svoboda.center Logo svoboda.center

Svoboda Cybersecurity Brief August 03, 2025

Aug 03, 2025

bulletproof VPN - stay anonymous

CL-STA-0969 Targets Telecom Networks in Southeast Asia with Advanced Malware

A state-sponsored threat actor (tracked as CL-STA-0969) compromised telecom networks in Southeast Asia between February–November 2024 using tools like AuthDoor, Cordscan, and GTPDOOR. The group displayed deep knowledge of telecom protocols and employed evasion techniques like DNS tunneling and log deletion.

Impact: Persistent remote access, credential theft, and potential intelligence gathering.
Mitigation: Monitor for unusual SSH activity, enforce MFA, and patch Linux/UNIX systems (CVE-2016-5195, CVE-2021-4034, CVE-2021-3156).
Source: The Hacker News

Akira Ransomware Exploits SonicWall VPNs in Suspected Zero-Day Attacks

Akira ransomware actors breached fully patched SonicWall SSL VPNs in late July 2025, possibly via an unpatched vulnerability or credentials. Attacks showed rapid progression from initial access to encryption.

Impact: Unauthorized network access leading to ransomware deployment.
Mitigation: Disable SSL VPN services until patches are released, enforce MFA, and audit local accounts.
Source: The Hacker News

Plague Backdoor Evades Detection in Linux Systems for a Year

A stealthy Linux backdoor (Plague) leveraged PAM modules to bypass authentication, steal credentials, and erase forensic traces. Samples uploaded to VirusTotal since July 2024 went undetected.

Impact: Persistent access and credential theft with minimal detection.
Mitigation: Audit PAM modules, monitor SSH logs, and use advanced endpoint detection.
Source: The Hacker News

HCA Healthcare Settles $12M+ Over 2023 Breach Affecting 11.2M Patients

HCA Healthcare agreed to settle lawsuits tied to a 2023 breach exposing 27.7M records (names, DOBs, appointment data). The breach stemmed from an external storage compromise by hackers who later sold the data.
Source: DataBreaches.net

Highlands Oncology Group Hit by Medusa Ransomware, 113K Records Exposed

Highlands Oncology Group reported a ransomware attack (January–June 2025) by the Medusa gang, which demanded $700K. Data was potentially exfiltrated but not yet leaked. The same provider suffered a 2023 ransomware incident affecting 55K patients.
Source: DataBreaches.net

Qilin Ransomware Affiliate Credentials Leaked Online

Login credentials for Qilin ransomware’s affiliate panel were exposed, potentially disrupting operations or enabling takedowns by authorities. Qilin was the most active ransomware group in Q2 2025.
Source: DataBreaches.net

Change Healthcare to Notify Patients After Massive Breach

Over 99% of providers delegated breach notifications to Change Healthcare following a 2024 cyberattack impacting millions. The breach disrupted U.S. healthcare billing systems.
Source: DataBreaches.net

Share this brief: https://svo.bz/BQIp

If you want to support us, you can donate here: Donate