Threat Briefing: February 14, 2025

There are multiple ways to disrupt cyber threats. One effective approach is apprehending cybercriminals, as seen this week when several individuals linked to the 8Base ransomware group were arrested. This operation dismantled their infrastructure and websites. Similarly, enforcement actions have targeted 8Base-related systems and sanctioned businesses, such as a Russian company known for supporting LockBit.

Another method involves disabling critical infrastructure. The Thai government recently took this step by cutting power and telecommunications to disrupt scam centers operating in the country.

Organizations can also mitigate cyber threats by restricting access to compromised websites or applications, reducing potential attack vectors.

• International Law Enforcement Disrupts 8Base Ransomware Operation – An international law enforcement operation has taken down the 8Base ransomware site and led to the arrest of four individuals allegedly linked to the group. The arrested individuals are accused of carrying out ransomware attacks that resulted in over $16 million in losses across more than 1,000 victims. Cybersecurity researchers have identified connections between 8Base ransomware and the Phobos and RansomHouse variants, noting that early versions of 8Base shared significant code similarities with Phobos. In 2024, the U.S. government indicted a Russian national for his involvement with the Phobos ransomware. The Record
• 20 Million OpenAI Account Credentials Allegedly for Sale on Cybercrime Forum – A cybercriminal offered credentials for 20 million OpenAI accounts for sale on the BreachForums marketplace. OpenAI stated that there is no evidence suggesting these credentials were obtained from their systems. Instead, they were likely harvested using information-stealing malware, including Lumma, Vidar, StealC, and RisePro. However, the post advertising the stolen credentials was later removed from BreachForums. Security Week
• U.S. and Allies Sanction Russian Company Zservers for Supporting Cybercrime – The U.S., Australian, and U.K. governments have sanctioned Russian company Zservers for providing bulletproof hosting services used in cybercriminal activities. Two Russian nationals involved in operating the company were also sanctioned. According to the U.S. government, the LockBit ransomware group leased IP addresses from Zservers, and a LockBit affiliate arrested in Canada in 2022 was found to have used the company’s services. Additionally, a blockchain analysis firm identified further links between Zservers and LockBit. The Record
• Thailand Cuts Power and Telecom Services to Disrupt Scam Centers – The Thai government has shut down power and telecommunications in areas near the Myanmar border known to harbor scam and fraud operations. These facilities, operated by criminal groups, serve as hubs for large-scale financial fraud run through call centers. Criminal networks have trafficked an estimated 120,000 people from Southeast Asia to work in these operations. As of 2023, scams originating from these centers have caused over $1 trillion in financial losses. Bank Info Security
• Intel Patches 374 Vulnerabilities in 2024, Increasing Security Across Software, Firmware, and Hardware – In 2024, Intel addressed 374 vulnerabilities, marking a 6% increase from 2023. The company awarded bug bounties for nearly half of these fixes, with over 80% of the rewards given for software vulnerabilities and the remainder for firmware issues. These patches enhance security across Intel’s software, firmware, and hardware platforms. Security Week