ZeroFox Daily Intelligence Brief - June 10, 2025

ZeroFox Daily Intelligence Brief - June 10, 2025

ZeroFox Intelligence collects, curates, and analyzes information derived from open and proprietary sources. Here is today’s daily roundup to give you and your clients an advantage over the adversary.

Brief Highlights

• Major U.S. Grocery Distributor UNFI Shuts Down Systems Following Cyberattack
• Over 70 Organizations Targeted in China-Linked Global Cyberattack Campaign
• Sensata Technologies Warns of Data Breach Affecting Current and Former Employees

Major U.S. Grocery Distributor UNFI Shuts Down Systems Following Cyberattack

Source: https://techcrunch.com/2025/06/09/major-us-grocery-distributor-warns-of-disruption-after-cyberattack/

What we know: United Natural Foods (UNFI) has taken down some systems following a recent cyberattack discovered on June 5. The incident impacted customer order processing.

Context: UNFI is one of North America's largest publicly traded wholesale food distributors, serving over 30,000 locations. Its customers include supermarket chains, e-commerce platforms, natural product superstores, independent retailers, and food service providers.

Analyst note: A growing wave of ransomware attacks targeting the retail and grocery sectors has emerged—starting in the United Kingdom and now extending into the United States. The recent attack on UNFI will likely cause delays in order processing and delivery, inventory shortages, and financial losses. Given the pattern of recent incidents, similar attacks on supply chain infrastructure are very likely to follow.

Over 70 Organizations Targeted in China-Linked Global Cyberattack Campaign

Source: https://hackread.com/chinese-linked-hackers-targeted-global-organizations/

What we know: China-backed hackers are suspected to be behind a widespread campaign of cyberattacks targeting over 70 organizations globally, including a South Asian government entity, a European media organization, and other businesses in various sectors and supply chains.

Context: At least two separate clusters of activity were detected between July 2024 and March 2025, named PurpleHaze (also known as Vixen Panda) and ShadowPad. The tactics, techniques, and procedures (TTPs) of the hackers were linked to that of well-known Chinese cyber espionage groups such as UNC5174.

Analyst note: The nature of cyberattacks likely indicates an incessant long-term strategy to gain persistent access to critical infrastructure across a vast geographical region. Compromised entities are likely to be leveraged in a conflict scenario.

Sensata Technologies Warns of Data Breach Affecting Current and Former Employees

Source: https://www.bleepingcomputer.com/news/security/sensata-technologies-says-personal-data-stolen-by-ransomware-gang/

What we know: Global industrial tech company Sensata has informed an undisclosed number of current and former employees of a data breach affecting them, following a ransomware attack revealed in April 2025.

Context: The breached data reportedly includes personally identifiable information (PII) on the affected individuals including their Social Security number (SSN), government identity numbers, financial and medical information, and date of births. The cyberattack had impacted Sensata’s operations across shipping, manufacturing, and industries it serves.

Analyst note: Affected individuals are likely to be targeted in phishing, social engineering, and identity theft attacks by financially-motivated threat actors. Customer organizations are likely to be targeted using the exposed data, with an attacker potentially claiming to be a Sensata representative.

DEEP AND DARK WEB INTELLIGENCE

Paraguay President’s X account hacked: Paraguay’s government said President Santiago Pena’s X (formerly Twitter) account was likely hacked after a post falsely claimed Paraguay made Bitcoin legal tender and announced a USD 5 million Bitcoin-backed reserve fund. The government has urged citizens to ignore any posts from the account until official information is provided. This hack was likely aimed to manipulate financial markets by spreading false information about Bitcoin legalization and the creation of a large Bitcoin-backed reserve fund.

VULNERABILITY AND EXPLOIT INTELLIGENCE

Google recovery form vulnerability: Google has patched a vulnerability in a now-obsolete JavaScript-disabled version of username recovery form that risked exposure of private numbers of account users including anonymous users. The bug enabled attackers to brute-force any recovery phone number of a Google account using the associated profile name and a partial phone number.

Affected products: Google JavaScript-disabled version of username recovery form (now-deprecated)