February 03, 2025
Our analyst team shares a few articles each week in our email newsletter which goes every Thursday. Make sure to register! This blog highlights those articles in order of what was the most popular in our newsletter – what our readers found the most intriguing. Stay tuned for a recap every month. We hope sharing these resources and news articles emphasizes the importance of cybersecurity and sheds light on the latest in threat intelligence.
1. Iranian and Russian Entities Sanctioned for Election Interference Using AI and Cyber Tactics – The Hacker News
The Lazarus Group, a North Korean state-backed cyber threat actor, was found to have targeted at least two employees at an unnamed “nuclear-related” organization. The attacks occurred in January 2024 and, according to BleepingComputer, involved the deployment of a new backdoor dubbed “CookiePlus.” The attacks were part of the ongoing cyber espionage campaign “Operation Dream Job.” Read full article.
2. DOJ Indicts Three Russian Nationals for Involvement in Cryptocurrency Mixing Services – The Hacker News
In a January 10, 2025, press release, the U.S. Department of Justice announced the indictment of three Russian nationals for their role in operating the cryptocurrency mixing services Blender.io and Sinbad.io. Two of the three—Roman Vitalyevich Ostapenko and Alexander Evgenievich Oleynik—were arrested in December, 2024, during an international operation involving the Netherlands’ Financial Intelligence and Investigative Service, Finland’s National Bureau of Investigation, and the Federal Bureau of Investigation (FBI). The third defendant—Anton Vyachlavovich Tarasov—is still at large. Article here.
3. Lazarus Group Spotted Targeting Nuclear Engineers with CookiePlus Malware – The Hacker News
The Lazarus Group, a North Korean state-backed cyber threat actor, was found to have targeted at least two employees at an unnamed “nuclear-related” organization. The attacks occurred in January 2024 and, according to BleepingComputer, involved the deployment of a new backdoor dubbed “CookiePlus.” The attacks were part of the ongoing cyber espionage campaign “Operation Dream Job.” Read more here.
4. President Trump Pardons Silk Road Creator Ross Ulbricht After 11 Years in Prison – The Hacker News
On January 21, U.S. President Donald Trump pardoned Ross Ulbricht, the founder and operator of the notorious dark web marketplace “Silk Road.” As noted by the Department of Homeland Security (DHS), Ulbricht “deliberately operated Silk Road as an online criminal marketplace intended to enable its users to buy and sell drugs and other illegal goods and services anonymously and outside the reach of law enforcement.” The website was ultimately shut down by law enforcement in October 2013, nearly three years after its founding by Ulbricht in January 2011. The founder was convicted of seven offences, including distributing narcotics, engaging in a continuing criminal enterprise, and conspiring to commit money laundering. Read here.
5. Star Blizzard hackers abuse WhatsApp to target high-value diplomats – Bleeping Computer
In a January 16 report, Microsoft Threat Intelligence detailed a new phishing campaign orchestrated by the Russian threat actor Star Blizzard. According to the report, the campaign occurred in November 2024 and targeted individuals in “government, diplomacy, defense policy, international relations, and Ukraine aid organizations.” The newly observed spear-phishing campaign functioned by sending emails impersonating U.S. government officials and claiming to share invitations to join a WhatsApp group pertaining to non-governmental initiatives to support Ukraine. If replied to, the threat actor would follow up with a second email containing a malicious link. Learn more.
6. Chinese hackers targeted sanctions office in Treasury attack – Bleeping Computer
The Chinese state-backed threat actor Silk Typhoon has been linked to a string of attacks against several U.S. Department of the Treasury offices. In December, Chinese hackers gained access to the Treasury’s Office of Foreign Assets Control (OFAC), Committee on Foreign Investment in the US (CFIUS), and Office of Financial Research. The breaches were part of Silk Typhoon’s incursion into the Treasury Department’s unclassified system. Hackers gained access by breaching a BeyondTrust remote management service. The full impact of the Office of Financial Research hack is still being assessed. Read full article.
7. US charges Russian-Israeli as suspected LockBit ransomware coder – Bleeping Computer
In a December 20, 2024, press release, the U.S. Department of Justice (DOJ) announced it had charged 51-year-old Rostislav Panev—a dual Russian and Israeli national—for his suspected role as a developer for the LockBit ransomware group. Panev was arrested in Israel in August where he is currently awaiting extradition. LockBit, the notorious ransomware-as-a-service (RaaS) operation, first emerged in or around 2019 and was disrupted in February 2024 by an international law enforcement operation dubbed “Operation Cronos.” Read full article.
8. Iran’s Charming Kitten Deploys BellaCPP: A New C++ Variant of BellaCiao Malware – The Hacker News
Iranian threat actor Charming Kitten (also known as APT35, CharmingCypress, CALANQUE, Mint Sandstorm, Newscaster, ITG18, TA453, and Yellow Garuda) has been observed utilizing a new variant of BellaCiao malware in its attacks. The cybersecurity firm Kaspersky has dubbed the new C++ variant “BellaCPP.“ BellaCiao malware was first observed in 2023 and has since been used in cyber attacks against organizations in the U.S., India, and the Middle East. Learn more.
Make sure to register for our weekly newsletter to get access to what our analysts are reading on a weekly basis.
The post Threat Intelligence RoundUp: January appeared first on DarkOwl, LLC.