Mastodawn

The appointment of Justin Kelly as the new garda commissioner is not a surprise. He has spent 30 years in the force and has jumped two rungs at the top of the ladder in a little under 10 months.

Irish Independent

LCSC-IE, Cyber Threat Intel News 🇮🇪Jul 29, 2025

🟥𝐋𝐂𝐒𝐂-𝐈𝐄 𝐃𝐚𝐢𝐥𝐲 𝐂𝐲𝐛𝐞𝐫 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐅𝐢𝐧𝐝𝐢𝐧𝐠𝐬-𝟐𝟗 𝐉𝐮𝐥𝐲 𝟐𝟎𝟐𝟓🟥

News:

1. UK strengthens cyber defence cooperation in Asia-Pacific

https://www.adsadvance.co.uk/uk-strengthens-cyber-defence-cooperation-in-asia-pacific.html

2. Chinese Hackers Leverage Software Vulnerabilities to Compromise Targeted Systems

https://cyberpress.org/chinese-hackers-leverage-software-vulnerabilities/

3. Russia's Aeroflot cancels dozens of flights after alleged cyberattack by pro-Ukraine hackers

https://kyivindependent.com/russias-aeroflot-reports-major-system-malfunction-hacker-group-claims-responsibility/

4. Banks struggle to adopt generative AI as cybersecurity concerns linger

https://www.koreatimes.co.kr/economy/20250729/banks-struggle-to-adopt-generative-ai-as-cybersecurity-concerns-linger

5. LG Uplus to ramp up cybersecurity with $503 mil. investment

https://www.koreatimes.co.kr/business/tech-science/20250729/lg-uplus-to-ramp-up-cybersecurity-with-503-mil-investment

6. ByteDance’s AI coding tool Trae IDE caught allegedly spying on users

https://cybernews.com/security/bytedance-ai-coding-tool-trae-data-collection/

7. Cyberattacks target email accounts of senior journalists

https://pressgazette.co.uk/news/cyberattack-publishers-editors-washington-post-haymarket/

8. Thailand 2nd Army Region urges public and private sectors to brace for ‘cyberattacks’

https://www.nationthailand.com/news/general/40053216

---

Global Breaches and Data Leaks:

1. European defence giant Naval Group has confirmed that it is investigating an alleged cyber attack

https://x.com/navalgroup/status/1949149936294998040

2. Allianz Life Breach Tied to CRM Compromise

https://www.bankinfosecurity.com/allianz-life-breach-tied-to-crm-compromise-a-29068

3. GLOBAL GROUP Ransomware Claims Breach of Media Giant Albavisión

https://hackread.com/global-group-ransomware-media-giant-albavision-breach/

---

Tactical Reports with IOCs:

1. North Korean TraderTraitor: Deep Dive

https://www.wiz.io/blog/north-korean-tradertraitor-crypto-heist

2. Revisiting UNC3886 Tactics to Defend Against Present Risk

https://www.trendmicro.com/en_us/research/25/g/revisiting-unc3886-tactics-to-defend-against-present-risk.html

3. ToxicPanda: The Android Banking Trojan Targeting Europe

https://www.bitsight.com/blog/toxicpanda-android-banking-malware-2025-study

4. A Deep Dive into 0bj3ctivityStealer's Features

https://www.trellix.com/blogs/research/a-deep-dive-into-obj3ctivitystealers-features/

5. XWorm V6: Advanced Evasion and AMSI Bypass Capabilities Revealed

https://www.netskope.com/blog/xworm-v6-0-enhanced-malware-protection-and-stealthy-delivery

6. Scavenger Malware Distributed via num2words PyPI Supply Chain Compromise

https://invokere.com/posts/2025/07/scavenger-malware-distributed-via-num2words-pypi-supply-chain-compromise/

7. RedHook: A New Android Banking Trojan Targeting Users in Vietnam

https://cyble.com/blog/redhook-new-android-banking-targeting-in-vietnam/

8. Vidar Malware – Active IOCs

https://rewterz.com/threat-advisory/vidar-malware-active-iocs-7

9. Patchwork APT Group – Active IOCs

https://rewterz.com/threat-advisory/patchwork-apt-group-active-iocs-7

---

APT IOCs:

1. Mustang Panada
estmongolia[.]com
mongolianshipregistrar[.]com
tasensors[.]com

---

Threat Hunting / DFIR / Malware:

1. Security Analysis of the Russian State Messenger Max Using RAG

https://medium.com/@dyagodin/security-analysis-of-the-russian-state-messenger-max-using-rag-05563e26451e

2. RuleSetRAT: Variant-Specific YARA Rules & Malware Builder Analysis

https://github.com/GokbakarE/RuleSetRAT

3. ShellCode Injection Process

https://jenkins96.github.io/2025-07-28-ShellCode-Injection-Process/

4. Code Execution Through Deception: Gemini AI CLI Hijack

https://tracebit.com/blog/code-exec-deception-gemini-ai-cli-hijack

5. AgentTesla Deep Dive: Steganography, Keylogging, and Data Theft Explained

https://medium.com/@amanenk10/agenttesla-deep-dive-steganography-keylogging-and-data-theft-explained-8bf486a4d708

6. SSH LLM Honeypot caught a real threat actor

https://beelzebub-honeypot.com/blog/ssh-llm-honeypot-caught-a-real-threat-actor/

7. Cybersecurity Scams Targeting Fans and Teams at the 2025 Belgian Grand Prix

https://www.cloudsek.com/blog/cybersecurity-scams-targeting-fans-and-teams-at-the-2025-belgian-grand-prix

---

Light Reading:

1. Welcome to the DARC Side: The OSINT Behind Global Journalism

https://www.osint.industries/project/welcome-to-the-darc-side-the-osint-behind-global-journalism

2. Maritime Sector Faces Surge in APT and Hacktivist Cyber Threats

https://cyble.com/blog/cyberattacks-targets-maritime-industry/

3. Cyberattacks reshape modern conflict & highlight resilience needs

https://itbrief.asia/story/cyberattacks-reshape-modern-conflict-highlight-resilience-needs

4. New threats, new protection: Korea rethinks cyber insurance as attacks surge

https://www.koreaherald.com/article/10542315

5. The final frontier of cybersecurity is now in space

https://www.helpnetsecurity.com/2025/07/29/space-cybersecurity-risks/

---

LCSC-IE, Cyber Threat Intel News 🇮🇪Jul 28, 2025

🟥𝐋𝐂𝐒𝐂-𝐈𝐄 𝐃𝐚𝐢𝐥𝐲 𝐂𝐲𝐛𝐞𝐫 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐅𝐢𝐧𝐝𝐢𝐧𝐠𝐬-𝟐𝟖 𝐉𝐮𝐥𝐲 𝟐𝟎𝟐𝟓🟥

News:

1. Ireland's RTE has allegedly been listed as a victim of ransomware by Global Group, with the group threatening to release data in 8 days.

https://ransomfeed.it/index.php?page=post_details&id_post=24721

2. UK NCSC and CERT NZ integration now complete

https://www.ncsc.govt.nz/news/ncsc-and-cert-nz-integration-now-complete/

3. Russia's Aeroflot hit by IT failure, hackers claim cyber attack

https://www.dailysabah.com/business/transportation/russias-aeroflot-hit-by-it-failure-hackers-claim-cyber-attack

5. Microsoft’s software licensing playbook is a national security risk

https://cyberscoop.com/microsoft-software-licensing-national-security/

6. Canada’s Bill C-2 Opens the Floodgates to U.S. Surveillance

https://www.eff.org/deeplinks/2025/07/canadas-bill-c-2-opens-floodgates-us-surveillance

