Threat Intel Update
Over the past few years, cyber threat actors have repeatedly breached systems to gain access to the email accounts of government officials. While applications often hold valuable data like customer information or intellectual property, inboxes can be equally rich targets, containing sensitive communications and insights.
A recently disclosed breach at a U.S. government agency underscores the high value attackers place on email access. Meanwhile, law enforcement efforts continue to make headway as several individuals allegedly tied to the SmokeLoader malware have been arrested. In a separate case, a member of the Scattered Spider cybercrime group—known for ransomware attacks and cryptocurrency theft—pled guilty and agreed to pay millions in restitution.
Cybersecurity News
- Cyber Threat Actors Breach Email System of U.S. Office of the Comptroller of the Currency (OCC) – A breach discovered on January 16 revealed that cyber threat actors had gained unauthorized access to email accounts belonging to senior officials at the OCC, with activity stretching from April 2023 to January 2024. While the OCC maintains that no critical systems were affected, the compromised inboxes may have included sensitive communications related to financial oversight. The breach was officially discovered in February 2025. Following the discovery, the OCC partnered with CISA and brought in a cybersecurity firm to support the investigation. This marks the second cyber incident targeting the Department of the Treasury in the past year. In December 2024, attackers also compromised the computers of several senior Treasury officials. The Record
- Scattered Spider Hacker Pleads Guilty – Noah Urban, a 20-year-old from Florida tied to the Scattered Spider cybercrime group, has pled guilty after a string of high-profile digital heists. Known online as “Sosa” and “Elijah,” Urban used SIM swapping, phishing, and other social engineering tricks to break into companies and steal millions in cryptocurrency. His guilty plea wraps up months of back-and-forth in court and comes with a $13 million restitution price tag. Authorities say Urban played a major role in one of the most aggressive hacking crews to target U.S. companies in recent years. SecurityWeek
- Microsoft Zero-Day Exploited in Ransomware Attacks – A recently discovered zero-day vulnerability in Microsoft systems—tracked as CVE-2024-21412—has been actively exploited in a string of ransomware attacks. Hackers used a malware variant known as “PipeMagic” to breach systems before launching ransomware, which has been linked to the RansomEXX family based on the ransom note. Microsoft is tracking the threat actors behind the attacks under the name Storm-2460. So far, victims include a U.S. real estate company, a software firm in Spain, and a financial institution in Venezuela. The Record
- Operation Endgame Continues as Europol Arrests SmokeLoader Clients – Europol arrested five individuals suspected of using SmokeLoader—a popular malware loader-for-hire. The arrests came after authorities seized a database with details on SmokeLoader customers, prompting interviews with the suspects. Some of the individuals were also accused of reselling the services they purchased. Operation Endgame is a coordinated effort by Europol that has already disrupted several malware loaders, including TrickBot, IcedID, and Bumblebee. The Hacker News
- Malicious Python Packages on PyPI Downloaded Over 39,000 Times – Security researchers have uncovered three malicious Python packages on PyPI that were downloaded more than 39,000 times. Two of them—bitcoinlib-dbfix and bitcoinlibl—were impersonating popular libraries, claiming to fix issues in legitimate packages. The third, disgrasya, was designed to validate stolen credit card information and has been used to target websites running WooCommerce and CyberSource. The Hacker News
Sign Up
To receive Threat Briefings by email.
