Cyber Briefing: 2025.01.22

👉 What’s trending in cybersecurity today?

Ransomware, Microsoft Teams Calls, Email Bombing, Malware, Murdoc Botnet, IoT Device Flaws, DDoS Attacks, Homebrew Site, Google Ads, AmosStealer, Visual Studio Code, Zoom, Chrome Cookies, Zendesk, Subdomain Vulnerability, Phishing, Investment Scams, Lynx Ransomware, Australian Auto Parts, Clutch Industries, Rostelecom, Silent Crow, Data Leak, Rhineland-Palatinate Schools, Japan, Sanrio Puroland, Columbia Hospitality, Data Security Incident, TSA Leader, Pekoske, Cyber Threats, Digital Wallet App, Driver’s Licenses, GDPR Fines, Passwords, Specops, Mitiga, Cloud Security.

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please subscribe.

🚨 Cyber Alerts

1. Hackers Use Teams Calls to Deploy Ransomware

Ransomware gangs are increasingly using email bombing and fake IT support calls on Microsoft Teams to gain access to corporate networks. These attacks involve flooding targets with spam emails, followed by Teams calls from adversary-controlled accounts, tricking victims into granting remote access. Researchers at Sophos observed such campaigns linked to groups using tools and techniques often associated with the FIN7 cybercriminal group, highlighting the growing sophistication of these threats.

2. Murdoc Botnet Targets IoT Devices for DDoS

A Mirai botnet variant named Murdoc Botnet exploits vulnerabilities in AVTECH IP cameras and Huawei routers to hijack devices for large-scale distributed denial-of-service (DDoS) attacks. Active since July 2024, this campaign has infected over 1,370 systems across Malaysia, Mexico, Thailand, and other regions. Researchers attribute the attacks to known flaws like CVE-2017–17215 and CVE-2024–7029, using shell scripts to deploy malware tailored to specific CPU architectures.

3. Hackers Use Google Ads to Spread AmosStealer

Hackers have once again exploited Google ads to distribute the AmosStealer malware, targeting macOS and Linux devices. By using a fake Homebrew website, they tricked users into downloading the malicious software by displaying a seemingly legitimate Homebrew URL in ads. Upon visiting the fake site, users were prompted to run a command to install what appeared to be Homebrew, but instead, they unknowingly executed malware that stole valuable information, including browser data, credentials, and cryptocurrency wallet details.

4. VS Code Extension Steals Chrome Cookies

A newly discovered extension for Visual Studio Code (VS Code) has been found to impersonate a legitimate Zoom application, allowing cybercriminals to steal sensitive cookies from Google Chrome. Researchers from ReversingLabs identified the malicious extension, which was uploaded to the VS Code Marketplace in November 2024, highlighting the growing trend of using trusted platforms to distribute malware. The extension used cleverly designed code to target Chrome’s cookie storage, leading to potential data breaches and session hijacking.

5. Zendesk Exploited for Phishing Attacks

A new report reveals how attackers exploit Zendesk’s platform to facilitate phishing and investment scams, including romance baiting schemes. Security researchers found that the system’s free subdomains allow malicious actors to impersonate legitimate companies and trick users into giving up sensitive information or money. CloudSEK’s findings show that since 2023, numerous Zendesk subdomains have been used in scams, bypassing email filters and making phishing efforts more effective.

💥 Cyber Incidents

6. Clutch Industries Hit by Lynx Ransomware

Clutch Industries, an Australian auto parts manufacturer, confirmed being the victim of a cyber attack after the Lynx ransomware group listed it on its darknet leak site. The company reported that the stolen data mainly includes internal and operational information, with no significant evidence of personal data being compromised at this stage. As part of its response, Clutch Industries has notified the Australian Cyber Security Centre and enhanced its security measures to prevent further incidents.

7. Rostelecom Investigates Cyberattack Claim

Rostelecom, one of Russia’s leading telecommunications providers, is investigating a suspected cyberattack on a contractor responsible for maintaining its corporate website and procurement portal. The hacker group Silent Crow claimed responsibility for leaking a significant amount of data, including thousands of customer emails and phone numbers. Although Rostelecom has stated that no highly sensitive personal data was compromised, they have urged affected users to reset passwords and enable two-factor authentication as a precautionary measure.

