Date: 1.28.25

---

🚨 Top Headlines

Chinese tech startup DeepSeek says it was hit with ’large-scale malicious attacks’

Summary: LOS ANGELES — Chinese tech startup DeepSeek said it was hit by a cyber attack on Monday that disrupted users’ ability to register on the site. The company, whose artificial intelligence chatbot has sent the tech world into a frenzy, said that it had suffered “large-scale malicious attacks” on its services. Registered users could log in normally, DeepSeek said.

Source: Toronto Sun

Risk Matters: Cyber Risk and AI – The Changing Landscape

Summary: In today’s world of interconnected computer-based information systems, cyber risk has become one of the critical risk factors impacting organizations. Indeed, several studies have shown that cyber risk (i.e., the probability of being the victim of a successful cyber-attack) is one of the, if not the, top risk concerns to senior executives in private, as well as public, sector organizations. Auditors have also recognized the critical nature of cyber risk to organizations, as evidenced by the American Institute of Public Accountants’ development of its cybersecurity risk management reporting framework. Cybersecurity risk is also a key concern to the U.S. Securities and Exchange Commission (SEC), as evidenced by its 2023 disclosure rules requiring registrants to include Item 1C (Cybersecurity) in Form 10-K and to disclose material cyber incidents in Form 8-K.

Source: Newswire

Shifting political winds are adding a new twist as businesses plan for cyber threats

Summary: For business leaders defending their organizations against criminal hackers and state-sponsored cyberattacks, allocating resources can feel like aiming at a moving target. Recent moves by the federal government, including the abrupt firing of members of a cyber advisory committee, could make the process more tricky, experts warn.

Source: Fortune

---

🔍 Emerging Threats and Indicators

Malware Campaigns

PureCrypter Deploys Agent Tesla and New TorNet Backdoor in Ongoing Cyberattacks

Summary: A financially motivated threat actor has been linked to an ongoing phishing email campaign that has been ongoing since at least July 2024 specifically targeting users in Poland and Germany.

The attacks have led to the deployment of various payloads, such as Agent Tesla, Snake Keylogger, and a previously undocumented backdoor dubbed TorNet that’s delivered by means of PureCrypter. TorNet is so named owing to the fact that it allows the threat actor to communicate with the victim machine over the TOR anonymity network.

Source: The Hacker News

Lynx Ransomware Group Unveiled with Sophisticated Affiliate Program

Summary: The Lynx Ransomware-as-a-Service (RaaS) group has been found operating a highly organized platform, complete with a structured affiliate program and robust encryption methods. Researchers at Group-IB gained access to the group’s affiliate panel, revealing the inner workings of this sophisticated cyber-threat.

Source: Infosecurity Magazine

Hackers are using a new AI chatbot to wage cyber attacks: GhostGPT lets users write malicious code, create malware, and curate phishing emails – and it costs just $50 to use

Summary: Hackers are using an uncensored chatbot dubbed GhostGPT to help write malware, highlighting how AI can be twisted to “illegal activities”. That’s according to Abnormal Security, which laid out details of GhostGPT in a blog post, saying the chatbot lacks the guardrails of standard AI tools such as ChatGPT, making it a helpful tool for cyber criminals.

Source: IT Pro

Phishing Campaigns

Hidden text “salting” is letting hackers craft devious email attacks to evade detection

Summary: Hackers are increasingly using “hidden text salting”, or “poisoning” techniques, to work around email security measures and get phishing messages to land in people’s inboxes.

A new in-depth guide published by cybersecurity researchers from Cisco Talos outlines how cybercriminals are abusing HTML and CSS properties in email messages, setting the width of some elements to 0, and using the “display: hidden” feature to hide some content from the victims. They are also inserting zero-width space (ZWSP) and zero-width non-joiner (ZWNJ) characters, and ultimately hiding the true email content, by embedding irrelevant language.

Source: Tech Radar

---

📈 Sector-Specific Intelligence

Healthcare:

How SOC/DFIR Teams Prevent Ransomware Threats in Healthcare – A Case Study on Interlock Ransomware

Summary: Ransomware attacks targeting the healthcare sector have become increasingly challenging to manage due to financial losses and the risks posed to patient safety and operational continuity. Researchers at ANR.RUN analyze the impact of ransomware threats in healthcare, using the notorious Interlock ransomware group as a case study focus is on how ANY.RUN’s advanced tools, including its Interactive Sandbox and Threat Intelligence (TI) Lookup, enable organizations to detect, analyze, and mitigate such attacks.

Source: Cybersecurity News

Infrastructure:

U.S. Coast Guard Issues Landmark Cybersecurity Rule to Protect Maritime Infrastructure

Summary:  The U.S. Coast Guard issued a final rule on January 17 establishing minimum cybersecurity requirements for U.S.-flagged vessels and other regulated facilities. The landmark rule aims to strengthen the resilience of the critical maritime infrastructure against cyberattacks, though its success will hinge on whether infrastructure owners and the Coast Guard itself have adequate resources for effective implementation.

Source: FDD

---

🌐 Global Threat Landscape

Notable APT Activities:

Attacks by Gamaredon copycat target Russia

Summary:  Organizations across Russia have been targeted by the newly emergent Gama Copy threat cluster, which leverages Russian state-backed hacking operation Gamaredon‘s tools, in new attacks aimed at spreading UltraVNC for remote compromise, The Hacker News reports.

Source: SC World

Critical Vulnerabilities Released (CVE’s): 

Apple zero-day vulnerability exploited to target iPhone users (CVE-2025-24085)

Summary: CVE-2025-24085 is a use after free bug in CoreMedia, a framework used by Apple devices for the processing of media data.

The vulnerability can be triggered by a malicious application and may allow attackers to elevate privileges on targeted devices.

Source: HelpNet Security

---

⚠️ Critical Alerts from Official Channels

CISA: 

CISA Releases Seven Industrial Control Systems Advisories

Summary:  ISA released seven Industrial Control Systems (ICS) advisories on January 28, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

Source: CISA

---

Prepared by: Krypt3ia
For inquiries, contact: [email protected]

---

Disclaimer: This digest is for informational purposes only. Use provided intelligence responsibly and validate all IOCs before implementing network or system changes.