Date: 2.21.25

---

🚨 Top Headlines

Firing of 130 CISA staff worries cybersecurity industry

Summary: The firing of upwards of 130 cybersecurity professionals at the US Cybersecurity and Infrastructure Security Agency (CISA) is a disaster for the US, but also for many of its allies that count on close collaboration, a security expert said Thursday.

David Shipley, CEO of Beauceron Security, said he “struggles to think of another government agency that has built so much credibility and goodwill and respect across the private sector as what CISA has done. [The dismissals] are wholly undeserved, foolhardy and it’s like you can see the iceberg and you decide to speed the Titanic up. That seems like a bad thing to me.”

Source: CSO

Major website hijacking scam sees over 35,000 sites attacked, redirected to gambling sites, so be on your guard

Summary: More than 35,000 websites have been compromised in a major hacking campaign that saw users redirected to malicious pages, or possibly even served malware, experts have warned.

A report from cybersecurity researchers at c/side, did not detail who the attackers are, other than saying they could be linked to the Megalayer exploit.

Source: Tech Radar

Purported Black Basta internal communications exposed

Summary: Internal chat logs allegedly belonging to the Black Basta ransomware-as-a-service operation, also known as Vengeful Mantis, have been leaked by the threat actor ExploitWhispers in retaliation to the ransomware gang’s targeting of Russian banks, according to BleepingComputer.

Source: SC Media

---

🔍 Emerging Threats and Indicators

Malware Campaigns

New Mac Infostealer Warning—Do Not Visit These Sites

Summary: There’s a very reasonable argument to suggest that Microsoft devices are more at risk than Apple ones, thanks to the number of Windows users and the accompanying effort that cybercriminals put into attempts to compromise them. That doesn’t mean that Windows is an inherently insecure operating system, however, and Windows 10 users are urged to upgrade, for free, to Windows 11 before security support for the former stops being provided.\

Source: Forbes

Phishing Campaigns

Mobile phishing attacks on the rise

Summary: Mobile-targeted phishing, or mishing, attacks involving more advanced social engineering tactics have significantly increased in prevalence last year, with one particular global attack campaign compromising over 600 organizations, reports SiliconAngle.

Source: SC World

---

📈 Sector-Specific Intelligence

Healthcare:

China-linked hackers target European healthcare orgs in suspected espionage campaign

Summary: A previously unknown hacking group has been spotted targeting European healthcare organizations using spyware linked to Chinese state-backed hackers and a new ransomware strain, researchers said.

The campaign, which took place in the second half of 2024, likely exploited a vulnerability in security products from an Israel-based cybersecurity firm, according to researchers at Orange Cyberdefense. 

Source: The Record

---

🌐 Global Threat Landscape

Notable APT Activities:

North Korean hackers are posing as software development recruiters to target freelancers

Summary: Freelance software developers are the latest target of North Korean hackers looking to spread infostealing malware, experts have warned.

The latest campaign, identified by ESET as DeceptiveDevelopment, involves the hackers posing as recruiters on social media to target freelance developers working on cryptocurrency projects.

Source: Tech Radar

German election targeted by Russian disinformation, security services warn

Summary: Germany’s security services warned on Friday that fake videos circulating online purporting to reveal ballot manipulation in the country’s upcoming federal elections were part of a Russian information operation.

A spokesperson for the Interior Ministry told Recorded Future News: “A targeted campaign is currently being used to try to influence the federal election campaign.”

Source: The Record

Cisco Details ‘Salt Typhoon’ Network Hopping, Credential Theft Tactics

Summary: A fresh report from the Cisco Talos Intelligence Group provides official confirmation that in at least one incident Salt Typhoon exploited CVE-2018-0171, a remote code execution vulnerability in Cisco’s Smart Install feature. This flaw was patched in 2018, but unpatched legacy systems remain at risk.

While there have been reports of Salt Typhoon abusing other Cisco vulnerabilities, the Talos researchers say they have not yet found evidence confirming additional exploit activity.

Source: Security Week

---

⚠️ Critical Alerts from Official Channels

FBI/CISA: 

FBI Says Backup Now—Confirms Dangerous Attacks Underway

Summary: Phishing, social engineering, scams, or whatever label you like to attach to the “click here” campaigns so beloved of attackers the world over is not the only security threat you need to pay attention to. I mean, that should go without saying, but ignoring other attack methodologies is akin to burying your head in the sand while someone steals your bucket and spade afterward.

Source: Forbes

CISA and FBI warns Ghost ransomware is targeting critical infrastructure and businesses

Summary: The U.S. Cybersecurity and Infrastructure Agency, along with the Federal Bureau of Investigation and the Multi-State Information Sharing and Analysis Center, has issued a joint advisory warning of the activities of Ghost ransomware, also known as Cling.

The group behind Ghost ransomware allegedly operates out of China and has targeted organizations in more than 70 countries, including critical infrastructure, schools, healthcare, government networks and businesses, for financial gain.

Source: SiliconAngle

---

Prepared by: Krypt3ia
For inquiries, contact: [email protected]

---

Disclaimer: This digest is for informational purposes only. Use provided intelligence responsibly and validate all IOCs before implementing network or system changes.