---

Global Breaches and Data Leaks:

1. Indian Payment Gateway Airpay Allegedly Breached

https://dailydarkweb.net/indian-payment-gateway-airpay-allegedly-breached/

---

Tactical Reports with IOCs:

1. Hunting Laundry Bear: Infrastructure Analysis Guide and Findings

https://www.validin.com/blog/laundry_bear_infrastructure_analysis/

2. Bulletproof Hosting Hunt

https://intelinsights.substack.com/p/bulletproof-hosting-hunt

3. Geopolitical game under the tariff stick: APT Group target the China-Africa community with a shared future

https://ti.qianxin.com/blog/articles/apt-group-target-the-china-africa-community-with-a-shared-future-en/

4. RAVEN STEALER UNMASKED: Telegram-Based Data Exfiltration

https://www.cyfirma.com/research/raven-stealer-unmasked-telegram-based-data-exfiltration/

5. Gh0st RAT – Active IOCs

https://rewterz.com/threat-advisory/gh0st-rat-active-iocs-7

6. In-Depth Analysis of an Obfuscated Web Shell Script

https://www.fortinet.com/blog/threat-research/in-depth-analysis-of-an-obfuscated-web-shell-script

7. The Ηоmоgraph Illusion: Not Everything Is As It Seems

https://unit42.paloaltonetworks.com/homograph-attacks/

8. Oyster Backdoor: The Malvertising Menace Masquerading as Popular Tools

https://www.cyberproof.com/blog/oyster-backdoor-the-malvertising-menace-masquerading-as-popular-tools/

9. Pantera_Analysis_Pt-1

https://xto9ot.gitbook.io/malware-analysis/pantera_analysis_pt-1#executive-summary

10. Comprehensive analysis of the ArmouryLoader loader – a family of typical loaders analysis

https://www.4hou.com/posts/xyE9

---

Threat Hunting / DFIR / Malware:

1. Reverse engineering a Lumma infection

https://labs.withsecure.com/publications/reverse-engineering-a-lumma-infection

2. The Evolution of Threat Hunting: From IOC Whack-a-Mole to Hypothesis-Driven Sleuthing

https://medium.com/@mathias.fuchs/the-evolution-of-threat-hunting-from-ioc-whack-a-mole-to-hypothesis-driven-sleuthing-44a11235998e

3. Forensic Artifacts for User Windows History Activity

https://reversethemalware.blogspot.com/2025/07/new-forensic-artifacts-for-user-windows.html

4. Linux Medusa Rootkit Detection and De-Cloaking

https://sandflysecurity.com/blog/linux-medusa-rootkit-detection-and-de-cloaking

5. Hacking the hackers: hacking Russian Corporate Mail.

https://medium.com/@naimaismail068/hacking-the-hackers-hacking-russian-corporate-mail-bacc26ad3804

6. Analysis of a VBScript leading to Phantom stealer using ConfuserX Obfuscation

https://medium.com/@shubhandrew/analysis-of-a-vbscript-leading-to-phantom-stealer-using-confuserx-obfuscation-6e978a68cecc

7. Hunting GitHub Secrets Across Time and Space

https://medium.com/@michael.schladt/hunting-github-secrets-across-time-and-space-69f6c258c63d

8. Lionishackers: Analyzing a corporate database seller

https://outpost24.com/blog/lionishackers-corporate-database-seller/

9. A Tale of Practical Keylogger Forensics

https://research.hisolutions.com/2025/07/a-tale-of-practical-keylogger-forensics/

10. Cracking KQL: How a Suspicious Login Alert Led Me into the World of Threat Hunting (and the 10 KQL Queries Every Cybersecurity Analyst Should Know)

https://medium.com/@ishitasingh724/cracking-kql-how-a-suspicious-login-alert-led-me-into-the-world-of-threat-hunting-and-the-10-kql-4ea6366ff0b3

---

Light Reading:

1. Silent Threats: Cyber Vulnerabilities in Aviation Industry

https://moderndiplomacy.eu/2025/07/26/silent-threats-cyber-vulnerabilities-in-aviation-industry/

2. Britain’s spies-for-hire are running wild

https://www.politico.eu/article/uk-british-spies-private-intelligence-government-ministers/

3. The legal minefield of hacking back

https://www.helpnetsecurity.com/2025/07/28/goncalo-magalhaes-immunefi-hacking-back-concerns/

4. Researchers Expose Massive Online Fake Currency Operation in India

https://hackread.com/researchers-online-fake-currency-operation-in-india/

5. TAG Bulletin: Q2 2025

https://blog.google/threat-analysis-group/tag-bulletin-q2-2025/

---

Ransomfeed

An italian project to track cyber gangs and store results in MySQL database to generate free RSS feeds

LCSC-IE, Cyber Threat Intel News 🇮🇪Jul 25, 2025

🟥𝐋𝐂𝐒𝐂-𝐈𝐄 𝐃𝐚𝐢𝐥𝐲 𝐂𝐲𝐛𝐞𝐫 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐅𝐢𝐧𝐝𝐢𝐧𝐠𝐬-𝟐𝟓 𝐉𝐮𝐥𝐲 𝟐𝟎𝟐𝟓🟥

News:

1. Malware incidents in Ireland on the rise, warns NordVPN

https://www.siliconrepublic.com/enterprise/nordvpn-ireland-malware-cybersecurity-tracking-europe

2. Increase in data breaches in Ireland

https://www.rte.ie/news/business/2025/0724/1525221-increase-in-data-breaches-in-ireland-report/

3. Six months into DORA, most financial firms are still not ready

https://www.helpnetsecurity.com/2025/07/25/dora-compliance-challenges-financial-firms/

4. Digital sovereignty becomes a matter of resilience for Europe

https://www.helpnetsecurity.com/2025/07/25/benjamin-schilz-wire-european-digital-sovereignty/

5. Chronic underfunding of open source software poses strategic risk to Europe’s digital sovereignty

https://tech.eu/2025/07/25/chronic-underfunding-of-open-source-software-poses-strategic-risk-to-europes-digital-sovereignty/

6. United States Disrupts North Korea Revenue Generation, Offering Rewards of Up to $15 Million

https://www.state.gov/releases/2025/07/united-states-disrupts-north-korea-revenue-generation-offering-rewards-of-up-to-15-million/

7. Monzo’s £21m fine highlights banks’ cyber security failures

https://www.computerweekly.com/news/366628093/Monzos-21m-fine-highlights-banks-cyber-security-failures

8. Brave blocks Microsoft Recall by default

https://brave.com/privacy-updates/35-block-recall/

9. Phishers Target Aviation Execs to Scam Customers

https://krebsonsecurity.com/2025/07/phishers-target-aviation-execs-to-scam-customers/

10. Starlink Outage Sparks Cyberattack Speculation—But SpaceX Says Software to Blame

https://thecyberexpress.com/starlink-outage-incident-or-cyberattack/

11. Operation Checkmate: International Law Enforcement Seizes BlackSuit Ransomware Infrastructure

https://dailydarkweb.net/operation-checkmate-international-law-enforcement-seizes-blacksuit-ransomware-infrastructure/

12. Fixed Ivanti Bugs Still Haunt Japan Orgs 6 Months Later

https://www.darkreading.com/endpoint-security/fixed-ivanti-bugs-japan-orgs-6-months-later