8. Ransomware Attack Hits Schools in Rhineland

A widespread cyberattack on an IT service provider has caused significant disruptions at 45 schools in Rhineland-Palatinate, Germany. The attack, involving ransomware, has affected systems at both general education and vocational schools, with the impact extending across multiple districts, including Germersheim and Speyer. Authorities are investigating the incident, with forensic experts involved in determining the full extent of the damage, though no confirmed data breaches have been reported so far. Efforts are underway to restore affected systems by the end of the week, while local and state authorities continue their probe into the attack.

9. Sanrio Puroland Network Hit by Cyberattack

Sanrio Puroland experienced a significant network disruption following a cyberattack on January 21, 2025. The attack, attributed to unauthorized third-party access, led to the unavailability of critical services such as My Page functions, visitor reservations, and e-passport ticket purchases. As the company investigates the breach, it has confirmed that some services are still down as of January 22, 2025, with the museum temporarily closed.

10. Columbia Hospitality Data Security Incident

Columbia Hospitality confirmed a data security incident affecting personal information at Semiahmoo Resort. Upon detecting unusual network activity on July 30, 2024, the company secured systems and engaged cybersecurity experts. Following an investigation, it was confirmed that some personal information was potentially exposed. Columbia is offering free identity protection services, including credit monitoring and identity theft recovery, through IDX to help affected individuals mitigate any risks.

📢 Cyber News

11. TSA Leader Removed Amid Cyber Threats

David Pekoske’s leadership at the Administrator of the Transportation Security Administration (TSA) was marked by significant strides in addressing cybersecurity threats, particularly in critical infrastructure sectors. His initiatives helped improve security measures in the airline, pipeline, and rail industries, protecting them from growing digital threats. Under his guidance, cybersecurity standards in these sectors rose, especially following the Colonial Pipeline ransomware attack. Pekoske also played a crucial role in preparing the TSA for emerging cyber threats, particularly from adversarial nations like China and Russia.

12. UK Government Launches Digital Wallet App

The UK government is launching the GOV.UK Wallet, an app that will allow citizens to securely store government-issued documents digitally. Users can store documents like veteran cards and, later, mobile driver’s licenses, which will be available for access instantly via their smartphones. The app will use facial recognition and other security features to protect personal data, with a goal of replacing physical documents by 2027, though they will still be available.

13. GDPR Fines in Europe Decline to €1.2 Billion

In 2024, GDPR fines across Europe fell to €1.2bn, a 33% drop compared to €2.9bn in 2023. This marked the first year-on-year decline since GDPR took effect in 2018, primarily due to a record-breaking €1.2bn fine against Meta in 2023. Despite the reduction, enforcement remained rigorous, targeting big tech firms and expanding into sectors like financial services and energy. The Irish Data Protection Commission led as the top regulator, issuing €3.5bn in fines since GDPR’s implementation.

14. Over 1 Billion Passwords Stolen by Malware

Specops Software’s 2025 Breached Password Report reveals alarming trends in password security, highlighting that over 1 billion passwords were stolen by malware in the past year. Many of these stolen passwords met common complexity requirements, such as including uppercase letters, numbers, and symbols, yet were still compromised. The report emphasizes the continued use of weak passwords like “123456” and “admin” as well as commonly used terms such as “qwerty” and “guest,” which underscores a critical gap in user awareness and education about secure password practices.

15. Mitiga Raises $30 Million for Cloud Security

Mitiga, a cloud security startup based in New York and Israel, has raised $30 million in a Series B funding round led by SYN Ventures, bringing its total funding to $75 million. The new capital will fuel the company’s expansion in North America and Europe, as well as bolster its AI-powered platform with more cloud and SaaS integrations. Mitiga offers advanced tools for threat detection, investigation, and response, including a forensic data lake and automated cloud incident management, which significantly speeds up investigations and enhances security resilience.

Subscribe and Comment.

Copyright © 2025 CyberMaterial. All Rights Reserved.

Follow CyberMaterial on:

LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium.