Threat Briefing: August 29, 2025

Cybercriminals are exploiting trusted platforms and AI to escalate attacks: Google Classroom was exploited to send 115,000 phishing emails, China’s Salt Typhoon group expanded from telecom into 200+ global targets, ransomware operations are accelerating through AI automation, and North Korean IT workers are still embedding themselves inside Western firms.

• Phishing in the Classroom: Google Classroom Exploited in 115,000-Email Scam Targeting 13,500 Organizations – Attackers abused the platform to send fake invitations posing as commercial offers, luring victims to WhatsApp and sidestepping traditional security defenses. Check Point Blog
• Salt Typhoon Hackers Expand Global Campaign, Cyber Agencies Warn – Chinese hacker group, Salt Typhoon, has widened its attacks to 80+ countries, hitting telecom, government, transport, and military sectors. U.S. and international agencies report intrusions at 200 American organizations, exposing advanced network infiltration tactics. CyberScoop
• Storm-0501 Hacks Entra ID to Steal and Wipe Azure Data – The group exploits cloud flaws to compromise admin accounts and launch multi-stage attacks, hitting enterprises across hybrid cloud environments. The Hacker News
• Anthropic Blocks AI-Driven Cyberattacks Automating Theft and Extortion – Attackers weaponized Claude AI against 17 organizations, using it to scan networks, steal credentials, and generate ransom demands of up to $500,000, highlighting the growing role of AI in advanced cybercrime. The Hacker News
• U.S. Sanctions Russian National and Chinese Firm Over North Korean IT Worker Schemes – Treasury targets entities enabling money laundering and fraud operations that embed North Korean workers in Western companies to steal data and funnel profits into the regime’s weapons programs. The Record from Recorded Future News