13. SonicWall urges admins to patch critical RCE flaw in SMA 100 devices

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0014

---

Global Breaches and Data Leaks:

1. Euro healthcare giant AMEOS Group shuts down IT systems after mystery attack

https://www.ameos.eu/datenschutz/datenschutzvorfall-gem-art-34-dsgvo/

2. Korea imposes 343 million won penalty on HAESUNG DS for data breach of 70,000 shareholders

https://biz.chosun.com/en/en-it/2025/07/24/32ITLSSO55H4HDHILFU3FGCIIY/

---

Tactical Reports with IOCs:

1. ToolShell, SharePoint, and the Death of the Patch Window

https://www.team-cymru.com/post/toolshell-sharepoint-and-the-death-of-the-patch-window

2. Threat Actors Lure Victims Into Downloading .HTA Files Using ClickFix To Spread Epsilon Red Ransomware

https://www.cloudsek.com/blog/threat-actors-lure-victims-into-downloading-hta-files-using-clickfix-to-spread-epsilon-red-ransomware

3. Cyber Stealer Analysis: When Your Malware Developer Has FOMO About Features

https://www.esentire.com/blog/cyber-stealer-analysis-when-your-malware-developer-has-fomo-about-features

4. Android Malware Designed to Impersonate Legitimate Indian Banking Apps

https://www.cyfirma.com/research/android-malware-posing-as-indian-bank-apps/

5. Keitaro TDS abused to delivery AutoIT-based loader targeting German speakers

https://sublime.security/blog/keitaro-tds-abused-to-delivery-autoit-based-loader-targeting-german-speakers/

6. Dropper DownloadFromURL Malware Report

https://github.com/jenkins96/MalwareAnalysisPractice/blob/main/Reports/Dropper.DownloadFromURL.pdf

7. Soco404: Multiplatform Cryptomining Campaign Uses Fake Error Pages to Hide Payload

https://www.wiz.io/blog/soco404-multiplatform-cryptomining-campaign-uses-fake-error-pages-to-hide-payload

8. Azure Front Door AiTM Phishing

https://www.aitm-feed.com/blog/azure-front-door-aitm-phishing

9. AI-Generated Malware in Panda Image Hides Persistent Linux Threat

https://www.aquasec.com/blog/ai-generated-malware-in-panda-image-hides-persistent-linux-threat/

10. New Advanced Stealer (SHUYAL) Targets Credentials Across 19 Popular Browsers

https://hybrid-analysis.blogspot.com/2025/07/new-advanced-stealer-shuyal-targets.html

11. Threat actors go gaming: Electron-based stealers in disguise

https://www.acronis.com/en-us/tru/posts/threat-actors-go-gaming-electron-based-stealers-in-disguise/

12. A Spike in the Desert: How GreyNoise Uncovered a Global Pattern of VOIP-Based Telnet Attacks

https://www.greynoise.io/blog/how-greynoise-uncovered-global-pattern-voip-based-telnet-attacks

---

APT IOCs:

1. Lazarus
api.drivercamsupport[.]com

---

Threat Hunting / DFIR / Malware:

1. Google Spoofed Via DKIM Replay Attack: A Technical Breakdown

https://easydmarc.com/blog/google-spoofed-via-dkim-replay-attack-a-technical-breakdown/

2. Automating Azure App Services Token Decryption

https://www.netspi.com/blog/technical-blog/cloud-pentesting/automating-azure-app-services-token-decryption/

3. Hunting Insider Threats: Data Exposure Detection

https://cyberw1ng.medium.com/hunting-insider-threats-data-exposure-detection-c23025d81b6d

4. Sinkholing Suspicious Scripts or Executables on Linux

https://isc.sans.edu/diary/rss/32144

5. Getting an .ipa file without Jailbreak

https://medium.com/@shibinbshaji007/getting-an-ipa-file-without-jailbreak-04c6ce22baa0

6. Inside the APK: Reverse Engineering Mobile Apps Like a Spy (No Phone Needed)

https://medium.com/meetcyber/inside-the-apk-reverse-engineering-mobile-apps-like-a-spy-no-phone-needed-8d2d13a86eb5

---

Light Reading:

1. Singapore Takes Unprecedented Military Action Against Chinese State-Sponsored Hackers

https://www.opforjournal.com/p/singapore-takes-unprecedented-military

2. Russia turns to Kyrgyzstan’s booming crypto sector to evade sanctions, researchers say

https://www.trmlabs.com/resources/blog/russia-leveraging-kyrgyzstans-crypto-ecosystem-to-evade-sanctions

3. Russian-run EasyStaff funnels €50 million through Lithuania, dodging SWIFT sanctions

https://euromaidanpress.com/2025/07/24/russian-run-easystaff-funnels-e50-million-through-lithuania-dodging-swift-sanctions/

4. Preparing for Cross-Border Cyberattacks: “Threats Don’t Occur in Isolation, They’re Part of Larger Systems”

https://therecursive.com/geopolitical-cyber-threats-intelligence-soc-training-cybersecurity-robin-dimyanoglu/

5. Access Brokers: Their Pivotal Role in Cybercrime

https://www.kelacyber.com/blog/access-brokers-their-pivotal-role-in-cybercrime/

6. DOJ Targets Hamas-Linked BuyCash Exchange in $2 Million Civil Forfeiture for Terrorist Financing

https://www.trmlabs.com/resources/blog/doj-targets-hamas-linked-buycash-exchange-in-2-million-civil-forfeiture-for-terrorist-financing

---

Malware incidents in Ireland on the rise, warns NordVPN

Ireland is the sixth most malware-affected country in Europe, says popular virtual network provider NordVPN.

Silicon Republic

LCSC-IE, Cyber Threat Intel News 🇮🇪Jul 24, 2025

🟥𝐋𝐂𝐒𝐂-𝐈𝐄 𝐃𝐚𝐢𝐥𝐲 𝐂𝐲𝐛𝐞𝐫 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐅𝐢𝐧𝐝𝐢𝐧𝐠𝐬-𝟐𝟒 𝐉𝐮𝐥𝐲 𝟐𝟎𝟐𝟓🟥

News:

1. 100 Dublin jobs for new PayPal AI and Fraud Data Science Centre

https://www.siliconrepublic.com/jobs-news/100-dublin-jobs-for-new-paypal-ai-and-fraud-data-science-centre

2. Allies enhance NATO's digital posture

https://www.nato.int/cps/en/natohq/news_237092.htm

3. IRL Com recruits teens for real-life stabbings, shootings, FBI warns

https://www.ic3.gov/PSA/2025/PSA250723-2

4. Key figure behind major Russian-speaking cybercrime forum targeted in Ukraine

https://www.europol.europa.eu/media-press/newsroom/news/key-figure-behind-major-russian-speaking-cybercrime-forum-targeted-in-ukraine

5. North Korean IT Worker Threats to U.S. Businesses

https://www.ic3.gov/PSA/2025/PSA250723-4

6. Cyberattacks Paralyze Major Russian Restaurant Chains

https://www.themoscowtimes.com/2025/07/23/cyberattacks-disrupt-major-russian-restaurant-chains-and-tech-providers-a89936

7. Lapsed CISA contract impedes national lab’s threat-hunting operations

https://www.cybersecuritydive.com/news/cisa-cybersentry-llnl-analysis-contract/753834/

8. New York proposes stronger cyber controls for water utilities

https://statescoop.com/new-york-water-utility-cyber-regulations-2025/

9. Fake Receipt Generators Fuel Rise in Online Fraud

https://www.infosecurity-magazine.com/news/fake-receipt-generators-fuel??&web_view=true

