Date: 1.31.25

---

🚨 Top Headlines

The Private Sector on the Front Line

Summary: On February 26, 2022, two days after Russia launched its full-scale invasion of Ukraine, Mykhailo Fedorov, Ukraine’s minister of digital transformation, sent an urgent plea to Elon Musk to provide Internet access to the country through his Starlink system. The invasion, which Russia had preceded with a campaign of cyberattacks, had seriously disrupted Ukraine’s digital networks. By the very next day, Musk responded that Starlink was active in Ukraine and that the company would soon be sending more ground terminals to the country.

Source: Foreign Affairs

Google Bans 158,000 Malicious Android App Developer Accounts in 2024

Summary: Google said it blocked over 2.36 million policy-violating Android apps from being published to the Google Play app marketplace in 2024 and banned more than 158,000 bad developer accounts that attempted to publish such harmful apps.

Source: The Hacker News

Warning Issued As Ransomware Attacks Surge—You Have Just 3 Days To Act

Summary: As the FBI warns that local admin accounts should be disabled and Google deploys AI hacking bots to contain threats, cybercrime has never been in the spotlight more than now. One threat, however, simply refuses to go away despite law enforcement actions taking down some of the leading players: ransomware. With the highest number of attacks reported since 2021, this is no time to be apathetic concerning the threat. Indeed, threat intelligence suggests you must act before Feb. 3 or pay the price. Here’s what you need to know and do.

Source: Forbes

We urgently need to bridge the IT-OT cybersecurity divide

Summary: Earlier this year I had the opportunity to meet with a company managing an operational technology (OT) environment governed by Food and Drug Administration (FDA) regulations. The environment included end-of-life (EOL) devices that urgently needed replacement. However, the challenge was that the software running on these devices would not function on modern operating systems.

Source: TechMonitor

---

🔍 Emerging Threats and Indicators

Malware Campaigns

Coyote Banking Malware Weaponizing Windows LNK Files To Execute Malicious Scripts

Summary: A new wave of cyberattacks leveraging the Coyote Banking Trojan has been identified, targeting financial institutions in Brazil.

This sophisticated malware employs malicious Windows LNK (shortcut) files as an entry point to execute PowerShell scripts, enabling multi-stage infection chains that ends in data theft and system compromise.

Source: Cybersecurity News

Phishing Campaigns

DeepSeek’s Growing Influence Sparks a Surge in Frauds and Phishing Attacks

Summary: The rapid rise of DeepSeek, a Chinese artificial intelligence (AI) company, has not only disrupted the AI industry but also attracted the attention of cybercriminals.

As its AI Assistant app became the most downloaded free app on the iOS App Store in January 2025, surpassing OpenAI’s ChatGPT, malicious actors have exploited its popularity to launch phishing campaigns, investment scams, and malware attacks.

Source: Cybersecurity News

Nine out of ten emails are spam

Summary: Now, more than ever, users can fall prey to word-perfect AI-created phishing campaigns, subtle BEC messages that sound remarkably like the sender, and highly convincing ploys from trusted vendors with legitimate-looking websites and clean domains, according to VIPRE Security Group.

Source: Helpnet Security

---

📈 Sector-Specific Intelligence

Healthcare:

When ransomware kills: Attacks on healthcare facilities

Summary: As ransomware attacks continue to escalate, their toll is often measured in data loss and financial strain. But what about the loss of human life? Nowhere is the ransomware threat more acute than in the healthcare sector, where patients’ lives are literally on the line.

Source: Security Intelligence

Malware Found in Healthcare Patient Monitors Linked to Chinese IP Address

Summary: A critical cybersecurity vulnerability has been uncovered in Contec CMS8000 patient monitors, revealing embedded malware that poses significant risks to patient safety and data security. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) reported that the devices include a backdoor linked to a hard-coded IP address associated with a Chinese university.

Source: Cybersecurity News

---

🌐 Global Threat Landscape

Notable APT Activities:

Google: Over 57 Nation-State Threat Groups Using AI for Cyber Operations

Summary: Over 57 distinct threat actors with ties to China, Iran, North Korea, and Russia have been observed using artificial intelligence (AI) technology powered by Google to further enable their malicious cyber and information operations.

“Threat actors are experimenting with Gemini to enable their operations, finding productivity gains but not yet developing novel capabilities,” Google Threat Intelligence Group (GTIG) said in a new report. “At present, they primarily use AI for research, troubleshooting code, and creating and localizing content.”

Source: The Hacker News

---

Prepared by: Krypt3ia
For inquiries, contact: [email protected]

---

Disclaimer: This digest is for informational purposes only. Use provided intelligence responsibly and validate all IOCs before implementing network or system changes.