ZeroFox Weekly Intelligence Brief – June 7, 2025

ZeroFox Weekly Intelligence Brief – June 7, 2025

ZeroFox’s Weekly Intelligence Briefing highlights the major developments and trends across the threat landscape, including digital, cyber, and physical threats. ZeroFox Intelligence is derived from a variety of sources, including—but not limited to—curated open-source accesses, vetted social media, proprietary data sources, and direct access to threat actors and groups through covert communication channels. Information relied upon to complete any report cannot always be independently verified. As such, ZeroFox applies rigorous analytic standards and tradecraft in accordance with best practices and includes caveat language and source citations to clearly identify the veracity of our Intelligence reporting and substantiate our assessments and recommendations. All sources used in this particular Intelligence product were identified prior to 6:00 AM (EDT) on June 5, 2025; per cyber hygiene best practices, caution is advised when clicking on any third-party links.

Read the Brief

View the full report here

International Law Enforcement Seizes AVCheck, Disrupting Malware Testing Service

What we know:

• An international law enforcement operation took down AVCheck, a service used by cybercriminals for testing malware against antivirus software.
• Investigators found evidence that AVCheck’s administrators were connected to crypting services such as Cryptor[.]biz and Crypt[.]guru, both of which help obfuscate malware to bypass detection.

Cybercriminals Defraud Hedera Hashgraph Wallet Users Through NFT Airdrops

What we know:

• The Federal Bureau of Investigation (FBI) has announced that cybercriminals are exploiting the nonfungible token (NFT) airdrop feature in non-custodial wallets to target Hedera Hashgraph users. These fake airdrops appear as free rewards but are designed to steal user data and cryptocurrency.

CISA and Partners Issue Updated Advisory on Play Ransomware

What we know:

• The Cybersecurity and Infrastructure Security Agency (CISA) and its partners have issued an updated advisory on Play ransomware (aka Playcrypt), highlighting new tactics, techniques, and procedures (TTPs) and updated indicators of compromise (IOCs) to enhance threat detection.