---

Global Breaches and Data Leaks:

1. Russia suspected of hacking Dutch prosecution service systems

https://www.dutchnews.nl/2025/07/russia-suspected-of-hacking-dutch-prosecution-service-systems/

2. Hongkong Post Cyberattack Exposes User Data in EC-Ship Breach

https://thecyberexpress.com/hongkong-post-cyberattack/

---

Tactical Reports with IOCs:

1. In-the-wild Exploitation of CVE-2025-53770 and CVE-2025-53771: Technical Details and Mitigation Strategies

https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/in-the-wild-exploitation-of-cve-2025-53770-and-cve-2025-53771-technical-details-and-mitigation-strategies/

2. ToolShell: An all-you-can-eat buffet for threat actors

https://www.welivesecurity.com/en/eset-research/toolshell-an-all-you-can-eat-buffet-for-threat-actors/

3. Wartime Cyber Crackdown and the Emergence of Mercenary Spyware Attacks

https://miaan.org/wp-content/uploads/2025/07/Iran-Cyber-Threat-Intelligence-Report_-Wartime-Cyber-Crackdown-and-the-Emergence-of-Mercenary-Spyware-Attacks.pdf

4. Dropping Elephant APT Group Targets Turkish Defense Industry With New Campaign and Capabilities: LOLBAS, VLC Player, and Encrypted Shellcode

https://arcticwolf.com/resources/blog/dropping-elephant-apt-group-targets-turkish-defense-industry/

5. Hive0156 continues Remcos campaigns against Ukraine

https://www.ibm.com/think/x-force/hive0156-continues-remcos-campaigns-against-ukraine

6. Unmasking the new Chaos RaaS group attacks

https://blog.talosintelligence.com/new-chaos-ransomware/

7. A Special Mission to Nowhere

https://www.fortinet.com/blog/threat-research/a-special-mission-to-nowhere

8. Illusory Wishes: China-nexus APT Targets the Tibetan Community

https://www.zscaler.com/blogs/security-research/illusory-wishes-china-nexus-apt-targets-tibetan-community

9. Fake Zoom Call Lures for Zoom Workplace Credentials

https://cofense.com/blog/fake-zoom-call-lures-for-zoom-workplace-credentials

10. APT-C-06 (DarkHotel) attacks using malware as bait

https://mp.weixin.qq.com/s/Cx-v95Ua8U7I77-yQFckpA

11. Gunra Ransomware Emerges with New DLS

https://asec.ahnlab.com/en/89206/

12. Threat Intelligence: An Analysis of a Malicious Solana Open-source Trading Bot

https://slowmist.medium.com/threat-intelligence-an-analysis-of-a-malicious-solana-open-source-trading-bot-ab580fd3cc89

13. SideWinder APT Group aka Rattlesnake Targeting Pakistan – Active IOCs

https://rewterz.com/threat-advisory/sidewinder-apt-group-aka-rattlesnake-targeting-pakistan-active-iocs-19

14. APT UNG0002 Expands Cyber Espionage Campaigns Across Asia – Active IOCs

https://rewterz.com/threat-advisory/apt-ung0002-expands-cyber-espionage-campaigns-across-asia-active-iocs

15. Chaos Ransomware – Active IOCs

https://rewterz.com/threat-advisory/chaos-ransomware-active-iocs

16. Snake Keylogger Bypasses Defenses to Steal Credentials – Active IOCs

https://rewterz.com/threat-advisory/snake-keylogger-bypasses-defenses-to-steal-credentials-active-iocs

17. SideWinder APT Group aka Rattlesnake – Active IOCs
https://rewterz.com/threat-advisory/sidewinder-apt-group-aka-rattlesnake-active-iocs-24

18. The Dark Side of Romance: SarangTrap Extortion Campaign

https://zimperium.com/blog/the-dark-side-of-romance-sarangtrap-extortion-campaign

19. Uncovering a Stealthy WordPress Backdoor in mu-plugins

https://blog.sucuri.net/2025/07/uncovering-a-stealthy-wordpress-backdoor-in-mu-plugins.html

---

APT IOCs:

1. Lazarus
thorequities.skillence360[.]com

2. Kimsuky
dongavpn[.]sbs
eosicxodienie[.]icu
fewaine[.]site
fowiosi[.]site
iasoiexci[.]site
ieucobnduie[.]icu
vouge90blog[.]com
wiusoins[.]site
zixcueovieon[.]icu
158.247.230[.]196
158.247.204[.]137
158.247.242[.]206
158.247.249[.]46

---

Threat Hunting / DFIR / Malware:

1. From Help Desk to Hypervisor: Defending Your VMware vSphere Estate from UNC3944

https://cloud.google.com/blog/topics/threat-intelligence/defending-vsphere-from-unc3944/

2. Fire Ant: A Deep-Dive into Chinese-Nexus Threat Actors Hypervisor-Level Espionage

https://www.sygnia.co/blog/fire-ant-a-deep-dive-into-hypervisor-level-espionage/

3. Rising Activity of SharePoint Phishing Domains

https://intelligence.any.run/reports/07-25-domain-pattern-trends/?utm_source=twitter&utm_medium=post&utm_campaign=domain_pattern_trends&utm_term=240725&utm_content=linktotireports

4. Beating Supply Chain Attacks: DHL Impersonation Case Study

https://any.run/cybersecurity-blog/supply-chain-attacks-analysis/

5. Detecting ADCS Privilege Escalation

https://www.blackhillsinfosec.com/detecting-adcs-privilege-escalation/

6. Beyond the Operating System: Ransomware in the CPU

https://www.watchguard.com/wgrd-news/blog/beyond-operating-system-ransomware-cpu-2

7. The Guest Who Could: Exploiting LPE in VMWare Tools

https://swarm.ptsecurity.com/the-guest-who-could-exploiting-lpe-in-vmware-tools/

8. 205. Adversaries Use an LLM to Generate Commands to be Executed on Compromised Systems

https://www.knowyouradversary.ru/2025/07/205-adversaries-use-llm-to-generate.html

9. Unmasking VioletWorm: A Deep Dive into a Stealthy .NET Malware

https://k3rn3lc4llz.medium.com/unmasking-violetworm-a-deep-dive-into-a-stealthy-net-malware-9ce41cb4e6c3

10. The King of MITM Attacks: Ettercap

https://medium.com/@semihardaersoz/the-king-of-mitm-attacks-ettercap-60a860b2bbf3

11. How I Built a Sigma Detection Rule to Catch APT29’s Encoded PowerShell Attacks

https://medium.com/@maxxrawat007/how-i-built-a-sigma-detection-rule-to-catch-apt29s-encoded-powershell-attacks-9561098798f1

---

Light Reading:

1. The Strategic Future of Subsea Cables: Ireland Case Study

https://www.csis.org/analysis/strategic-future-subsea-cables-ireland-case-study

2. HAFNIUM-Linked Hacker Xu Zewei: Riding the Tides of China’s Cyber Ecosystem

https://nattothoughts.substack.com/p/hafnium-linked-hacker-xu-zewei-riding?triedRedirect=true

3. Following the Bitcoin Trail: The IntelBroker Takedown

https://www.chainalysis.com/blog/breachforum-intelbroker-takedown-french-cybercrime-unit-july-2025/

4. Security Threats in H1 2025 by Keyword

https://igloopedia.notion.site/2025-Security-Threats-in-H1-2025-by-Keyword-22df216a760c802682a2f1d341469d35

5. Legal Silence: Injunctions Against the Press in Cybersecurity

https://www.suspectfile.com/legal-silence-injunctions-against-the-press-in-cybersecurity/

6. Will An Iran Cyber Attack Panic Usher In A New Patriot Act?

https://www.eurasiareview.com/24072025-will-an-iran-cyber-attack-panic-usher-in-a-new-patriot-act-oped/

---

100 Dublin jobs for new PayPal AI and Fraud Data Science Centre

PayPal's new AI and Fraud Data Science Centre comes with 100 high-skilled jobs, a marked change in direction for the Irish operation.

