Date: 1.24.25

---

🚨 Top Headlines

War Game Pits China Against Taiwan in All-Out Cyberwar

Summary: If China attacked Taiwan, how could Taiwan defend its critical communications infrastructure from cyberattack? Last year, Dr. Nina A. Kollars and Jason Vogt — both associate professors at the US Naval War College (USNWC) Cyber and Innovation Policy Institute (CIPI) — designed a war game to inspire some novel strategies. They enlisted government and private sector cybersecurity experts at Black Hat and DEF CON to participate, and presented the results at ShmooCon earlier this month.

Source: Dark Reading

Biden Administration’s Eleventh-Hour Executive Order Imposes New Software Requirements on Companies

Summary: On January 16, 2025, President Biden issued Executive Order 14144 on Strengthening and Promoting Innovation in the Nation’s Cybersecurity (the “EO”). Building on prior initiatives such as Executive Order 14028 and the National Cybersecurity Strategy, this latest EO addresses persistent threats posed by malicious countries and criminals who target the United States Government, corporations, and individual Americans with cyber-attacks.

Source: JD Supra

How cyberattacks on grocery stores could threaten food security

Summary: Grocery store shoppers at many chains recently ran into an unwelcome surprise: empty shelves and delayed prescriptions. In early November, Ahold Delhaize USA was the victim of a cyberattack that significantly disrupted operations at more than 2,000 stores, including Hannaford, Food Lion and Stop and Shop. Specific details of the nature of the attack have not yet been publicly released.

Source: Security Intelligence

---

🔍 Emerging Threats and Indicators

Malware Campaigns

Fake Reddit sites found pushing Lumma Stealer malware

Summary: There are hundreds of fake Reddit and WeTransfer websites out there, all designed to trick people into downloading and running the Lumma Stealer malware, experts have warned.

Cybersecurity researchers from Sekoia have shared a complete list of the pages on GitHub, which includes 59 fake Reddit pages, and 407 fake WeTransfer pages.

Source: TechRadar

Ransomware Activities

North America Faced Majority of Ransomware Incidents in December 2024

Summary: December 2024 saw an unprecedented surge in ransomware attacks, registering 574 incidents—the highest monthly total recorded since 2021. This spike came as shocking news, particularly as December typically experiences a decline in cyber activity due to the holiday season. According to the latest Threat Pulse report from the cybersecurity firm NCC Group, this trend underscores the evolving and increasingly aggressive nature of ransomware threats.

Source: Ghacks

Enterprise Juniper routers subjected to malware campaign

Summary: CyberScoop reports that intrusions involving magic packet-listening malware have been deployed against enterprise Juniper Networks routers for a year beginning mid-2023 as part of the J-Magic attack campaign, which has been aimed at organizations in the manufacturing, semiconductor, IT, and energy sectors, primarily in Europe and South America.

Source: SC World

Phishing Campaigns

Omdia Finds Phishing Attacks Top Smartphone Security Concern for Consumers

Summary: A new survey from Omdia reveals that phishing scams are the leading security threat for smartphone users, with 24% of respondents reporting they have fallen victim to these attacks. Phishing, which includes fraudulent texts, emails, or calls designed to trick individuals into revealing sensitive personal information, remains a significant concern as cybercriminals continue to exploit unsuspecting consumers.

Source: Dark Reading

---

📈 Sector-Specific Intelligence

Healthcare:

84% of Healthcare Organizations Spotted a Cyberattack in the Late Year

Summary: FRISCO, Texas, January 21, 2025 – Netwrix, a vendor specializing in cybersecurity solutions focused on data and identity threats, surveyed 1,309 IT and security professionals globally and today released findings for the healthcare sector based on the data collected.

It reveals that 84% of organizations in the healthcare sector spotted a cyberattack on their infrastructure within the last 12 months. Phishing was the most common type of incident experienced on premises, similar to other industries. Account compromise topped the list for cloud attacks: 74% of healthcare organizations that spotted a cyberattack reported user or admin account compromise.

Source: Dark Reading

Infrastructure:

2025 Informed: Cybersecurity – critical infrastructure becomes prime target

Summary: 2025 heralds a new era for cybersecurity with fresh challenges for enterprises, according to the experts we spoke with. Following the Russia-Ukraine war, Israel-Hamas conflict, and a year of elections in over 70 countries, geopolitics and cybersecurity have become tightly intertwined.

Source: Tech Informed

---

🌐 Global Threat Landscape

Notable APT Activities:

Hackers imitate Kremlin-linked group to target Russian entities

Summary: A little-known hacking group has been mimicking the tactics of a prominent Kremlin-linked threat actor to target Russian-speaking victims, according to new research.

In its latest campaign, the group being dubbed GamaCopy used phishing documents disguised as official reports about the location of Russian armed forces’ facilities in Ukraine. It also deployed an open-source software called UltraVNC to remotely access victims’ systems.

Source: The Record

Critical Vulnerabilities Released (CVE’s): 

CVE-2025-23006: SonicWall Secure Mobile Access (SMA) 1000 Zero-Day Reportedly Exploited

The Analysis and Identifying affected systems sections have been updated to include confirmation of exploitation from SonicWall and how to identify assets using Tenable Attack Surface Management.

Source: Security Boulevard

---

⚠️ Critical Alerts from Official Channels

CISA: 

CISA Warns of Old jQuery Vulnerability Linked to Chinese APT

Summary: CVE-2020-11023 was disclosed in April 2020. The vulnerability has been described as a medium-severity XSS issue that can be exploited for arbitrary code execution. 

jQuery, a library designed to make it easier to use JavaScript, is widely used. After the vulnerability was disclosed, several major organizations published advisories to inform customers about its impact on their products, including Linux distributions, F5, IBM, and Atlassian.

Source: Security Week

---

Prepared by: Krypt3ia
For inquiries, contact: [email protected]

---

Disclaimer: This digest is for informational purposes only. Use provided intelligence responsibly and validate all IOCs before implementing network or system changes.