ZeroFox Daily Intelligence Brief - July 7, 2025

ZeroFox Daily Intelligence Brief - July 7, 2025

ZeroFox Intelligence collects, curates, and analyzes information derived from open and proprietary sources. Here is today’s daily roundup to give you and your clients an advantage over the adversary.

Brief Highlights

• Ransomware Strikes Ingram Micro
• Louis Vuitton Korea Suffers Data Breach; Customer Data Compromised
• Geopolitical Focus: Israel Strikes Yemen, 81 Dead in Texas Floods, and Other Highlights

Ransomware Strikes Ingram Micro

Source: https://www.bleepingcomputer.com/news/security/ingram-micro-outage-caused-by-safepay-ransomware-attack/

What we know: SafePay, a ransomware group, has disrupted global IT provider Ingram Micro, forcing the company to shut down certain internal systems. The attack reportedly began via a compromised VPN, prompting an ongoing investigation and system recovery efforts.

Context: SafePay alleges, in its ransomware note, that it infiltrated the company’s network, encrypted key servers, and stole sensitive financial, IP, and customer data.

Analyst note: If the attackers decide to sell some of the company’s data on dark web forums, interested buyers could leverage financial records, intellectual property, and internal documents for further attacks. Such data could be exploited for business email compromise, credential stuffing, targeted fraud, and corporate espionage.

Louis Vuitton Korea Suffers Data Breach; Customer Data Compromised

Source: https://www.bloomberg.com/news/articles/2025-07-04/louis-vuitton-korea-suffers-cyberattack-as-customer-data-leaked

What we know: Louis Vuitton Korea suffered a cyberattack that exposed some customer information, although no financial data was compromised. The breach has reportedly been contained, and the company is investigating the attack.

Context: The brand said that an “unauthorized third party” accessed its systems on June 8, leading to the customer data breach.

Analyst note: If the stolen data is exploited, affected customers could face phishing attacks, identity theft, extortion, account takeover attempts, and unauthorized use of personal details in other fraudulent schemes.

Geopolitical Focus: Israel Strikes Yemen, 81 Dead in Texas Floods, and Other Highlights

• On early July 7, Israel military carried out airstrikes in Yemen, targeting Houthi-held ports and facilities. Houthi rebels responded with a missile attack targeting Israel. On the other hand, the Israel-Hamas ceasefire talks in Qatar on July 6 were reportedly inconclusive.
• At least 81 people have reportedly died in Texas flash floods, with bodies of 40 adults and 28 children recovered. The Federal Emergency Management Agency (FEMA) was activated on July 6, 2025, following U.S. President Donald Trump’s Major Disaster Declaration.
• The European Union is reportedly planning to stockpile emergency supplies of critical minerals and undersea cable repair kits, over concerns of conflict, hybrid and cyber threats, geopolitical shifts, and the impacts of climate change.

DEEP AND DARK WEB INTELLIGENCE

DarkForums user whiterose: An untested threat actor, named "whiterose," has advertised a database associated with the "Russian Military Unit 11387," on DarkForums. The database allegedly contains personally identifiable information (PII) on at least 7,947 personnel of the unit, including their military rank. If the data is legitimate, it is likely to be used for targeted recruitment for intelligence purposes or coercion.

VULNERABILITY AND EXPLOIT INTELLIGENCE

CVE-2025-32463: This is a privilege escalation in the Sudo command-line utility for Linux and Unix-like operating systems. The bug enables local users to gain root access from a user-controlled directory. Local attackers are likely to escalate their privileges to root in compromised systems.

Affected products: Sudo before 1.9.17p1