Silicon Republic

LCSC-IE, Cyber Threat Intel News 🇮🇪Jul 23, 2025

🟥𝐋𝐂𝐒𝐂-𝐈𝐄 𝐃𝐚𝐢𝐥𝐲 𝐂𝐲𝐛𝐞𝐫 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐅𝐢𝐧𝐝𝐢𝐧𝐠𝐬-𝟐𝟑 𝐉𝐮𝐥𝐲 𝟐𝟎𝟐𝟓🟥

News:

1. Major Android Malware Alert: Over 10,000 Irish Devices Compromised by BadBox 2.0

https://news.corksafetyalerts.com/major-android-malware-alert-over-10-000-irish-devices-compromised-by-badbox-2-0/

2. Thousands of controversial Chinese surveillance cameras installed in public places across Ireland

https://www.thejournal.ie/investigates-hikvision-surveillance-6755381-Jul2025/

3. Microsoft knew of SharePoint security flaw but failed to effectively patch it, timeline shows

https://www.rappler.com/technology/microsoft-sharepoint-server-hack-updates-july-23-2025/

4. Paradyn forecasts €1.6 million in revenues from ManageEngine partnership in 2025

https://syncni.com/article/13804/paradyn-forecasts-e1-6-million-in-revenues-from-manage-engine-partnership-in-2025

5. Cyberattacks skyrocket in Europe! Every three minutes, a company is hit.

https://blog.checkpoint.com/research/global-cyber-attacks-surge-21-in-q2-2025-europe-experiences-the-highest-increase-of-all-regions

6. Hungarian police arrest suspect in cyberattacks on independent media

https://www.police.hu/hu/hirek-es-informaciok/legfrissebb-hireink/bunugyek/hano-leleplezve

7. Silicon Valley engineer admits theft of US missile tech secrets

https://www.justice.gov/opa/pr/engineer-pleads-guilty-stealing-chinese-governments-benefit-trade-secret-technology-designed

8. U.S Coast Guard Issues Cybersecurity Rule for Maritime Transport Safety

https://www.federalregister.gov/documents/2025/01/17/2025-00708/cybersecurity-in-the-marine-transportation-system

9. Darktrace Acquires Mira Security

https://www.securityweek.com/darktrace-acquires-mira-security/

10. China Introduces National Cyber ID Amid Privacy Concerns

https://www.darkreading.com/cyber-risk/china-introduces-national-cyber-id-privacy-concerns

---

Global Breaches and Data Leaks:

1. Indonesian Regional Bank PT BPR Serang Allegedly Breached – Customer Loan Data For Sale

https://dailydarkweb.net/indonesian-regional-bank-pt-bpr-serang-allegedly-breached-customer-loan-data-for-sale/

2. 158-Year-Old UK Logistics Firm Collapses After Cyberattack

https://thecyberexpress.com/cyberattack-on-knp-logistics/

---

Tactical Reports with IOCs:

1. Operation Liquidation: We study and block the infrastructure of the NyashTeam group

https://www.f6.ru/blog/nyashteam/

2. How to protect yourself from ToolShell – chain of critical zero-day in Microsoft SharePoint

https://rt-solar.ru/solar-4rays/blog/5721/

3. NET RFQ: Request for Quote Scammers Casting Wide Net to Steal Real Goods

https://www.proofpoint.com/us/blog/threat-insight/net-rfq-request-quote-scammers-casting-wide-net-steal-real-goods

4. Lazarus’ latest tactics: Deceptive development and ClickFix

https://www.gendigital.com/blog/insights/research/deceptive-nvidia-attack

5. ToolShell: Critical SharePoint Zero-Day Exploited in the Wild

https://www.security.com/threat-intelligence/toolshell-zero-day-sharepoint-cve-2025-53770

6. Operation CargoTalon : UNG0901 Targets Russian Aerospace & Defense Sector using EAGLET implant

https://www.seqrite.com/blog/operation-cargotalon-ung0901-targets-russian-aerospace-defense-sector-using-eaglet-implant/

7. EdskManager RAT: Multi-Stage Malware with HVNC and Evasion Capabilities

https://www.cyfirma.com/research/edskmanager-rat-multi-stage-malware-with-hvnc-and-evasion-capabilities/

8. Back to Business: Lumma Stealer Returns with Stealthier Methods

https://www.trendmicro.com/en_us/research/25/g/lumma-stealer-returns.html

9. Scavenger Malware Distributed via eslint-config-prettier NPM Package Supply Chain Compromise

https://invokere.com/posts/2025/07/scavenger-malware-distributed-via-eslint-config-prettier-npm-package-supply-chain-compromise/

10. Caution of malicious LNK dissemination to steal information by disguising the card company's security email authentication window

https://asec.ahnlab.com/ko/89126/

11. Bad wording (. HWP) Beware of RokRAT malware dissemination using documents

https://asec.ahnlab.com/ko/89116/

12. StopRansomware: Interlock

https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-203a

13. CastleLoader Campaigns

https://github.com/prodaft/malware-ioc/tree/master/CastleLoader

---

APT IOCs:

1. Lazarus

candidatescope[.]com
archblock.candidatescope[.]com
deadfellaz.candidatescope[.]com

2. Kimsuky

zuioecis[.]site

---

Threat Hunting / DFIR/ Malware:

1. Coyote in the Wild: First-Ever Malware That Abuses UI Automation

https://www.akamai.com/blog/security-research/active-exploitation-coyote-malware-first-ui-automation-abuse-in-the-wild#detect

2. Identity handled on Azure

https://mobeta.fr/usurpation-didentites-managees-dans-azure/

3. BloodfangC2

https://github.com/zarkones/BloodfangC2

4. Privileged Access Workstations; Part 2: Connectivity

https://www.etsi.org/deliver/etsi_ts/103900_103999/10399402/01.01.01_60/ts_10399402v010101p.pdf

5. Ransom Tales: Volume I – Emulating BlackLock, Embargo, and Mamona Ransomware

https://www.attackiq.com/2025/07/22/ransom-tales-1/

6. Malware Analysis Report: AUTHENTIC ANTICS

https://www.ncsc.gov.uk/static-assets/documents/malware-analysis-reports/authentic-antics/ncsc-mar-authentic_antics.pdf

7. How We Accidentally Discovered a Remote Code Execution Vulnerability in ETQ Reliance

https://slcyber.io/assetnote-security-research-center/how-we-accidentally-discovered-a-remote-code-execution-vulnerability-in-etq-reliance/

8. Malware Analysis Fundamentals Series — Brbbot

https://0x4bein.medium.com/malware-analysis-fundamentals-series-brbbot-0b695d056aee

9. Advanced Threat Hunting Through Memory Address Patterns with Sysmon

https://medium.com/@siddhantalokmishra/advanced-threat-hunting-through-memory-address-patterns-with-sysmon-276a9bbdeac8

10. Signed, Sealed, Altered? Deepdive into PDF Tempering

https://www.group-ib.com/blog/pdf-tempering/

---

Light Reading:

1. Unveiling Russia's FSB’s 16th Center SIGINT Capabilities

https://checkfirst.network/wp-content/uploads/2025/07/OSINT_Phaleristics_Unveiling_FSB_16th_Center_SIGINT_Capabilities.pdf

2. China warns citizens to beware backdoored devices, on land and under the sea

https://mp.weixin.qq.com/s/qw-Z1TvZVftU9o9Viwj7_Q

3. Navigating Cyber Threats Facing Global Maritime Operations

https://www.crisis24.com/articles/navigating-cyber-threats-facing-global-maritime-operations

---

Major Android Malware Alert: Over 10,000 Irish Devices Compromised by BadBox 2.0

Your smart TV could be a secret proxy for cybercriminals. Ireland hit by massive BadBox malware outbreak affecting cheap Android devices with hidden backdoors.

