ZeroFox Daily Intelligence Brief - March 6, 2025

ZeroFox Daily Intelligence Brief - March 6, 2025

ZeroFox Intelligence collects, curates, and analyzes information derived from open and proprietary sources. Here is today’s daily roundup to give you and your clients an advantage over the adversary.

Brief Highlights

• Silk Typhoon Shifts Focus to IT Supply Chains
• Treasury Sanctions Chinese Entities Involved in Breaching Confidential U.S. Information
• Hunters International Group Threatens to Leak 1.4 TB Data from India’s Tata Technologies

Silk Typhoon Shifts Focus to IT Supply Chains

Source: https://www.bleepingcomputer.com/news/security/silk-typhoon-hackers-now-target-it-supply-chains-to-breach-networks/

What we know: Silk Typhoon has been observed shifting its gears from directly targeting high-profile government entities to targeting indiscriminate users by breaching remote management tools and cloud services in supply chain attacks.

Context: The group has been exploiting vulnerabilities in edge devices and targeting victims across industries like government, IT, non profits, defense, and more. Additionally, the group has now begun exploiting cloud services and remote management tools, while leaving minimal traces behind when stealing data by clearing logs.

Analyst note: By targeting IT supply chains, the group could further gain access and establish persistence in affected devices for continued espionage activities by exploiting vulnerabilities within a company's third-party vendors or suppliers. Compromising IT service providers and cloud platforms enables access to multiple downstream victims, including government agencies, defense contractors, and major corporations, likely allowing for data collection without needing to breach each target individually.

Treasury Sanctions Chinese Entities Involved in Breaching Confidential U.S. Information

Source: https://home.treasury.gov/news/press-releases/sb0042

What we know: U.S. law enforcement bodies are charging two individuals connected with APT 27, eight employees of i-Soon—a Chinese technology company—and two officers of China’s Ministry of Public Security (MPS) for their involvement in cyberattacks targeting critical infrastructure.

Context: The sanctioned individuals, especially i-Soon employees, have illegally acquired, brokered, and sold data from U.S. critical infrastructure networks, including the defense industrial base, communications, health, and government sectors. The 2024 i-Soon data breach provided important insights on how the Chinese Government collaborated with private companies in espionage campaigns

Analyst note: Apprehending these individuals and designating these companies likely exposes details about cyber tactics that China uses in place of military efforts to gain strategic intelligence on global power. The collective actions of these individuals and companies have likely endangered national security in aiding China in its global espionage efforts.

Hunters International Group Threatens to Leak 1.4 TB Data from India’s Tata Technologies

Source: https://cloud.zerofox.com/intelligence/advanced_dark_web/82355

What we know: The Hunters International ransomware group is threatening to leak 1.4TB of data allegedly associated with Tata Technologies Ltd., one of India’s key tech developers and state project contractors and a subsidiary of multinational conglomerate Tata Group.

Context: On January 31, Tata Technologies notified the National Stock Exchange of India about a ransomware incident that affected a few of its IT assets without impacting client delivery services. The company suspended the affected systems to contain the attack and launched an investigation.

Analyst note: Hunters International, notoriously known for targeting big companies, has seemingly given Tata Technologies about six days to pay the ransom, after which it will likely release the data it claims to possess. Hunters International is likely a rebrand of a dismantled group called Hive, which targeted another Tata group subsidiary in October 2022 and leaked some data when the company refused to pay the ransom.

DEEP AND DARK WEB INTELLIGENCE

BreachForums user sentap: Untested threat actor "sentap" has advertised web panel access with administrator rights to JH Global Technology company based in Bangladesh on BreachForums. If the claims in the advertisement are true, the actor who acquires the access could breach into the company’s network and run malicious codes, exfiltrate sensitive information, change network settings to take down security defenses, or maintain persistent access for cyber espionage purposes.

VULNERABILITY AND EXPLOIT INTELLIGENCE

CVE-2025-1914: Google has patched this out of bounds memory access vulnerability in V8 in Google Chrome. Threat actors could exploit this bug to steal sensitive data or help them bypass browser security by tricking users into visiting a malicious website.

Affected products: V8 in Google Chrome versions prior to 134.0.6998.35