Cyber Briefing: 2025.03.04

?? What's the latest in the cyber world today?

AES Encryption, Threat Actors, ClickFix, Havoc C2, SharePoint, PowerShell, Internet Service Providers, IPs, Brute Force Attacks, Infostealers, Amazon Web Services (AWS) Misconfigurations, Phishing Campaigns, Cybersecurity and Infrastructure Security Agency , Windows Win32k Flaw, Kernel Mode Code Execution, Missouri Department of Conservation , Beeline Business , Ransomware Attack, Penn Harris Madison Schools , QUALINET Page officielle , Data Theft, Adval Tech , UK Information Commissioner's Office , TikTok , Reddit, Inc. , Imgur , Children Data, AWS Ocelot Quantum Chip, Scalability, Reliability, Vodafone , Quantum Safe Technology, SolarWinds , Squadcast .

?Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please subscribe.

?? Cyber Alerts

1. AES Encryption Shields Malicious Payloads

Cybersecurity researchers have found an increase in the use of AES encryption by threat actors to protect their malicious payloads from detection. Malware families like Agent Tesla, XWorm, and FormBook/XLoader are combining AES encryption with other techniques, such as code virtualization, to evade static analysis and sandbox environments. These advanced methods make it harder for traditional security tools to detect and neutralize the threats before execution.

2. Phishing Campaign Uses Havoc C2 Framework

A new phishing campaign has been uncovered, utilizing the ClickFix technique to deliver the Havoc open-source command-and-control framework. The attack begins with a phishing email containing a fake OneDrive error message, which tricks users into executing a malicious PowerShell script. Once the script runs, it downloads and executes further payloads, ultimately deploying Havoc Demon, which grants extensive control over the infected system. This sophisticated attack leverages trusted services like SharePoint and the Microsoft Graph API to conceal command-and-control communications.

3. ISP IPs Targeted to Deploy Infostealers

Over 4,000 Internet service providers IPs from China and the US West Coast have been targeted in a large-scale exploitation campaign involving information stealers and cryptocurrency miners. The attackers used brute-force methods to compromise systems, exploiting weak credentials to gain initial access. Once inside, they deployed executables via PowerShell to scan networks, steal data, and initiate XMRig cryptocurrency mining, consuming the victims' computational resources.

4. Hackers Exploit AWS for Phishing Attacks

A threat group, identified as TGR-UNK-0011, has been exploiting misconfigurations in Amazon Web Services (AWS) environments to send phishing emails. By taking advantage of exposed AWS access keys, they abuse the Simple Email Service (SES) and WorkMail to send malicious messages that bypass email protections. Their attacks have evolved over time, using advanced evasion tactics to remain undetected while maintaining long-term persistence in AWS environments.

5. CISA Warns of Exploited Windows Win32k Flaw

CISA has issued a warning about the exploitation of the CVE-2018-8639 vulnerability in the Microsoft Windows Win32k component. This flaw allows attackers to escalate privileges and run arbitrary code in kernel mode, bypassing security protocols and manipulating system functions. While Microsoft released a patch for this issue in 2018, outdated systems, especially in critical sectors like healthcare and industrial control, remain vulnerable, posing significant risks.

?? Cyber Incidents

6. MDC Investigates Cyberattack on Data Server

The Missouri Department of Conservation (MDC) is currently investigating a cyberattack after being alerted to suspicious activity on one of its data servers by its cybersecurity vendor. In response, MDC activated its Incident Response Team and engaged a third-party cybersecurity team to assess the scope of the issue and determine if any data was compromised. While the department works to gain clarity, it is committed to communicating with affected stakeholders.

7. Beeline Faces Disruption From Cyberattack

Beeline, a major Russian telecom provider with over 44 million subscribers, experienced significant disruptions to its internet services following a distributed denial-of-service (DDoS) attack on Monday. Users in Moscow and surrounding regions reported difficulties accessing the Beeline app, website outages, and internet disruptions. This cyberattack follows a similar incident in February, which caused widespread service interruptions, and is part of a larger pattern of hacktivist attacks on Russian telecom companies this year.