Cork Safety Alerts

LCSC-IE, Cyber Threat Intel News 🇮🇪Jul 22, 2025

🟥𝐋𝐂𝐒𝐂-𝐈𝐄 𝐃𝐚𝐢𝐥𝐲 𝐂𝐲𝐛𝐞𝐫 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐅𝐢𝐧𝐝𝐢𝐧𝐠𝐬-𝟐𝟐 𝐉𝐮𝐥𝐲 𝟐𝟎𝟐𝟓🟥

News:

1. Microsoft server hack likely single actor, thousands of firms now vulnerable, researchers say

https://www.rte.ie/news/business/2025/0721/1524574-microsoft-cyber-attack/

2. Australian Regulator Alleges Financial Firm Exposed Clients to Unacceptable Cyber Risks

https://www.infosecurity-magazine.com/news/australian-alleges-financial-cyber/

3. UK government to ban public bodies from paying ransoms to hackers

https://uk.finance.yahoo.com/news/uk-government-ban-public-bodies-090050467.html

4. Hegseth moves to oust ‘Chinese labor’ from Pentagon cloud services, orders wider review

https://breakingdefense.com/2025/07/hegseth-moves-to-oust-chinese-labor-from-pentagon-cloud-services-orders-wider-review/

---

Tactical Reports with IOCs:

1. CVE-2025–53770/TOOLSHELL: HUNTING DOWN THE ATTACKER TECHNIQUES & VICTIMS

https://theravenfile.com/2025/07/22/cve-2025-53770-toolshell-hunting-down-the-attacker-techniques-victims/

2. SharePoint Vulnerabilities (CVE-2025-53770 & CVE-2025-53771): Everything You Need to Know

https://www.wiz.io/blog/sharepoint-vulnerabilities-cve-2025-53770-cve-2025-53771-everything-you-need-to-k

3. Proxy Trickster operates infrastructure: around the clock and globally

https://rt-solar.ru/solar-4rays/blog/5714/

4. APT-C-53 (Gamanedon) analysis of attacks by government departments targeted

https://mp.weixin.qq.com/s?__biz=MzUyMjk4NzExMA==&mid=2247507128&idx=1&sn=fc52ed41c425b97d96e8aa395b01cb16&chksm=f9c1efb1ceb666a767280237edff78a1beaf65e5c643caebfe6c9166b8c766033f8574f5ea7d&scene=178&cur_album_id=1955835290309230595&search_click_id=#rd

5. Beyond Mimo’lette: Tracking Mimo's Expansion to Magento CMS and Docker

https://securitylabs.datadoghq.com/articles/beyond-mimolette-tracking-mimo-expansion-magento-cms-docker/

6. DeedRAT Backdoor Enhanced by Chinese APTs with Advanced Capabilities

https://lab52.io/blog/deedrat-backdoor-enhanced-by-chinese-apts-with-advanced-capabilities/

7. Lookout Discovers Iranian APT MuddyWater Leveraging DCHSpy During Israel-Iran Conflict

https://www.lookout.com/threat-intelligence/article/lookout-discovers-iranian-dchsy-surveillanceware

8. Clickfix on macOS: AppleScript Malware Campaign Uses Terminal Prompts to Steal Data

https://hunt.io/blog/macos-clickfix-applescript-terminal-phishing

9. Tracking GLOBAL GROUP Ransomware from Mamona to Market Scale

https://www.picussecurity.com/resource/blog/tracking-global-group-ransomware-from-mamona-to-market-scale

10. RokRAT Malware Using Malicious Hangul (.HWP) Documents

https://asec.ahnlab.com/en/89130/

11. New Variant of ACRStealer Actively Distributed with Modifications

https://asec.ahnlab.com/en/89128/

12. Scavenger Malware Distributed via eslint-config-prettier NPM Package Supply Chain Compromise

https://invokere.com/posts/2025/07/scavenger-malware-distributed-via-eslint-config-prettier-npm-package-supply-chain-compromise/

13. 2025-07-20 - Install Linters, Get Malware - DevSecOps Speedrun Edition

https://c-b.io/2025-07-20+-+Install+Linters%2C+Get+Malware+-+DevSecOps+Speedrun+Edition

14. NailaoLocker Ransomware’s “Cheese”

https://www.fortinet.com/blog/threat-research/nailaolocker-ransomware-cheese

15. Double Kill: Patchwork Group Attacks the South Asian Government Against Both Windows and Android Systems in One Shot

https://medium.com/@phatomcandle/double-kill-patchwork-group-attacks-the-south-asian-government-against-both-windows-and-android-0b9e47108372

16. Patchwork (APT-Q-36) impersonates university domain names to steal secrets

https://ti.qianxin.com/blog/articles/apt-q-36-impersonates-university-domain-names-to-steal-secrets-en/

---

Threat Hunting / DFIR/ Malware:

1. Active Exploitation of Microsoft SharePoint Vulnerabilities: Threat Brief

https://unit42.paloaltonetworks.com/microsoft-sharepoint-cve-2025-49704-cve-2025-49706-cve-2025-53770/

2. Threat Research: Investigation of RMM Tools Leveraged by Ransomware Gangs in Real-World Incidents

https://www.catonetworks.com/blog/cato-ctrl-investigation-of-rmm-tools/

3. Quick-Skoping through Netskope SWG Tenants - CVE-2024-7401

https://quickskope.com/

4. Unmasking Malicious APKs: Android Malware Blending Click Fraud and Credential Theft

https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/unmasking-malicious-apks-android-malware-blending-click-fraud-and-credential-theft/

5. Exploiting weak CSRF Tokens

https://medium.com/@arsenatic/exploiting-weak-csrf-tokens-9b248070a19f

6. Red Stealer — Threat Intelligence

https://tizimass.medium.com/red-stealer-threat-intelligence-ccf932b7bd2d

---

Light Reading:

1. Before Vegas: The “Red Hackers” Who Shaped China’s Cyber Ecosystem

https://ethz.ch/content/dam/ethz/special-interest/gess/cis/center-for-securities-studies/pdfs/before-vegas-cyberdefense-report.pdf

2. How China’s Patriotic ‘Honkers’ Became the Nation’s Elite Cyberspies

https://www.wired.com/story/china-honkers-elite-cyber-spies/

3. Kyiv as the New Berlin: Ukraine’s Role in Modern Espionage Conflict

https://smallwarsjournal.com/2025/07/22/kyiv-as-the-new-berlin-ukraine-role-in-modern-espionage-conflict/

4. Mobile Threat Landscape Report: Q2 2024

https://www.lookout.com/threat-intelligence/report/q2-2024-mobile-landscape-threat-report

