Mar 10, 2025Ravie LakshmananCybersecurity / Newsletter

The current cybersecurity landscape is characterized by rapidly evolving threats that pose significant risks to global financial systems and critical infrastructure. As new battlegrounds emerge, including nation-state espionage, ransomware, and AI chatbot manipulation, the complexity of the landscape increases, raising essential questions about the security of cloud environments, IoT devices, and the potential consequences of cybercriminals exploiting traditional mail for digital ransom.

This week’s events have revealed a disturbing reality: state-sponsored groups are infiltrating IT supply chains, new ransomware connections are emerging, and attackers are targeting previously untouched industries in creative ways. Furthermore, global law enforcement actions have highlighted both progress and ongoing challenges in combating cybercrime networks.

This edition provides a deeper understanding of these developments and keeps you informed about the threats that continue to reshape the cybersecurity world.

⚡ Threat of the Week

U.S. Charges 12 Chinese Nationals for Nation-State Hacking — The U.S. Department of Justice (DoJ) announced charges against 12 Chinese nationals for their alleged involvement in a widespread scheme to steal data and suppress free speech and dissent worldwide. The defendants include two officers of the People’s Republic of China’s (PRC) Ministry of Public Security (MPS), eight employees of the company i-Soon, and two members of APT27.

🔔 Top News

• U.S. Secret Service Dismantles Garantex — A coalition of international law enforcement agencies has seized the online infrastructure associated with the cryptocurrency exchange Garantex for facilitating money laundering by transnational criminal organizations.
• Silk Typhoon Goes After IT Supply Chains — In a shift in tactics, Salt Typhoon, the China-linked threat actor behind the zero-day exploitation of security flaws in Microsoft Exchange servers in January 2021, has begun to target the information technology (IT) supply chain, specifically remote management tools and cloud applications, to obtain initial access to corporate networks.
• Dark Caracal Linked to Use of Poco RAT — The threat actor called Dark Caracal has been linked to a phishing campaign that distributed a remote access trojan called Poco RAT in attacks targeting Spanish-speaking targets in Latin America in 2024.
• Links Between Black Basta and CACTUS Ransomware Examined — Threat actors deploying the Black Basta and CACTUS ransomware families have been found to rely on the same BackConnect (BC) module for maintaining persistent control over compromised systems, indicating that affiliates previously associated with Black Basta may have transitioned to CACTUS.
• U.A.E. Entities Targeted by UNK_CraftyCamel — A previously undocumented threat activity cluster dubbed UNK_CraftyCamel has targeted “fewer than five” aviation and satellite communications entities in the United Arab Emirates (U.A.E.) to deliver a previously undocumented Golang backdoor dubbed Sosano.

Trending CVEs

The software you rely on every day can have hidden risks that hackers actively target. Staying safe means keeping up-to-date with the latest security patches before vulnerabilities become costly breaches.

Here’s this week’s critical list of software vulnerabilities you should urgently patch or review to protect your systems — CVE-2025-25015 (Elastic Kibana), CVE-2025-22224, CVE-2025-22225, CVE-2025-22226 (VMware), CVE-2024-50302 (Google Android), CVE-2025-0364 (BigAntSoft BigAnt), CVE-2024-48248 (NAKIVO Backup & Replication), CVE-2025-1723 (Zoho ADSelfService Plus), CVE-2025-27423 (Vim), CVE-2025-24494 (Keysight Ixia Vision), CVE-2025-1080 (LibreOffice), CVE-2025-27218 (Sitecore), CVE-2025-20206 (Cisco Secure Client for Windows), CVE-2024-56325 (Apache Pinot), CVE-2025-1316 (Edimax IC-7100), CVE-2025-27622, CVE-2025-27623 (Jenkins), and CVE-2024-41334 through CVE-2024-41340, CVE-2024-51138, CVE-2024-51139 (Draytek routers).

📰 Around the Cyber World

• Apple Reportedly Pushes Back Against Backdoor Access — Apple appears to be pushing back against a secret order issued by the U.K. to give the government access to encrypted iCloud data. According to a report from the Financial Times, the company has filed an appeal with the Investigatory Powers Tribunal, an independent judicial body that examines complaints against the U.K. security services, in hopes of overturning the order.
• IoT Devices Targeted by New Eleven11bot Botnet — A new botnet malware dubbed Eleven11bot is estimated to have infected thousands of IoT devices, primarily security cameras and network video recorders (NVRs), to conduct volumetric DDoS attacks.
• U.S. Treasury Sanctions Iranian National for Running Nemesis Market — The U.S. Treasury Department on Tuesday announced sanctions against an Iranian national named Behrouz Parsarad for running an online darknet marketplace called Nemesis Market that was used for trading drugs and cybercrime services.
• Moonstone Sleet Deploys Qilin Ransomware — Microsoft revealed that it observed the North Korean threat actor tracked as Moonstone Sleet deploying Qilin ransomware at a limited number of organizations in late February 2025.
• Kaspersky Flags Thousands of Malicious Installations of Banking Trojans — Russian cybersecurity company Kaspersky said it prevented a total of 33.3 million attacks involving malware, adware, or unwanted mobile software in 2024.
• PrintSteal Campaigns Engages in Large-Scale KYC Document Generation Fraud in India — Details have emerged about a large-scale, organized criminal operation that involves the mass production and distribution of fake Indian KYC (Know Your Customer) documents, an activity that has been codenamed PrintSteal by CloudSEK.

🎥 Expert Webinar

Traditional AppSec is Broken—Watch This to See How ASPM Can Fix It

Traditional AppSec tools often struggle with today’s complex software environments, creating security blind spots. Application Security Posture Management (ASPM) promises to bridge these gaps by combining code-level insights and runtime context.

Join Amir Kaushansky from Palo Alto Networks to quickly grasp ASPM’s real-world benefits—such as proactive risk management and reduced patching workloads.

Secure your spot now to stay ahead of evolving threats.

P.S. Know someone who could use these? Share it.

🔧 Cybersecurity Tools

• Rayhunter — It is a free and open-source tool developed by EFF to identify devices used for cellular surveillance, commonly called IMSI catchers.
• GCPGoat: A Damn Vulnerable GCP Infrastructure — GCPGoat is a purposely vulnerable Google Cloud environment designed to help users safely learn cloud security.

🔒 Tip of the Week

Get Defense Against Advanced ‘Living off the Land’ Threats — Hackers often misuse built-in tools like PowerShell (Windows) or common Linux utilities to quietly break into systems—this is called a “Living off the Land” (LotL) attack.

For Linux users, create a trusted baseline by running this one-time command on a clean system:

sudo find /usr/bin -type f -exec sha256sum {} ; > /root/trusted.sha256

Then, schedule hourly checks using cron (edit with sudo crontab -e) to verify these binaries:

0 * * * * sha256sum -c /root/trusted.sha256 2>&1 | grep -v “: OK$” && echo “Checksum mismatch detected!” | mail -s “Security Alert” you@example.com

This quick, practical approach stops attackers from sneaking through unnoticed, greatly strengthening your overall security posture.

Conclusion

Cybersecurity isn’t just about technology—it’s about understanding patterns, staying alert, and connecting the dots. As you finish this newsletter, ask yourself: which dot might become tomorrow’s headline, and are you ready for it? Stay informed, stay curious, and keep connecting.