ZeroFox Weekly Intelligence Brief – June 21, 2025

ZeroFox Weekly Intelligence Brief – June 21, 2025

ZeroFox’s Weekly Intelligence Briefing highlights the major developments and trends across the threat landscape, including digital, cyber, and physical threats. ZeroFox Intelligence is derived from a variety of sources, including—but not limited to—curated open-source accesses, vetted social media, proprietary data sources, and direct access to threat actors and groups through covert communication channels. Information relied upon to complete any report cannot always be independently verified. As such, ZeroFox applies rigorous analytic standards and tradecraft in accordance with best practices and includes caveat language and source citations to clearly identify the veracity of our Intelligence reporting and substantiate our assessments and recommendations. All sources used in this particular Intelligence product were identified prior to 6:00 AM (EDT) on June 19, 2025; per cyber hygiene best practices, caution is advised when clicking on any third-party links.

Read the Brief

View the full report here

Iran’s Largest Crypto Exchange Nobitex Hit by Major Cyberattack

What we know:

• On June 18, 2025, pro-Israel hacktivist group “Predatory Sparrow” claimed responsibility for a cyberattack on Nobitex, Iran’s largest cryptocurrency exchange, reportedly stealing over USD 90 million in crypto assets.
• The group reportedly burned the crypto by sending it to vanity wallet addresses with embedded anti-Islamic Revolutionary Guard Corps (IRGC) messages.
• The group has also threatened to release source code and internal documents.
• As of this writing, the Nobitex website is down and displays a 504 Gateway Timeout error message.

“WormGPT” Variants Exploiting Popular AI Tools for Illegal Acts

What we know:

• New variants are keeping the cybercriminal AI generative tool WormGPT active—even after its shutdown in 2023—by reportedly exploiting existing large language model (LLM) tools, including Mistral AI’s Mixtral, to bypass built-in safety features.

Law Enforcement Takes Down Long-Standing Dark Web Market

What we know:

• European authorities have dismantled Archetyp Market, a major dark web marketplace. The platform’s infrastructure was taken offline, its administrator arrested, and assets worth EUR 7.8 million (approximately USD 9 million) seized.