---

LCSC-IE, Cyber Threat Intel News 🇮🇪Jul 18, 2025

🟥𝐋𝐂𝐒𝐂-𝐈𝐄 𝐃𝐚𝐢𝐥𝐲 𝐂𝐲𝐛𝐞𝐫 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐅𝐢𝐧𝐝𝐢𝐧𝐠𝐬-𝟏𝟖 𝐉𝐮𝐥𝐲 𝟐𝟎𝟐𝟓🟥

1. House hearing will use Stuxnet to search for novel ways to confront OT cyberthreats

https://cyberscoop.com/house-homeland-stuxnet-hearing-garbarino-critical-infrastructure-ot/

2. From ‘P@ssw0rd’ to payday: Weak credentials threaten financial systems

https://www.digitaljournal.com/tech-science/from-pssw0rd-to-payday-weak-credentials-threaten-financial-systems/article

3. Why hackers love Europe’s hospitals

https://www.politico.eu/article/hackers-europe-hospitals-cyber-attack-data-security-technology-internet-crime-russia/?utm_source=RSS_Feed&utm_medium=RSS&utm_campaign=RSS_Syndication

---

Global Breaches and Data Leaks:

1. Hacker steals $27 million in BigONE exchange crypto breach

https://bigone.zendesk.com/hc/en-us/articles/48916067512345-BigONE-Security-Incident-Disclosure-and-Progress-Update-July-16

---

Tactical Reports with IOCs:

1. Chinese Malware Delivery Domains: Part III

https://dti.domaintools.com/chinese-malware-delivery-domains-part-iii/

2. MaaS operation using Emmenhtal and Amadey linked to threats against Ukrainian entities

https://blog.talosintelligence.com/maas-operation-using-emmenhtal-and-amadey-linked-to-threats-against-ukrainian-entities/

3. Katz Stealer | Powerful MaaS On the Prowl for Credentials and Crypto Assets

https://www.sentinelone.com/blog/katz-stealer-powerful-maas-on-the-prowl-for-credentials-and-crypto-assets/

4. Research into new breeds of loaders running TorNet and PureHVNC

https://sect.iij.ad.jp/blog/2025/07/loader-executing-tornet-and-purehvnc/

5. UAC-0001 cyberattacks on the security and defense sector using the LAMEHUG software using LLM (large language model) (CERT-UA#16039)

https://cert.gov.ua/article/6284730

6. Ghost Crypt Powers PureRAT with Hypnosis

https://www.esentire.com/blog/ghost-crypt-powers-purerat-with-hypnosis

7. Analysis of the threat case of kimsuky group using 'ClickFix' tactic

https://www.genians.co.kr/en/blog/threat_intelligence/suky-castle

8. Scanception: A QRiosity-Driven Phishing Campaign

https://cyble.com/blog/scanception-a-qriosity-driven-phishing-campaign/

9. Widespread gov.br Subdomain Abuse: 630k+ URLs Leveraged for Black Hat SEO Redirects

https://hunt.io/blog/gov-br-subdomain-seo-poisoning-630k-urls

10. Signed and stealing: uncovering new insights on Odyssey infostealer

https://www.jamf.com/blog/signed-and-stealing-uncovering-new-insights-on-odyssey-infostealer/

11. Malware Identified in Attacks Exploiting Ivanti Connect Secure Vulnerabilities

https://blogs.jpcert.or.jp/en/2025/07/ivanti_cs.html

---

APT IOCs:

1. Lazarus

45.61.160[.]28
45.61.165[.]45

2. APT28

144.126.202[.]227
router.huggingface[.]co
Stayathomeclasses[.]com/slpw/up[.]php

---

Threat Hunting / DFIR/ Malware:

1. Hangro: Investigating North Korean VPN Infrastructure Part 2

https://nkinternet.wordpress.com/2025/07/16/hangro-investigating-north-korean-vpn-infrastructure-part-2/

2. Automated Function ID Database Generation in Ghidra on Windows

https://blog.mantrainfosec.com/blog/17/automated-function-id-database-generation-in-ghidra-on-windows

3. RMMs: A Gateway for Bulk Attacks on MSP Customers, Pt. II

https://www.huntress.com/blog/rmm-gateway-for-bulk-attacks-on-msp-customers-part-2

4. CryptoJacking is dead: long live CryptoJacking

https://cside.dev/blog/cryptojacking-is-dead-long-live-cryptojacking

5. LARVA-208’s New Campaign Targets Web3 Developers

https://catalyst.prodaft.com/public/report/larva-208s-new-campaign-targets-web3-developers/overview#heading-1000

6. Velociraptor:Linux.Sys.Modinfo - Collects detailed metadata about Linux kernel modules using modinfo. Useful for malicious kernel module hunting

https://docs.velociraptor.app/exchange/artifacts/pages/modinfo/

7. The Good, the Bad, and the Encoding: An SS7 Bypass Attack

https://www.enea.com/insights/the-good-the-bad-and-the-encoding-an-ss7-bypass-attack/

8. PoisonSeed bypassing FIDO keys to ‘fetch’ user accounts

https://expel.com/blog/poisonseed-bypassing-fido-keys-to-fetch-user-accounts/

9. New phishing scam lures users with fake HR policy updates

https://www.kaspersky.com/blog/employee-handbook-phishing-scheme/53836/

10. Primary Attack Vectors Persist

https://www.sentinelone.com/blog/primary-attack-vectors-persist/

11. Ransomware Gangs Uninstall Two-Factor Authentication Apps

https://www.knowyouradversary.ru/2025/07/198-ransomware-gangs-uninstall-two.html

12. RansomedVC is back — and is still attacking its competitors

https://databreaches.net/2025/07/17/ransomedvc-is-back-and-is-still-attacking-its-competitors/?pk_kwd=ransomedvc-is-back-and-is-still-attacking-its-competitors

13. PSLoramyra Fileless Loader: Advanced YARA Detection, Memory Forensics, and Cross-Platform Threat Evolution

https://blog.alphahunt.io/psloramyra-fileless-loader-advanced-yara-detection-memory-forensics-and-cross-platform-threat-evolution/

14. Hannibal Stealer vs. Browser Security

https://netlas.io/blog/hannibal_stealer_part_1/

15. Threat hunting case study: Lumma infostealer

https://intel471.com/blog/threat-hunting-case-study-lumma-infostealer

16. New WAFFLED Attack Exploits AWS, Azure, Cloud Armor, Cloudflare, and ModSecurity WAFs

https://arxiv.org/pdf/2503.10846v1

---

Light Reading:

1. Submarine Cables Face Increasing Threats Amid Geopolitical Tensions and Limited Repair Capacity

https://www.recordedfuture.com/research/submarine-cables-face-increasing-threats

2. Keeping Up With The Hacktivists

https://public-assets.graphika.com/reports/graphika-report-keeping-up-with-the-hacktivists.pdf

3. Is China’s Military Ready for War?

https://www.foreignaffairs.com/china/chinas-military-ready-war

4. OSINT images show crowded Russian Black Sea fleet base and low operational activity

https://odessa-journal.com/osint-images-show-crowded-russian-black-sea-fleet-base-and-low-operational-activity

5. Inside the Nobitex Hack: How the Iran-Israel Conflict Exposed Tehran's Grip on Its Crypto Services

https://www.trmlabs.com/resources/blog/inside-the-nobitex-hack-how-the-iran-israel-conflict-exposed-tehrans-grip-on-its-crypto-services

---

House hearing will use Stuxnet to search for novel ways to confront OT cyberthreats

The House Homeland Committee will revisit the malware to use the knowledge from the spy effort to explore the domestic threats facing the U.S. in 2025.