8. Penn Harris Madison School Hit by Ransomware

Penn-Harris-Madison School Corporation in Indiana is grappling with a ransomware attack that disrupted internet and WIFI access across the district. The breach, detected by the tech department, is believed to have compromised various systems, although Google and Clever remained unaffected. IT experts suspect the attack was initiated through an email link or attachment, potentially exposing sensitive student data despite reassurances that social security numbers were not involved.

9. Qualinet Group Hit by Data Theft Cyberattack

The Qualinet Group experienced a significant data theft during a cyberattack at the beginning of winter. Despite immediate action, some customer data was stolen, forcing the company to activate its emergency response and bring in specialists to assess the damage. The stolen data was discovered after an initial analysis, and the company has committed to transparency regarding the incident. The case has been handed over to the Quebec City Police Service for further investigation.

10. Adval Tech Cyberattack Disrupts Operations

Adval Tech, based in Niederwangen, Switzerland, reported a significant cyberattack on March 3, 2025, which disrupted its IT systems globally. The company shut down its IT systems in a controlled manner to mitigate further damage, resulting in potential production delays at multiple locations. As the company works with internal and external cybersecurity specialists alongside relevant authorities to restore business operations, the full scope and impact of the attack remain unclear.

?? Cyber News

11. CISA Denies Shifting Focus on Russian Risks

CISA has refuted recent reports suggesting a change in how it handles cyberthreats from Russia. The reports, which were published by The Guardian, claimed that analysts at CISA had been told not to track or report on Russian cyber threats. According to an anonymous source, CISA officials were informed that a project related to Russian cyber threats was "nixed." CISA, however, strongly denied these claims, reaffirming that its mission to defend against all cyber threats, including those from Russia, remains unchanged.

12. ICO Probes TikTok Reddit for Child Data Use

The U.K.'s Information Commissioner's Office (ICO) has launched investigations into TikTok, Reddit, and Imgur to assess how these platforms are safeguarding children aged 13 to 17. The ICO is specifically focused on the use of personal data from children by TikTok to deliver content recommendations, which may expose young users to harmful or inappropriate material. This inquiry follows growing concerns about the practices of social media platforms and their data handling, particularly regarding the targeting of minors.

13. Amazon Introduces Ocelot Quantum Chip

Amazon Web Services (AWS) has unveiled Ocelot, a quantum computing chip designed to address critical challenges in scalability and reliability in quantum systems. Developed at AWS's Center for Quantum Computing at Caltech, Ocelot incorporates “cat qubits,” which naturally suppress certain errors, reducing the resources required for building error-corrected logical qubits by up to 90%. This advance is seen as a crucial step toward building practical quantum computers capable of solving complex problems that classical computers cannot.

14. Vodafone Trials Quantum Safe Technology

Vodafone is trialling new quantum-safe technology to safeguard smartphone users against potential quantum-enabled attacks in the future. Developed with IBM Quantum Safe technology, this proof of concept will be tested on Vodafone’s Secure Net mobile digital security service, which protects users from phishing, malware, and identity theft. Supported by Akamai, the solution integrates post-quantum cryptography standards into current encryption algorithms to prepare for emerging threats from quantum computing.

15. SolarWinds Acquires Squadcast for IR Boost

SolarWinds has acquired Squadcast, an incident response automation vendor, to enhance its operational response capabilities and streamline incident management processes. The acquisition is expected to improve response times, reduce alert noise, and automate workflows for IT, DevOps, and engineering teams. Squadcast's platform will enable SolarWinds to bridge the gap between traditional observability tools and automated incident response.

Subscribe and Comment.

Copyright ? 2025 CyberMaterial. All Rights Reserved.

Follow CyberMaterial on:

LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium.