svoboda.center Logo svoboda.center

Svoboda Cybersecurity Brief September 30, 2025

Private VPN — just $1.2/mo

Largest Cryptocurrency Seizure Ends in Conviction

UK authorities convicted Zhimin Qian (“Bitcoin Queen”) for laundering £5.5 billion ($7.3B) in Bitcoin from a fraudulent high-return investment scheme affecting 128,000 victims in China (2014–2017). 61,000 Bitcoin were seized, now the largest crypto seizure globally.
Source: BleepingComputer

Japan’s Top Brewer Halts Operations After Cyberattack

Asahi Group Holdings suspended ordering, shipping, and customer services due to a cyberattack disrupting Japan-based systems. No data theft confirmed yet, but recovery timeline remains unclear.
Source: BleepingComputer

Ransomware Gang Recruits BBC Reporter as Insider Threat

Medusa ransomware attempted to bribe a BBC cybersecurity reporter (~$55K BTC) for network access, deploying MFA bombing tactics. The journalist alerted internal security, thwarting the attack.
Source: BleepingComputer

UK Backs Jaguar Land Rover with £1.5B Post-Ransomware Loan

JLR received a government-backed loan after a Scattered Spider/Lapsus$ ransomware attack halted production, exposing data. Attackers exploited unconfirmed SAP vulnerabilities and lacked cyberinsurance.
Source: SecurityWeek

Harrods Data Breach Exposes 430K Records via Third-Party

Attackers compromised a supplier to Harrods, stealing customer names, contact details, and loyalty program tags. No passwords or payment data were leaked, but phishing risks remain.
Source: BleepingComputer

EvilAI Malware Poses as Legitimate AI Tools Globally

Trend Micro uncovered EvilAI, malware disguised as productivity tools (e.g., PDF Editor, Recipe Lister) signed with disposable certificates. Targets manufacturing, government, and healthcare sectors globally.
Impact: Data exfiltration, reconnaissance, and persistence via AES-encrypted C2.
Mitigation: Verify software signatures, monitor network traffic for unusual C2 activity.
Source: The Hacker News

Akira Ransomware Exploits SonicWall VPN Flaw (CVE-2024-40766)

Akira abuses MFA-enabled SonicWall VPNs (OTP bypass) and legitimate tools like Datto RMM for rapid encryption (<4hrs dwell time). Arctic Wolf warns of ongoing attacks.
Impact: Ransomware deployment via VPN compromise.
Mitigation: Patch SonicWall, restrict VPS logins, monitor Impacket SMB activity.
Source: SecurityWeek

Dutch Teens Arrested for Wi-Fi Sniffing for Russian Hackers

Two 17-year-olds allegedly mapped Europol/Eurojust Wi-Fi networks using sniffers after recruitment via Telegram. One remains in custody, highlighting youth exploitation in espionage.
Source: SecurityWeek

Malicious npm Package “postmark-mcp” Steals Emails

A rogue npm library (1,643 downloads) BCC’d emails to phan@giftshop[.club] via a one-line backdoor. First observed malicious MCP server in the wild.
Impact: Sensitive email exfiltration.
Mitigation: Remove postmark-mcp v1.0.16+, rotate exposed credentials.
Source: The Hacker News

AI-Phishing Campaign Uses SVG Files to Bypass Defenses

Microsoft observed LLM-crafted SVG phishing lures with business jargon obfuscation redirecting to credential harvesters. CAPTCHA pages added legitimacy.
Impact: Credential theft via deceptive SVG files.
Mitigation: Block SVG execution in emails, train staff on LLM-aided social engineering.
Source: The Hacker News

Share this brief: https://svo.bz/Xsji

If you want to support us, you can donate here: Donate