Threat Briefing: February 21, 2025

More details continue to emerge about Salt Typhoon, a Chinese cyber group targeting U.S. telecom agencies since last year. The group has leveraged a combination of stolen credentials and unpatched vulnerabilities to carry out its attacks. This serves as a critical reminder of the importance of securing credentials, implementing multi-factor authentication, and promptly patching vulnerabilities to mitigate risks.

Meanwhile, the BlackLock ransomware variant is gaining traction, becoming increasingly prominent this year. Cyber threat actors operate with diverse objectives, but by adopting a collaborative approach and implementing layered defensive measures, cybersecurity teams can stay ahead of evolving threats.

• Cisco Uncovers Tactics of Chinese State-Sponsored Group “Salt Typhoon” Targeting U.S. Telecom Networks – Cisco has revealed the methods used by Salt Typhoon, a Chinese state-sponsored group, to infiltrate U.S. telecom networks. Exploiting unpatched vulnerabilities from 2024, 2023, and even as far back as 2018, along with stolen credentials, the group moved stealthily through networks while evading detection. Instead of relying on traditional malware, they leveraged built-in networking features, highlighting the critical need for timely security updates. Organizations are urged to prioritize patch management to defend against these sophisticated threats. SecurityWeek
• BlackLock Ransomware Emerges as a Leading Ransomware-as-a-Service Threat in 2025 – BlackLock is gaining prominence as a highly active Ransomware-as-a-Service (RaaS) variant, targeting Windows, VMware ESXi, and Linux systems. The ransomware employs advanced techniques such as shadow copy deletion and privilege escalation to maximize its impact. Additionally, the group aggressively recruits affiliates on underground forums to expand its operations. Security experts recommend implementing strong defenses, including multi-factor authentication (MFA) and network segmentation, to mitigate the risks posed by this evolving threat. Help Net Security
• New XCSSET Malware Variant Targets macOS Users, Aiming to Steal Cryptocurrency and Sensitive Data – A newly discovered version of the XCSSET malware is targeting macOS users, focusing on stealing cryptocurrency and sensitive information. It spreads by infecting Xcode projects and utilizes advanced persistence and evasion techniques. This variant specifically seeks to extract data from digital wallets and applications like Notes. To minimize risk, users are strongly advised to download Xcode projects only from trusted sources. The Record
• Microsoft Unveils Majorana 1: A Breakthrough in Superconductor Chip Technology – Microsoft has introduced Majorana 1, a cutting-edge superconductor chip poised to transform quantum computing. Featuring a “Topological Core” architecture that leverages Majorana particles, the chip is designed to create error-resistant qubits, paving the way for scalable quantum systems capable of tackling complex computations. While this advancement marks significant progress, challenges remain in cooling infrastructure and system integration. Nextgov
• Chase Bank to Restrict Zelle Payments to Social Media Sellers to Combat Fraud – Beginning March 23, Chase Bank will delay, decline, or block Zelle payments linked to social media contacts as part of efforts to reduce fraud. This decision comes amid rising concerns over Zelle’s lack of purchase protection and follows a lawsuit alleging inadequate consumer safeguards. The move aims to enhance user security as online payment fraud continues to escalate. Bleeping Computer