> ai://ti

autonomous threat intelligence feed

Top Stories

๐Ÿ“ฐ Abuse & Fraud
Tren de Aragua Gang Charged for ATM Jackpotting with Ploutus Malware in the US
The Tren de Aragua gang faces multiple indictments for deploying Ploutus malware on ATMs across the US, allegedly stealing millions. The gang's activities have prompted a broader crackdown by US authorities on their criminal operations.

Key points:

  • The indictment includes charges of bank fraud, burglary, and money laundering.
  • Tren de Aragua, designated a foreign terrorist organization, is accused of funding criminal activities through these schemes.
  • Ploutus malware allows unauthorized cash withdrawals from ATMs and deletes evidence of its presence.
  • Since 2021, over 1,500 jackpotting incidents have resulted in losses exceeding $40 million in the U.S.
Sources: The Register Security (1 articles)
๐Ÿšจ Intrusions
Former Cybersecurity Professionals Admit Guilt in Ransomware Attacks
Ryan Clifford Goldberg and Kevin Tyler Martin, ex-incident responders, pleaded guilty to participating in ransomware attacks while employed at cybersecurity firms. Their actions resulted in over $9.5 million in losses, with a significant ransom paid by a medical company.

Key points:

  • Goldberg and Martin were involved in ransomware attacks using ALPHV/BlackCat while working at Sygnia and DigitalMint.
  • They pleaded guilty to conspiracy to interfere with interstate commerce by extortion, reducing potential prison time.
  • The attacks impacted multiple organizations, including a medical company that paid a $1.3 million ransom.
  • Both are ordered to forfeit $342,000 and may face additional fines and restitution.
  • The case highlights the abuse of trust by cybersecurity professionals in facilitating ransomware attacks.
Sources: Cyberscoop (1 articles)
๐Ÿšจ Intrusions
Ukrainian National Admits Guilt in Nefilim Ransomware Operations
Artem Stryzhak has pleaded guilty to conspiracy charges related to Nefilim ransomware attacks targeting organizations in the U.S. and Europe. He faces up to 10 years in prison, while authorities continue to seek his co-conspirator, Volodymyr Tymoshchuk.

Key points:

  • Stryzhak's attacks spanned from mid-2018 to late 2021, causing significant financial losses.
  • He was arrested in Spain and extradited to the U.S. in April 2024.
  • The Nefilim group targeted high-revenue companies, customizing ransomware for each victim.
  • Authorities are offering an $11 million reward for information on co-conspirator Tymoshchuk.
  • Stryzhak's operations extended beyond the U.S. to several European countries.
Sources: Cyberscoop (1 articles)
๐Ÿ’ฃ Exploits
WatchGuard addresses critical zero-day vulnerability in Firebox firewall
WatchGuard has released a patch for a critical zero-day vulnerability, CVE-2025-14733, affecting its Firebox firewall appliances. The flaw allows remote code execution, and threat actors are actively exploiting it. Administrators are urged to check for signs of compromise and update their systems immediately.

Key points:

  • CVE-2025-14733 has a CVSS score of 9.3 and affects the iked process in Fireware OS.
  • The vulnerability allows unauthenticated remote attackers to execute arbitrary code.
  • Affected versions include Fireware OS 2025.1 to 2025.1.3 and legacy versions up to 11.12.4_Update1.
  • Administrators must check for signs of compromise and rotate locally stored secrets post-patching.
  • Previous vulnerabilities in WatchGuard products highlight the importance of timely patching.
Sources: CSO Online (1 articles)

Other Updates

๐ŸŽฏ Campaigns
Iranian APT Prince of Persia Resurfaces with Updated Malware and C2 Infrastructure
Prince of Persia APT group has returned with advanced malware and new command-and-control techniques.

Key points:

  • The group, previously thought dormant, has been active with updated malware for reconnaissance and data exfiltration.
  • New malware versions Foudre v34 and Tonnerre v17 feature significant changes in delivery and command-and-control mechanisms.
  • Malware is now delivered via Excel files with embedded executables, evading detection by antivirus software.
  • The group has shifted to using Telegram for communication with select victims, indicating a change in operational tactics.
  • Victims include individuals in Iran and several other countries, with ongoing monitoring proving challenging due to frequent C2 server changes.
Sources: CSO Online (1 articles)
๐Ÿค– AI
FBI Reports Ongoing Deepfake Impersonation of U.S. Officials Since 2023
The FBI warns of a deepfake impersonation campaign targeting U.S. officials dating back to 2023.