CyberScoop

LCSC-IE, Cyber Threat Intel News 🇮🇪Jul 17, 2025

🟥𝐋𝐂𝐒𝐂-𝐈𝐄 𝐃𝐚𝐢𝐥𝐲 𝐂𝐲𝐛𝐞𝐫 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐅𝐢𝐧𝐝𝐢𝐧𝐠𝐬-𝟏𝟕 𝐉𝐮𝐥𝐲 𝟐𝟎𝟐𝟓🟥

News:

1. Ireland: Nearly one-third of Irish firms paid a cyber ransom in last year

https://www.siliconrepublic.com/enterprise/ireland-business-cyber-ransom-survey-expleo

2. Ireland: Staff retention and cybercrime curtailing companies, survey finds

https://www.siliconrepublic.com/business/cost-of-living-competition-cybercrime-companies-survey

3. Most European Financial Firms Still Lagging on DORA Compliance

https://www.infosecurity-magazine.com/news/european-financial-dora-compliance/

4. 67% of EU governmental institutions score D or F for cybersecurity efforts

https://www.globenewswire.com/news-release/2025/07/17/3116984/0/en/67-of-EU-governmental-institutions-score-D-or-F-for-cybersecurity-efforts.html

5. Romania expands scope of NIS2 implementation

https://cms-lawnow.com/en/ealerts/2025/07/romania-expands-scope-of-nis2-implementation

6. Korean SGI ransomware attack puts lax financial cybersecurity rules under scrutiny

https://www.koreatimes.co.kr/business/banking-finance/20250717/sgi-ransomware-attack-puts-lax-financial-cybersecurity-rules-under-scrutiny

7. Armenian National Extradited to the United States Faces Federal Charges for Ransomware Extortion Conspiracy

https://www.justice.gov/usao-or/pr/armenian-national-extradited-united-states-faces-federal-charges-ransomware-extortion

8. Google’s Big Sleep Foils Hackers by Spotting SQLite Flaw Before Exploit

https://www.techrepublic.com/article/news-google-big-sleep-sqlite-zero-day/

9. Cambodia Makes 1,000 Arrests in Latest Crackdown on Cybercrime

https://www.securityweek.com/cambodia-makes-1000-arrests-in-latest-crackdown-on-cybercrime/

---

Global Breaches and Data Leaks:

1. HLB Ireland: Accountancy, Assurance and Tax Advice Service Targeted by the Ransomware Group Safepay

https://www.ransomware.live/id/aGxiLmllQHNhZmVwYXk=

2. United Australia Party Confirms Major Ransomware Attack and Data Breach

https://thecyberexpress.com/uap-data-breach/

---

Tactical Reports with IOCs:

1. Phish and Chips: China-Aligned Espionage Actors Ramp Up Taiwan Semiconductor Industry Targeting

https://www.proofpoint.com/us/blog/threat-insight/phish-china-aligned-espionage-actors-ramp-up-taiwan-semiconductor-targeting

2. Old Miner, New Tricks

https://www.fortinet.com/blog/threat-research/old-miner-new-tricks

3. KAWA4096’s Ransomware Tide: Rising Threat With Borrowed Styles

https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/kawa4096s-ransomware-tide-rising-threat-with-borrowed-styles/?&web_view=true

4. UNG0002: Regional Threat Operations Tracked Across Multiple Asian Jurisdictions

https://www.seqrite.com/blog/ung0002-espionage-campaigns-south-asia/

5. GhostContainer backdoor: malware compromising Exchange servers of high-value organizations in Asia

https://securelist.com/ghostcontainer/116953/

6. From a Teams Call to a Ransomware Threat: Matanbuchus 3.0 MaaS Levels Up

https://engage.morphisec.com/hubfs/Matanbuchus%20Threat%20Analysis.pdf

7. Lookout Discovers Massistant Chinese Mobile Forensic Tooling

https://www.lookout.com/threat-intelligence/article/massistant-chinese-mobile-forensics

8. Ongoing SonicWall Secure Mobile Access (SMA) Exploitation Campaign using the OVERSTEP Backdoor

https://cloud.google.com/blog/topics/threat-intelligence/sonicwall-secure-mobile-access-exploitation-overstep-backdoor

9. Fake Receipts Generators: the rising threat to major retail brands

https://www.group-ib.com/blog/fake-receipts-generators/

10. How Shortcut Files (.LNK) used to Deliver Ransomware

https://darkatlas.io/blog/how-shortcut-files-lnk-used-to-deliver-ransomware

11. Dissecting the ClickFix User-Execution Attack and Its Sophisticated Persistence via ADS

https://medium.com/@ireneusz.tarnowski/dissecting-the-clickfix-user-execution-attack-and-its-sophisticated-persistence-via-ads-54435da7176b

12. New Malware campaign on MacOS

https://medium.com/@paundrapujodarmawan/new-malware-campaign-on-macos-eefe330a4a37

13. Remcos RAT – Active IOCs

https://rewterz.com/threat-advisory/remcos-rat-active-iocs-25

---

APT IOCs:

1. Lazarus: Source Validin

apply-camera[.]com
assessalign[.]com
eliteshire[.]com
eskillence[.]com
evalonboard[.]com
hirelytics360[.]com
interviews360[.]com
jobinterviews360[.]com
mat-techcore[.]org
axieinfinity[.]assessalign[.]com
axieinfinity[.]hirelytics360[.]com
blog[.]evalonboard[.]com
cex[.]apply-camera[.]com
crosstheages[.]eskillence[.]com
crosstheages[.]hirelytics360[.]com
doodles[.]interviews360[.]com
finnt[.]evalonboard[.]com
tellus[.]evalonboard[.]com
theta[.]apply-camera[.]com
theta[.]evalonboard[.]com
thorequities[.]eskillence[.]com
yuga[.]jobinterviews360[.]com

2. Kimsuky: Source VT

drover[.]crabdance[.]com
goole[.]n-e[.]kr
gooqle[.]n-e[.]kr
kns[.]p-e[.]kr
kwac[.]p-e[.]kr
nover[.]n-e[.]kr
store[.]farted[.]net
accounts[.]gooqle[.]n-e[.]kr
aconts[.]goole[.]n-e[.]kr
land[.]gooqle[.]n-e[.]kr
mail[.]kns[.]p-e[.]kr
nid[.]kwac[.]p-e[.]kr
nid[.]nover[.]n-e[.]kr
privateaccounts[.]gooqle[.]n-e[.]kr
storeer[.]chickenkiller[.]com

---

Threat Hunting / DFIR/ Malware:

1. Malware in DNS

https://dti.domaintools.com/malware-in-dns/

2. Hiding Payloads in Linux Extended File Attributes

https://isc.sans.edu/diary/rss/32116

3. Actionable threat hunting with GTI (II) - Analyzing a massive phishing campaign

https://www.googlecloudcommunity.com/gc/Community-Blog/Actionable-threat-hunting-with-GTI-II-Analyzing-a-massive/ba-p/923129?linkId=15662116

4. I SPy: Escalating to Entra ID's Global Admin with a first-party app

https://securitylabs.datadoghq.com/articles/i-spy-escalating-to-entra-id-global-admin/

5. Golden dMSA: What Is dMSA Authentication Bypass?

https://www.semperis.com/blog/golden-dmsa-what-is-dmsa-authentication-bypass/