal and payment data of a significant portion of its users. The company explained that the breach occurred through unauthorized access to customer databases, which were managed by an external provider. Although the issue was swiftly detected and resolved, the breach allowed hackers to access identifying and contact details of customers, as well as payment card information. The company assured customers that, despite the exposure of this sensitive information, no unauthorized transactions could be made with the stolen card details.

8. Brazil’s Superior Court Site Hit by DDoS

The Superior Court of Justice (STJ) of Brazil was hit by a cyberattack during Carnival, causing its website to be offline for about 48 hours. The attack, a Distributed Denial of Service (DDoS) operation, overwhelmed the website with 10 million simultaneous connections, disrupting access to public records and news. While the court confirmed that internal systems were unaffected, it activated emergency measures like human access validation to mitigate the attack’s impact, ensuring the system’s long-term functionality.

9. Cyberattack Hit Stadtwerke Schwerte Services

A cyberattack has affected the internal network of Stadtwerke Schwerte, a utility company in Schwerte, North Rhine-Westphalia, Germany, disrupting various internal services and the customer portal. The company clarified that the attack has not impacted essential services such as the provision of energy, and the websites of its associated companies are also unaffected. Stadtwerke Schwerte is working closely with external service providers to resolve the issue as quickly as possible, emphasizing that efforts are ongoing to restore the customer portal and related services.

10. Cyberattack Disrupts Irún City Hall Website

The Irún City Hall in Gipuzkoa, Spain, fell victim to a cyberattack that temporarily paralyzed its municipal website. The attack also impacted other local governments, including the Gipuzkoa Deputation, Donostia City Hall, and Hondarribia City Hall, leading to disruptions in their digital services. While the Irún City Hall website was down for several hours, it was restored later in the day after efforts from the city’s IT service team.

📢 Cyber News

11. DOJ to Appeal Ruling on Cell Tower Searches

The US Department of Justice announced it would appeal a court ruling that deemed the practice of collecting large amounts of data from cell phone towers unconstitutional. The case arose from a search warrant request by the FBI for data from nine towers in a gang investigation. U.S. Magistrate Judge Andrew Harris ruled that such indiscriminate data collection violated Fourth Amendment rights, emphasizing that law enforcement would need probable cause for each individual affected by the search.

12. Rural Hospitals Face Cybersecurity Costs

Microsoft’s recent findings highlight that rural hospitals in the U.S. must invest between $70 million and $75 million collectively to address cybersecurity vulnerabilities. The tech giant’s white paper reveals that each of the 2,100 rural hospitals would need between $30,000 and $40,000 to mitigate basic cyber risks. This extensive assessment, part of the Cybersecurity for Rural Hospitals Program, examined over 250 rural hospitals, with more than 500 hospitals participating in the program, which provides free security assessments and training.

13. Chinese Nationals Charged in Hacking Scheme

The U.S. Department of Justice (DoJ) has filed charges against 12 Chinese nationals accused of participating in a widespread cybercrime operation. The scheme involved stealing sensitive data and suppressing free speech worldwide, with the hackers allegedly linked to the Chinese government’s Ministry of Public Security (MPS). The group included employees of the Chinese company i-Soon, known for its hacking services, and actors from the APT27 hacker group.

14. Google Rolls Out AI Scam Detection

Google has introduced new AI-powered scam detection features for Android devices to protect user privacy. These features target conversational scams and use AI models to flag suspicious patterns in real-time, offering alerts to users during interactions. The company has partnered with financial institutions to better understand scams and refine its detection models, ensuring that users can easily report or block potential threats while maintaining privacy.

15. Rite Aid Settles $6.8 Million Class Action

Rite Aid has agreed to a $6.8 million settlement to resolve class action allegations linked to a cyberattack that exposed sensitive information of over 2 million customers. The breach occurred in June 2024 when hackers impersonated a Rite Aid employee, accessing personal data including names, addresses, and government IDs. Despite detecting the breach within 12 hours, the company’s delayed response and inadequate notification sparked outrage, leading to this settlement for those affected.