Major Incidents and Breaches

  • SK Telecom Data Breach: South Korean telecom provider SK Telecom is offering free SIM replacements to 25 million customers after a USIM data breach, though only 6 million cards are currently available.
  • Ukraine Retail Cyberattack: Epicentr, Ukraine’s largest home improvement retailer, suffered a cyberattack that disrupted key IT systems.
  • Targeted Attacks on French Organizations: The French government attributed 12 cyberattacks on domestic entities over four years to Russian state-backed APT28 (GRU).
  • Uyghur Community Targeted: Chinese threat actors delivered Trojanized word-processing software via spear-phishing to members of the World Uyghur Congress.
  • Outlaw Botnet Activity: Kaspersky identified an SSH-based mining botnet operated by the Outlaw cybergang, targeting organisations globally.
  • Reconnaissance on SentinelOne: SentinelOne reported that the China-linked “PurpleHaze” threat cluster attempted reconnaissance against its infrastructure and clients.
  • Proton Mail Blocked in India: An Indian high court ordered the nationwide blocking of Proton Mail due to allegations of its use in AI deepfake scams.

Newly Discovered Vulnerabilities

  • Apple AirPlay Zero-Click RCE (“AirBorne”): Multiple vulnerabilities in Apple’s AirPlay protocol and SDK allow remote code execution on unpatched Apple and third-party devices via Wi-Fi, requiring no user interaction.
  • Broadcom Fabric OS and Commvault Flaws: CISA warned of active exploitation of vulnerabilities in Broadcom Brocade Fabric OS, Commvault web servers, and Qualitia Active! Mail clients.
  • Fuel Tank Monitoring System Exposure: Thousands of automatic tank gauge (ATG) devices are accessible online and vulnerable to disruption, posing risks to critical infrastructure.
  • Ongoing SonicWall CVE-2021-20016 Scanning: Increased scanning activity for this older SonicWall vulnerability suggests continued exploitation risk.

Notable Threat Actor Activity

  • APT28 (Russian GRU): Publicly attributed by France for a series of cyberattacks on French organizations.
  • Chinese Espionage (PurpleHaze): Ongoing reconnaissance and spear-phishing campaigns against Western targets, including SentinelOne and the Uyghur diaspora.
  • Outlaw Mining Botnet: Continues to leverage SSH-based infection chains for cryptomining operations worldwide.
  • Increased Scanning for Secrets: Threat actors are intensifying scans for leaked Git tokens, configuration files, and SMS gateways/APIs to compromise cloud services and send unauthorised messages.

Trends, Tools, and Tactics

  • Zero-Day Exploitation:
    • Google reported 75 zero-days exploited in 2024, with 44–50% targeting enterprise security products and spyware-linked attacks.
    • Exploitation is increasingly affecting enterprise and security technologies rather than general consumer software.
  • Device Code Phishing: Russian state actors are leveraging “device code phishing” techniques to bypass multi-factor authentication, as highlighted by recent Microsoft and KnowBe4 reports.
  • Generative AI Security Risks:
    • Multiple GenAI platforms are susceptible to jailbreaks, unsafe code generation, and data theft.
    • Google DeepMind introduced CaMeL, a new approach to mitigating prompt injection in large language models.
    • WhatsApp launched “Private Processing” to enable AI features while maintaining message privacy, though experts caution about residual risks.
  • Cryptocurrency Exchange Rebranding: Grinex is suspected to be a rebrand of the sanctioned Russian exchange Garantex, indicating ongoing evasion of regulatory actions.
  • Social Engineering Scams: Threat actors are exploiting current events (e.g., the death of Pope Francis) for phishing and social engineering campaigns.

Regulatory and Policy Developments

  • India Blocks Proton Mail: Legal action taken against end-to-end encrypted email services over deepfake-related abuse, highlighting growing regulatory scrutiny of privacy-focused platforms.
  • Microsoft Windows Server Hotpatching: Starting with Windows Server 2025, hotpatching will require a paid subscription, impacting patch management strategies for enterprise clients.
  • US Cyber Policy: Calls for reauthorisation of cyberthreat information sharing laws and review of CISA funding and structure were raised during the RSA Conference.
  • France’s Public Attribution: France’s rare public attribution of cyberattacks to APT28 signals a more assertive posture in state-level cyber diplomacy.

Summary of Key Risks and Recommendations

  • Heightened threat from state-backed APTs (Russia, China) targeting critical infrastructure, enterprises, and dissident communities.
  • Ongoing exploitation of zero-day and legacy vulnerabilities, especially in enterprise and security products.
  • Increased risk from generative AI systems, both as attack vectors (prompt injection, jailbreaks) and as privacy concerns for end-users.
  • Regulatory shifts may impact encrypted communications and patch management practices.
  • Continued vigilance is recommended for SSH exposure, Git/secrets management, and rapid patching of high-profile vulnerabilities.