Advisories

ZeroFox Weekly Intelligence Brief – July 12, 2025

|by Alpha Team

banner image

ZeroFox Weekly Intelligence Brief – July 12, 2025

ZeroFox’s Weekly Intelligence Briefing highlights the major developments and trends across the threat landscape, including digital, cyber, and physical threats. ZeroFox Intelligence is derived from a variety of sources, including—but not limited to—curated open-source accesses, vetted social media, proprietary data sources, and direct access to threat actors and groups through covert communication channels. Information relied upon to complete any report cannot always be independently verified. As such, ZeroFox applies rigorous analytic standards and tradecraft in accordance with best practices and includes caveat language and source citations to clearly identify the veracity of our Intelligence reporting and substantiate our assessments and recommendations. All sources used in this particular Intelligence product were identified prior to 6:00 AM (EDT) on July 10, 2025; per cyber hygiene best practices, caution is advised when clicking on any third-party links.

Read the Brief

View the full report here

China-Backed Silk Typhoon Hacker Arrested

What we know:

  • An individual allegedly linked to Silk Typhoon, a China-backed hacking group, was arrested in Italy on July 3 and is awaiting extradition to the United States.
  • The hacker was arrested in Italy at the behest of the United States, and several documents and devices were seized.
  • The person is accused of being involved in computer intrusions between February 2020 and June 2021, including the HAFNIUM campaign, and stealing groundbreaking COVID-19 research.

Global Scam Impersonates News Sites

What we know:

  • An ongoing global scam campaign has been using fake news websites disguised as trusted media brands to lure potential online investors into fraudulent investment platforms.

U.S. Sanctions North Korea-Linked Hacker in IT Worker Scam

What we know:

  • The United States has sanctioned a member of the North Korean hacking group, Andariel (linked to Pyongyang’s Reconnaissance General Bureau), for providing fake and stolen identities to facilitate the IT worker scam targeting U.S. companies.

Tags: tlp:green