Date: 1.30.25

---

🚨 Top Headlines

Fragmented cybersecurity is costing businesses billions, and putting them at risk

Summary: Businesses are losing an average of 5% of their annual revenue simply due to fragmented cybersecurity solutions, new research has claimed. A report by IBM and Palo Alto Networks found more than half (52%) of execs now state fragmented solutions are preventing them from innovating and managing cyber threats efficiently, highlighting a major challenge which stands in the way of increased security and financial efficiency.

Source: TechRadar

FBI takes down Cracked.to and Nulled.to in a global law enforcement operation

Summary: FBI has taken down Cracked.to, Nulled.to, and a few other hack sites cybercriminals use for dropping stolen credentials, software cracks, and remote desktop hacks in a coordinated law enforcement operation. In Operation Talent, several domains suspected of facilitating hacking activities have been busted with a law-enforcement “seizure” notice now showing up on their landing. “This website, as well as the information on the customers and victims of the websites, has been seized by international law enforcement partners,” reads the notice.

Source: CSO

CISOs’ top 12 cybersecurity priorities for 2025

Summary: Security chief Andrew Obadiaru’s to-do list for the upcoming year will be familiar to CISOs everywhere: advance a zero-trust architecture in the organization; strengthen identity and access controls as part of that drive; increase monitoring of third-party risks; and expand the use of artificial intelligence in security operations. “Nothing is particularly new — maybe AI is newer, and the pace at which it’s all going keeps increasing — but we need to do better at all of it in 2025,” says Obadiaru, CISO at Cobalt, which offers penetration testing as a service.

Source: CSO

---

🔍 Emerging Threats and Indicators

Malware Campaigns

New SystemBC RAT Attack Linux Systems to Hack Corporate Infrastructure

Summary: A new variant of the SystemBC Remote Access Trojan (RAT) has emerged, explicitly targeting Linux-based systems. Known for its stealth capabilities, this malware is designed to infiltrate corporate networks, cloud servers, and IoT devices, posing a significant threat to internal corporate services and overall cybersecurity.

Source: CyberSecurity News

Lumma Stealer’s GitHub-Based Delivery Explored via Managed Detection and Response

Summary: Trend Micro™ Managed XDR  uncovered a sophisticated campaign involving Lumma Stealer, an information-stealing malware, that was being distributed through GitHub’s release infrastructure. The investigation revealed that malicious actors exploited GitHub as a trusted platform to deliver the stealer, which subsequently initiated additional malicious activities. It then downloaded and executed other threats, including SectopRAT (a remote access trojan), Vidar, Cobeacon, and another Lumma Stealer variant.

Source: Trend Micro

New Mirai botnet fires off DDoS attacks via compromised Mitel phones, notifies command & control when detected

Summary: A third variant of the Mirai-based Aquabot malware is apparently taking over Mitel phones to create a remote-controlled botnet that can fire off distributed denial of service (DDoS) attacks. Dubbed Aquabotv3, the malware is actively exploiting a known vulnerability in the devices to  access their session initiation protocol (SIP) function, according to Akamai’s Security Intelligence and Response Team.

Source: CSO

Phishing Campaigns

New SMS-Based Phishing Tool ‘DevilTraff’ Enables Mass Cyber Attacks

Summary: A new SMS phishing tool, DevilTraff, is emerging as a major threat in the cybersecurity landscape, enabling cybercriminals to launch large-scale smishing campaigns with unprecedented ease and efficiency. This platform’s advanced features, including sender ID spoofing and API automation, make it a potent weapon for orchestrating phishing attacks globally.

Source: CyberSecurity News

Threat Actors Exploit Government Website Vulnerabilities For Phishing Attacks

Summary: Cybercriminals are increasingly exploiting vulnerabilities in government websites to carry out phishing campaigns, leveraging the inherent trust users place in official domains. A recent report by Cofense Intelligence shows that how attackers are weaponizing .gov top-level domains (TLDs) across multiple countries for malicious purposes, including credential phishing, malware delivery, and command-and-control (C2) operations.

