Threat Briefing: March 7, 2025

We often associate cyber threat actors with modern attack methods, leveraging computers, phones, applications, and websites to carry out scams or breaches. However, some tactics take a more old-fashioned approach. In a recent case, one cyber threat actor group resorted to physical letters as their latest attack vector. More details follow below.

Moreover, cyberattacks targeting an organization’s third parties can be just as damaging as direct attacks. A ransomware incident affecting a financial firm led to the exposure of data from multiple schools and universities.

• Cyber Threat Actors Adopt Traditional Tactics to Target Victims – Cybercriminals claiming affiliation with the BianLian ransomware group have escalated their tactics beyond digital threats, now leveraging physical mail to send extortion letters. These letters pressure victims into paying ransoms, blending online and offline intimidation. In response, the FBI and CISA have issued warnings urging businesses to remain alert. This shift highlights a troubling evolution in ransomware strategies, proving that threat actors will exploit any means necessary to coerce their targets. The Record
• Silk Typhoon’s Silent Infiltration of the IT Supply Chain – The China-linked threat actor is targeting the IT supply chain with stealthy, sophisticated tactics designed to infiltrate and compromise networks. Microsoft warns that these attackers are employing a patient, calculated approach, embedding themselves deep within organizations and posing long-term security risks. This evolving threat highlights the increasing dangers of state-sponsored cyber operations and underscores the urgent need for stronger supply chain defenses. Microsoft Security Blog
• One Million Devices Trapped in an Infostealer Surge – Microsoft has uncovered a large-scale cyber campaign that has infected over one million devices with infostealing malware. This malicious software is rapidly harvesting sensitive user data, while attackers employ increasingly sophisticated methods to expand its reach. The sheer scale of this operation underscores how easily everyday internet users can fall victim to cybercrime, emphasizing the critical need for robust security measures. SecurityWeek
• North Korean Hackers Unleash Qilin Ransomware in Global Attacks – Microsoft has uncovered a new cyber threat from North Korea, where hackers are deploying Qilin ransomware to target organizations worldwide. Departing from their typical espionage-focused operations, these attackers are now prioritizing financial gain—encrypting critical data and demanding ransom payments. This shift marks a concerning evolution in North Korean cyber strategy, combining financial extortion with their established cyber warfare tactics. BleepingComputer
• Ransomware Attack on Financial Firm Compromises School Data – A ransomware attack on a retirement services firm has triggered a ripple effect, exposing student and staff records from multiple schools. As educational institutions scramble to address the breach, this incident underscores the far-reaching impact of cyberattacks on third-party vendors—demonstrating that even organizations not directly targeted can suffer serious consequences. SecurityWeek