Date: 2.4.25

---

🚨 Top Headlines

Texas to Establish Cyber Command Amid “Dramatic” Rise in Attacks

Summary: Texas Governor Greg Abbott has announced plans to create a Texas Cyber Command, designed to combat a “dramatic” rise in cyber-attacks targeting the US state. Abbott unveiled the Cyber Command as an emergency item during his State of the State address on February 2, 2025.

Source: Infosecurity Magazine

Destroying EDR Service Executable File by Using a Combination of Windows Symbolic Links

Summary: A new method of exploiting the “Bring Your Own Vulnerable Driver” (BYOVD) technique has emerged, combining it with Windows symbolic links to elevate its effectiveness. This innovative approach exploits drivers with file-writing capabilities, bypassing the need to rely solely on vulnerable drivers listed in Microsoft’s blocklist.

Source: Cybersecurity News

---

🔍 Emerging Threats and Indicators

Malware Campaigns:

22 New Mac Malware Families Seen in 2024

Summary: The number of macOS malware families that emerged in 2024 was 22. This is roughly the same as in 2023, but significantly higher than in 2021 and 2022. The latest macOS malware roundup looks at stealers, ransomware, backdoors and downloaders, and does not include adware and malware from previous years.

Source: Security Week

Ransomware:

The Expert Guide to Mitigating Ransomware & Extortion Attacks

Summary: Security experts from Unit 42™ have unveiled the most commonly observed TTPs in ransomware and extortion by analyzing incident response case data and mapping it to the MITRE ATT&CK® framework. This guide provides actionable recommendations to help you and your team put insights into action. Download the guide to get:

Source: GovInfosecurity

Ransomware Targets ESXi Systems via Stealthy SSH Tunnels for C2 Operations

Summary: Cybersecurity researchers have found that ransomware attacks targeting ESXi systems are also leveraging the access to repurpose the appliances as a conduit to tunnel traffic to command-and-control (C2) infrastructure and stay under the radar. “ESXi appliances, which are unmonitored, are increasingly exploited as a persistence mechanism and gateway to access corporate networks widely,” 

Source: The Hacker News

Phishing Campaigns:

Hackers Using Hidden Text Salting Technique To Confuse Spam Filters & Evade Detection

Summary: Cybercriminals are increasingly employing a technique known as “hidden text salting” to bypass spam filters and evade detection.This method, which saw a surge in usage during the latter half of 2024, poses a significant threat to organizations relying on traditional email defense mechanisms.

Source: Cybersecurity News

4 exotic phishing scams are on the rise. Here’s how to catch them in the act

Summary: Despite ever-improving junk mail filters and more sophisticated defense measures, phishing is still one of the biggest threats to cyber security and they’re becoming increasingly difficult to recognize. Criminals are using Large Language Models (LLMs) such as ChatGPT to formulate their emails, which results in largely error-free texts with correct grammar and understandable sentence structure.

Source: PC World

---

📈 Sector-Specific Intelligence

Healthcare:

Health Care Cyberattacks Are on the Rise. What’s Being Done About It?

Summary: Cyberattacks in the health care industry have been steadily increasing over the past 14 years and, in 2023, over 133 million records were exposed in the sector, according to U.S. Department of Health and Human Services (HHS) data compiled by hipaajournal.com.

Source: Newsweek

Infrastructure:

Cyble details Russian hacktivist group Sector 16 targeting US oil infrastructure in alarming data breaches

Summary: New research from Cyble has revealed the emergence of a new Russian hacktivist group on the dark web in January, alongside a surge in data breaches and network access being sold by various threat actors. The data also revealed the emergence of a new group ‘Sector 16,’ which recently teamed up with Z-Pentest – a threat actor previously profiled by Cyble last month – to launch an attack on a Supervisory Control and Data Acquisition (SCADA) system managing oil pumps and storage tanks in Texas.

Source: Industrial Cyber

---

🌐 Global Threat Landscape

Notable APT Activities:

E.U. Sanctions 3 Russian Nationals for Cyber Attacks Targeting Estonia’s Key Ministries

Summary: The Council of the European Union has sanctioned three individuals for allegedly carrying out “malicious cyber activities” against Estonia. The three Russian nationals – Nikolay Alexandrovich Korchagin, Vitaly Shevchenko, and Yuriy Fedorovich Denisov – are officers of the General Staff of the Armed Forces of the Russian Federation (GRU) Unit 29155, it said.

Source: The Hacker News

Iranian hacker group targets Israeli kindergartens in broad attack against Israeli security industry – All Israel News

Summary: Israeli kindergartens and other educational institutions reported on Sunday a cyber-attack affecting push-button public address systems used to broadcast alerts and messages. The affected systems were used to broadcast rocket alert sirens, Arabic messages, and songs in Arabic supporting terror attacks.

Source: AllIsrael

Artificial Intelligence:

New AI “agents” could hold people for ransom in 2025

Summary: When ChatGPT was unveiled to the public in late 2022, security experts looked on with cautious optimism, excited about the new technology but concerned about its use in cyberattacks. But two years on, much of what ChatGPT and other generative AI chat tools offer attackers is a way to improve what already works, not new ways to deliver attacks themselves.

Source: Malwarebytes

The AI Arms Race in Cybersecurity: Trust Nothing, Verify Everything

Summary: The battle between cybercriminals and cybersecurity professionals is increasing daily. A cybersecurity report states that cybercrime could cost as much as $10.5 trillion yearly by 2025. Artificial intelligence has become the weapon in this arms race. As a Senior Site Reliability Engineer (SRE) at Microsoft with over 15 years of experience in cybersecurity, I have seen the evolution of cyber attacks. I have also witnessed the importance of AI in security coupled with a Master’s degree from Georgia Tech and a CISSP certification; this has given me practical experience in how AI aids cybersecurity.

Source: HackerNoon

---

⚠️ Critical Alerts from Official Channels

CISA: 

CISA Partners with ASD’s ACSC, CCCS, NCSC-UK, and Other International and US Organizations to Release Guidance on Edge Devices

Summary: CISA—in partnership with international and U.S. organizations—released guidance to help organizations protect their network edge devices and appliances, such as firewalls, routers, virtual private networks (VPN) gateways, Internet of Things (IoT) devices, internet-facing servers, and internet-facing operational technology (OT) systems. 

Source: CISA

---

Prepared by: Krypt3ia
For inquiries, contact: [email protected]

---

Disclaimer: This digest is for informational purposes only. Use provided intelligence responsibly and validate all IOCs before implementing network or system changes.