Threat Briefing: March 14, 2025

Last year saw record-breaking fraud losses, according to the Federal Trade Commission (FTC). While ransomware is often viewed as a primary source of income for cyber threat actors, online fraud is also a major revenue stream—sometimes even surpassing ransomware profits.

This week, new details emerged about Volt Typhoon, a Chinese state-sponsored cyber group known for infiltrating U.S. critical infrastructure. The group reportedly maintained access to a U.S. utility company for approximately 300 days, underscoring how long cyber threat actors can operate undetected within a system.

In a positive development for cybersecurity, authorities arrested the administrator of a cryptocurrency exchange frequently used by cybercriminals while he was on vacation. This follows an earlier U.S. government action seizing the exchange’s domains.

• AI Agents: A New Tool for Cyber Threat Actors – AI agents are rapidly evolving from simply assisting attackers in generating phishing emails to actively carrying out tasks such as gathering sensitive information and drafting malicious scripts. Symantec researchers have shown how OpenAI’s Operator can be manipulated to execute targeted attacks with minimal input, demonstrating the potential for AI-driven automation of complex cyber operations. As this technology advances, the cyber threat landscape continues to expand, highlighting the urgent need for new defense strategies. Symantec
• Fired Developer Sabotages Former Employer’s Systems – Texas developer Davis Lu was convicted of deploying malicious code to cripple his former employer’s systems after a corporate realignment restricted his access. His attacks included infinite loops, data deletion, and a ‘kill switch’ that blocked logins, resulting in severe operational disruptions and financial losses. Evidence showed he extensively researched methods to conceal his actions and escalate privileges, indicating a calculated attack. Lu now faces up to 10 years in prison for intentionally damaging computer systems. SecurityWeek
• Fraud Losses Surge to $12.5 Billion in 2024 – New FTC data shows a dramatic rise in reported fraud losses, reaching $12.5 billion in 2024—a 31% increase from the previous year. Investment scams led the losses, followed by imposter scams and online shopping fraud. The report underscores growing digital vulnerabilities and the urgent need for stronger consumer protections. FTC.gov
• Volt Typhoon Hackers’ Prolonged Infiltration – Chinese hackers associated with the Volt Typhoon campaign spent ten months inside a Massachusetts utility’s systems, exploiting VPN vulnerabilities to gather sensitive data on energy grid operations. Their presence was uncovered by an FBI alert in late 2023. While mitigation efforts are underway, concerns remain about the potential for destructive cyberattacks amid rising U.S.-China tensions. The Record
• Administrator of Sanctioned Crypto Exchange Garantex Arrested on Vacation – Indian authorities arrested Aleksej Besciokov, co-founder of the Russian cryptocurrency exchange Garantex, while he was vacationing in Varkala. He faces U.S. charges for money laundering and operating an unlicensed money-transmitting business, with a potential sentence of up to 45 years in prison. U.S. officials also seized Garantex’s domains and $26 million in assets, underscoring the platform’s role in laundering funds tied to cybercrime, ransomware, and sanctions evasion. BleepingComputer