Source: CyberSecurity News

How Threat Actors are Using Artificial Intelligence

Summary: Artificial intelligence is a red-hot mess, filled with contradicting predictions over whether it will bring vast benefits. From a cybercriminal perspective, AI is already providing productivity gains, from reconnaissance to drafting phishing emails to help in creating scripts and code. Ashley Jess, senior intelligence analyst with Intel 471, says threat actors in 2024 developed AI tools for specific tasks, such as data exfiltration and analysis tools designed for ransomware and data extortion groups. The cost of these tools has fallen significantly since 2022, increasing their diversity as well as their availability. Threat actors are using a combination of open-source models such as Meta’s Llama and API access to others. In this Studio 471, Jess shares her insight into how AI will shape the threat landscape.

Video: https://www.youtube.com/watch?v=UuhIRP_uI9E 

Source: Intel 471

---

📈 Sector-Specific Intelligence

Healthcare:

Ransomware Attack Disrupts Blood Donation Services in US

Summary: New York Blood Center Enterprises (NYBCe) has been hit by a ransomware attack, disrupting critical blood donation services across the US. The collection of independent community-based blood centers revealed in a statement on January 29 that it had taken certain systems offline to contain the threat.

Source: InfoSecurity Magazine

Frederick Health Hit by Ransomware Attack

Summary: Maryland healthcare provider Frederick Health is scrambling to restore its systems after taking them offline in response to a ransomware attack. The disruption, the healthcare network said on Monday, caused certain delays in its services, as it reverted to downtime procedures.

Source: Security Week

Infrastructure:

Third-Party Vendors Are the Supply Chain’s Ignored Vulnerability

Summary: The supply chain is only as strong as its weakest link. For logistics companies operating in an evermore complicated cybersecurity and technological environment, this is third-party partners. A recent report from Hexnode surveyed 1,000 IT professionals across small and mid-sized supply chain organizations and revealed a deeply concerning trend. Over half (52%) of the organizations encountered cybersecurity incidents stemming from third-party vendors on at least one occasion.

Source: HackerNoon

---

🌐 Global Threat Landscape

Notable APT Activities:

Nation-State Hackers Abuse Gemini AI Tool

Summary: Nation-state threat actors are frequently abusing Google’s generative AI tool Gemini to support their malicious cyber operations.

An analysis by the Google Threat Intelligence Group (GTIG) highlighted that APT groups from Iran, China, Russia and North Korea are using the large language model (LLM) for a wide range of malicious activity.

Source: Infosecurity Magazine

Researchers Uncover Lazarus Group Admin Layer for C2 Servers

Summary: An ongoing investigation into recent attacks by North Korea’s Lazarus group on cryptocurrency entities and software developers worldwide has uncovered a hidden administrative layer that the threat actor has been using to centrally manage the campaign’s command-and-control (C2) infrastructure.

Source: Dark Reading

North Koreans clone open source projects to plant backdoors, steal credentials

Summary: North Korea’s Lazarus Group compromised hundreds of victims across the globe in a massive secret-stealing supply chain attack that was ongoing as of earlier this month, according to security researchers. The crew’s latest operation, dubbed Phantom Circuit, planted backdoors in clones of legitimate software packages and open source tools so that developers and others specifically in the cryptocurrency industry would accidentally use them, compromising their machines. These poisoned projects would be shared via places like Gitlab.

Source: The Register

Critical Vulnerabilities Released (CVE’s): 

New Aquabot Botnet Exploits CVE-2024-41710 in Mitel Phones for DDoS Attacks

Summary: A Mirai botnet variant dubbed Aquabot has been observed actively attempting to exploit a medium-severity security flaw impacting Mitel phones in order to ensnare them into a network capable of mounting distributed denial-of-service (DDoS) attacks. The vulnerability in question is CVE-2024-41710 (CVSS score: 6.8), a case of command injection in the boot process that could allow a malicious actor to execute arbitrary commands within the context of the phone.

Source: The Hacker News

---

Prepared by: Krypt3ia
For inquiries, contact: [email protected]

---

Disclaimer: This digest is for informational purposes only. Use provided intelligence responsibly and validate all IOCs before implementing network or system changes.