<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 3/21/2025

SHARE

Top News

Chinese I-Soon Hackers Hit 7 Organizations in Operation FishMedley

The operational arm of the Chinese cybersecurity firm I-Soon compromised government organizations, NGOs, and think tanks in a 2022 campaign, ESET reports. I-Soon (Anxun Information Technology) is a private contractor linked to the Ministry of Public Security, China's top policing agency, and its operational arm, tracked as FishMonger, Earth Lusca, TAG-22, Aquatic Panda, and Red Dev 10, reportedly carries out cyber operations in line with Beijing's interests. READ MORE...

Hacking

Ukraine Defense Sector Under Attack via Dark Crystal RAT

Ukraine's Computer Emergency Response Team (CERT-UA) is warning of a new cyber-espionage campaign targeting defense-sector organizations, using malware known as Dark Crystal RAT (DCRat). DCRat is a remote access Trojan (RAT) created by a Russian developer. Written in C#, the malware is popular among entry-level hackers but has many features associated with more advanced threat actors, such as custom plug-ins and a modular architecture. READ MORE...


Semrush impersonation scam hits Google Ads

Criminals are highly interested in online marketing and advertising tools that they can leverage as part of their ongoing malware campaigns. In particular, we have previously detailed how Google advertiser accounts can be hijacked to create new malicious ads and perpetuate a vicious cycle leading to more compromised accounts. As part of our investigations, we uncovered a new operation going after Semrush, a visibility management SaaS platform. READ MORE...

Malware

Paragon spyware deployed against journalists and activists, Citizen Lab claims

Israeli spyware maker Paragon Solutions pitches its tools as helping governments and law enforcement agencies to catch criminals and terrorists, but a fresh Citizen Lab report claims its software has been used to target journalists, activists, and other civilians. Its flagship spyware, Graphite, is pitched as a more restrained alternative to NSO Group's Pegasus, as it allows surveillance of messaging apps without taking full control of a target's phone. READ MORE...


BlackLock Ransomware: What You Need To Know

BlackLock is a relatively new ransomware group. First seen in March 2024, the ransomware operation initially operated under the name El Dorado, before rebranding as BlackLock late last year. BlackLock follows a RaaS (ransomware-as-a-service) business model, leasing its tools and infrastructure to affiliates who launch attacks, sharing a proportion of the proceeds with BlackLock. Like many other ransomware groups, BlackLock both encrypts victims' files and exfiltrates data. READ MORE...

Exploits/Vulnerabilities

VSCode extensions found downloading early-stage ransomware

Two malicious VSCode Marketplace extensions were found deploying in-development ransomware, exposing critical gaps in Microsoft's review process. The extensions, named "ahban.shiba" and "ahban.cychelloworld," were downloaded seven and eight times, respectively, before they were eventually removed from the store. It is notable that the extensions were uploaded onto the VSCode Marketplace, bypassing safety review processes and remaining on Microsoft's store for an extensive period of time. READ MORE...


New Jailbreak Technique Uses Fictional World to Manipulate AI

Cybersecurity firm Cato Networks has discovered a new LLM jailbreak technique that relies on narrative engineering to convince a gen-AI model to deviate from normalized restricted operations. Called Immersive World, the technique is straightforward: in a detailed virtual world where hacking is the norm, the LLM is convinced to help a human create malware that can extract passwords from a browser. READ MORE...

On This Date

  • ...in 1963, Alcatraz Federal Penitentiary closes its doors as a maximum security prison.
  • ...in 1965, Dr. Martin Luther King, Jr. leads 3,200 people in a third and final civil rights march from Selma to Montgomery, AL in support of voting rights.
  • ...in 1980, President Jimmy Carter announces a U.S. boycott of the 1980 Summer Olympics in Moscow, in protest of the Soviet war in Afghanistan.
  • ...in 1980, the TV series "Dallas" airs its third-season finale, leading to months of speculation about "Who Shot J.R.?"