Date: 1.27.25

---

🚨 Top Headlines

Industry leaders explain how AI will change cybersecurity

Summary: COMMENTARY: Over the past year, the security industry has grappled with the widespread adoption of AI as an essential technology for protecting against cyberattacks and, in the hands of criminals, a formidable weapon disrupting traditional approaches to security.

Source: SC MEdia

Scammers Are Creating Fake News Videos to Blackmail Victims

Summary: The number of people affected by the 2024 Change Healthcare cyberattack is almost double the previous estimates, and now sits at approximately 190 million, the company has admitted.

“Change Healthcare has determined the estimated total number of individuals impacted by the Change Healthcare cyberattack is approximately 190 million,” said Tyler Mason, a spokesperson for UnitedHealth Group.

Source: TechRadar

China’s DeepSeek AI poses formidable cyber, data privacy threats

Summary: China’s DeepSeek AI model represents a transformative development in China’s AI capabilities, and its implications for cyberattacks and data privacy are particularly alarming. By leveraging DeepSeek, China is on its way to revolutionizing its cyber-espionage, cyberwarfare, and information operations, all of which pose significant threats to the U.S. and the West.

DeepSeek’s advanced AI architecture, built on access to vast datasets and cutting-edge processing capabilities, is particularly suited for offensive cybersecurity operations and large-scale exploitation of sensitive information. It is designed to operate in complex and dynamic environments, potentially making it superior in applications like military simulations, geopolitical analysis, and real-time decision-making.

Source: Biometric Update

---

🔍 Emerging Threats and Indicators

Malware Campaigns

MintsLoader Delivers StealC Malware and BOINC in Targeted Cyber Attacks

Summary: Threat hunters have detailed an ongoing campaign that leverages a malware loader called MintsLoader to distribute secondary payloads such as the StealC information stealer and a legitimate open-source network computing platform called BOINC.

Source: The Hacker News

Reddit, WeTransfer pages spoofed in Lumma Stealer campaign

Summary: Nearly 1,000 fake Reddit and WeTransfer pages are being used to spread Lumma Stealer malware, a Sekoia.io researcher reported this week. The Sekoia lead cybercrime analyst, who goes by crep1x, posted screenshots of the spoofed Reddit and WeTransfer pages on X Monday, and also shared a full list of the phishing domains.

Source: SC World

Phishing Campaigns

Ross Ulbricht’s donors targeted in phishing attacks on Telegram

Summary: Ross Ulbricht’s followers and others donating to his cause are being targeted by scammers using phishing attacks on social media, especially Telegram. The scammers are capitalizing on the public support that the pardoned Silk Road founder is getting, with his supporters and the general public donating to the cause.

Source: Cryptopolitan

---

📈 Sector-Specific Intelligence

Healthcare:

Cobalt Strike and A Pair of SOCKS Lead to Lockbit Ransomware

Summary: 

• This intrusion began with the download and execution of a Cobalt Strike beacon that impersonated a Windows Media Configuration Utility.
• The threat actor used Rclone to exfiltrate data from the environment. First they attempted FTP transfers, that failed, before moving to using MEGA.io. A day later they ran a second successful FTP exfiltration.
• The threat actor created several persistent backdoors in the environment, using scheduled tasks, GhostSOCKS and SystemBC proxies, and Cobalt Strike command and control access.
• LockBit ransomware was deployed across the environment on the 11th day of the intrusion.

Source: The DFIR Report

Infrastructure:

Salt Typhoon Telecom Breach is Wake-Up Call for Threats to U.S. Digital Infrastructure

Summary: The discovery of the Salt Typhoon hackers, accessing the cell data of U.S. political figures through at least ten telecommunications providers ahead of the 2024 election, marks a concerning evolution in nation-state cyber operations. This breach underscores the evolving tactics of state-sponsored cyber espionage, emphasizing the urgent need for enhanced cybersecurity measures and scrutiny of existing policy to safeguard sensitive communications and national security

Source: The Fast Mode

---

🌐 Global Threat Landscape

Notable APT Activities:

Iranian hacker group targets Israeli kindergartens PA systems

Summary: An Iranian-linked cyberattack targeted kindergartens in Israel on Sunday, disrupting public address (PA) systems and infiltrating emergency systems in at least 20 locations by exploiting vulnerabilities in a private company’s infrastructure.

Handala, an Iranian cyber group linked to Iran’s Ministry of Intelligence (MOIS), claimed responsibility for the attack on its Telegram channel.

Source: InranIntl

---

⚠️ Critical Alerts from Official Channels

CISA: 

CISA Warns of Old jQuery Vulnerability Linked to Chinese APT

Summary: CVE-2020-11023 was disclosed in April 2020. The vulnerability has been described as a medium-severity XSS issue that can be exploited for arbitrary code execution. jQuery, a library designed to make it easier to use JavaScript, is widely used. After the vulnerability was disclosed, several major organizations published advisories to inform customers about its impact on their products, including Linux distributions, F5, IBM, and Atlassian.

Source: Security Week

---

Prepared by: Krypt3ia
For inquiries, contact: [email protected]

---

Disclaimer: This digest is for informational purposes only. Use provided intelligence responsibly and validate all IOCs before implementing network or system changes.