ZeroFox Daily Intelligence Brief - June 12, 2025

ZeroFox Daily Intelligence Brief - June 12, 2025

ZeroFox Intelligence collects, curates, and analyzes information derived from open and proprietary sources. Here is today’s daily roundup to give you and your clients an advantage over the adversary.

Brief Highlights

• INTERPOL Shuts Down 20,000 IPs Linked to Infostealer Malware in Asia
• SmartAttack Exploits Smartwatch Microphones to Bypass Air-Gap Protections
• Cyberattack Confirmed at Erie Insurance in the U.S. Leading to Outages

INTERPOL Shuts Down 20,000 IPs Linked to Infostealer Malware in Asia

Source: https://www.interpol.int/News-and-Events/News/2025/20-000-malicious-IPs-and-domains-taken-down-in-INTERPOL-infostealer-crackdown

What we know: An INTERPOL operation known as “Operation Secure,” involving 26 countries in Asia, was successful in dismantling 20,000 IP addresses and domains linked to infostealer malware, which is often used to steal sensitive data such as passwords and credit card details.

Context: Law enforcement agencies of multiple countries seized 41 servers and over 100 GB of data, and arrested 32 suspects linked to cybercrime activities. Over 216,000 victims and potentially affected individuals have been notified.

Analyst note: Ongoing cybercrime activities originating from Asia and linked to the dismantled infrastructure are very likely to suffer operational delays, due to the additional cost of rebuilding cybercrime infrastructure and fear of more arrests.

SmartAttack Exploits Smartwatch Microphones to Bypass Air-Gap Protections

Source: https://www.bleepingcomputer.com/news/security/smartattack-uses-smartwatches-to-steal-data-from-air-gapped-systems/

What we know: A new attack method, SmartAttack, uses smartwatches to receive covert ultrasonic signals emitted by compromised air-gapped computers. Malware on the isolated system encodes sensitive data into inaudible transmissions via the built-in speaker.

Context: Air-gapped systems are used in high-security environments like military, government, and critical infrastructure to keep them isolated from external threats. These systems are considered secure due to their physical disconnection from networks.

Analyst note: Wearable devices like smartwatches can be covertly repurposed as espionage tools to receive sensitive data via inaudible ultrasonic signals near air-gapped systems. SmartAttack exploits built-in speakers and smartwatch microphones to break physical isolation, enabling stealthy extraction of keystrokes, credentials, and encryption keys—potentially leading to severe breaches, operational disruption, and unauthorized access to critical infrastructure.

Cyberattack Confirmed at Erie Insurance in the U.S. Leading to Outages

Source: https://www.erieinsurance.com/support-center/notice

What we know: U.S. property and casualty insurance company, Erie Insurance Group, has disclosed a cyberattack, which is leading to operational disruptions and website outages.

Context: Erie Insurance revealed that they detected unusual network activity on June 7, 2025. The company has warned customers that, during the outage, Erie Insurance will not be calling or sending emails to request payments. Policy holders have been complaining of difficulty logging in to the customer portal, making claims, and requesting paperwork.

Analyst note: A ransomware attack is likely to have affected the insurance company leading to data theft or encrypted files. Threat actors are likely to target customers using phishing and social engineering attacks to steal money, if customer data has been exposed.

DEEP AND DARK WEB INTELLIGENCE

Exploit user GoldenGoblins: Untested threat actor "GoldenGoblins" has auctioned a vulnerability discovered in an undisclosed e-commerce software-as-a-service (SaaS) platform on Exploit, allegedly giving access to data of online stores. The bid starts at USD 150,000, with an instant purchase price of USD 200,000. The vulnerability is unlikely to be legitimate or exploitable, as the description of the bug’s capability is vague and the threat actor has not disclosed a proof-of-concept (PoC).

VULNERABILITY AND EXPLOIT INTELLIGENCE

CVE-2025-5484 and CVE-2025-5485: Two security vulnerabilities have been identified in SinoTrack GPS devices that could enable attackers to control certain remote functions on connected vehicles and track their locations. By exploiting these vulnerabilities, an attacker could gain unauthorized access to device profiles via the device’s web management interface—enabling attackers to remotely track vehicle locations and, where supported, disable the fuel pump by cutting power.

Affected products: All versions of SinoTrack IOT PC Platform