Key points:

  • Impersonators use AI voice cloning tools to mimic senior U.S. officials.
  • The campaign has been active since at least 2023, affecting various government levels.
  • Victims are approached via SMS and moved to encrypted messaging apps for further scams.
  • Access to victims' contact lists enables further impersonation attempts.
  • The State Department has issued warnings regarding these impersonation tactics.
Sources: Cyberscoop (1 articles)
๐ŸŽฏ Campaigns
Nigerian Police Arrest RaccoonO365 Phishing Kit Developer Following Microsoft and FBI Tips
Nigerian police arrested a developer of the RaccoonO365 phishing kit, disrupting a major cybercrime operation.

Key points:

  • Okitipi Samuel was arrested in Lagos and Edo states as part of a crackdown on phishing activities.
  • RaccoonO365 was a subscription service used to create fake Microsoft login pages to harvest credentials.
  • The phishing kit targeted 9,000 email addresses daily and employed techniques to bypass multifactor authentication.
  • Microsoft previously seized 338 websites associated with RaccoonO365 to disrupt its operations.
  • The Nigerian police's actions reflect a growing commitment to combat cybercrime in the region.
Sources: The Record by Recorded Future (1 articles)
๐Ÿ“ฐ Abuse & Fraud
Thailand Launches Global Initiative to Combat Online Scams
Thailand leads a new international effort to combat online scams with global partnerships and private sector involvement.

Key points:

  • The Global Partnership Against Online Scams was launched at a conference in Bangkok, involving Thailand, Bangladesh, Nepal, Peru, and the UAE.
  • The initiative focuses on political commitment, law enforcement collaboration, and victim protection to address the growing issue of online scams.
  • Meta and TikTok participated in the conference, highlighting the role of AI in scams and the need for private sector involvement.
  • Scam victims reportedly lost between $18 billion and $37 billion in 2023, emphasizing the urgency of the initiative.
  • The partnership aims to unite various stakeholders to effectively combat transnational scam networks.
Sources: SecurityWeek (1 articles)
๐Ÿ“ฐ Abuse & Fraud
Nigerian Police Arrest Developer of Raccoon0365 Phishing Platform Targeting Microsoft 365
Nigerian authorities arrested three suspects linked to the Raccoon0365 phishing platform affecting Microsoft 365 users.

Key points:

  • The Raccoon0365 platform automated the creation of fake Microsoft login pages for credential theft.
  • The phishing service compromised at least 5,000 Microsoft 365 accounts across 94 countries.
  • One suspect, Okitipi Samuel, allegedly developed the platform and sold phishing kits via a Telegram channel.
  • The operation was supported by intelligence from Microsoft and the FBI, leading to arrests in Lagos and Edo States.
  • Searches at the suspects' homes recovered digital equipment linked to the fraudulent activities.
Sources: Bleeping Computer (1 articles)
๐Ÿ“ฐ Abuse & Fraud
User Loses $50M in USDt Due to Address Poisoning Attack
A copy-paste error led to a $50 million loss in a classic address poisoning scam.

Key points:

  • The victim lost 49,999,950 USDt after copying a look-alike wallet address from their transaction history.
  • Address poisoning attacks insert malicious addresses into transaction histories, deceiving users into selecting them.
  • The attacker converted the stolen USDt into Ether and moved it through multiple wallets and Tornado Cash.
  • This incident underscores the importance of vigilance in cryptocurrency transactions to avoid human error.
Sources: Cointelegraph (1 articles)

Read More by Category

All ๐Ÿ’ฃ Exploits ๐Ÿšจ Intrusions ๐ŸŽฏ Campaigns โ˜๏ธ Cloud ๐Ÿค– AI ๐Ÿช™ Blockchain ๐Ÿ›๏ธ Policy

Additional Signals