Svoboda Cybersecurity Brief July 16, 2025
Jul 16, 2025bulletproof VPN - stay anonymous
Ukraine Wipes 47TB from Russian Military Drone Supplier
Ukrainian cyber specialists (HUR, Ukrainian Cyber Alliance, BO Team) successfully breached Haskar Integration, a major Russian military drone supplier, deleting 47TB of technical data including 10TB of backups. The attack significantly disrupts Russia’s drone production capabilities.
Source: DataBreaches
Hyper-Volumetric DDoS Attacks Peak at 73 Tbps
Cloudflare mitigated 6,500 hyper-volumetric DDoS attacks in Q2 2025, including a record 73 Tbps attack. Targets included telecoms, IT services, and gaming sectors, with China, Brazil, and Germany as top targets. The DemonBot IoT botnet contributed to the attacks.
Source: The Hacker News
Global GROUP RaaS Expands with AI-Driven Extortion
A new ransomware-as-a-service (RaaS) operation, GLOBAL GROUP, emerged as a rebrand of BlackLock, offering AI-driven negotiation tools and targeting sectors like healthcare and oil/gas. The group uses Cisco/Fortinet exploits and a 85% revenue-sharing model for affiliates.
Source: The Hacker News
North Korean Hackers Flood npm with XORIndex Malware
North Korean threat actors deployed 67 malicious npm packages (17,000+ downloads) delivering the XORIndex Loader, which profiles systems and drops BeaverTail/InvisibleFerret malware. This follows their April 2025 campaign with 35 packages.
Source: BleepingComputer
HazyBeacon Malware Targets SE Asian Governments with AWS Lambda C2
A new state-backed Windows backdoor, HazyBeacon, abuses AWS Lambda URLs for C2 to steal trade/tariff data from Southeast Asian governments. It uses DLL side-loading via mscorsvc.dll
and exfiltrates via Google Drive/Dropbox.
Source: The Hacker News
Police Disrupt DiskStation Ransomware Gang
Europol-led Operation Elicius dismantled the Romanian DiskStation ransomware group, which targeted Synology NAS devices globally. The gang extorted $10K–$100K per victim and paralyzed businesses in Italy, France, and NGOs.
Source: BleepingComputer
SVG Smuggling Evades Detection in Phishing Campaigns
Threat actors abuse SVG files with embedded XOR-obfuscated JavaScript to bypass email filters and trigger browser redirects. Campaigns spoof B2B services (finance, utilities) using weak DKIM/DMARC domains.
Impact: Stealthy redirection without file drops.
Mitigation: Block SVG script tags, enforce strict DMARC.
Source: SecurityWeek
AsyncRAT Forks Proliferate with New Variants
AsyncRAT’s open-source code spawned DCRat (anti-AMS/ETW) and Venom RAT, while lesser-known forks like NonEuclid RAT add SSH brute-forcing. The malware family exploits modularity and low entry barriers.
Source: The Hacker News
DOGE Employee Leaks xAI API Key on GitHub
A DOGE employee accidentally exposed an xAI API key in a GitHub commit, granting access to 52 LLMs (including Grok-4). This follows a similar May 2025 leak by another DOGE staffer.
Source: KrebsOnSecurity
Android Malware Konfety Evades Analysis with Malformed APKs
Konfety malware uses BZIP-compressed APKs to crash analysis tools (e.g., APKTool) while running on devices. It mimics legit apps, steals data, and pushes ads via CaramelAds SDK.
Impact: Evades static analysis, delivers secondary payloads.
Mitigation: Avoid third-party app stores, scrutinize APK structures.
Source: BleepingComputer
Abacus Dark Web Market Vanishes in Suspected Exit Scam
Abacus Market (70% darknet market share) shut down, likely an exit scam after withholding $230K/day in user funds. The platform facilitated $300M+ in transactions, mostly via Monero.
Source: BleepingComputer
DragonForce Ransomware Hits Belk, Leaks 156GB Data
DragonForce claimed responsibility for Belk’s May 2024 breach, leaking 156GB of data (SSNs, names). The attack disrupted the retailer’s operations for days.
Source: SecurityWeek
Century Support Services Breach Impacts 160,000
A November 2024 hack exposed SSNs, health/financial data of 160,000 debt settlement clients. No ransomware group has claimed the attack.
Source: SecurityWeek
UK MoD Afghan Refugee Data Leak Timeline Revealed
A 2022 UK MoD email error exposed 33,000 Afghan refugee records, later posted on Facebook in August 2023. The data endangered lives under Taliban rule.
Source: DataBreaches
Share this brief: https://svo.bz/dPyU