ZeroFox Weekly Intelligence Brief – July 26, 2025
|by Alpha Team
ZeroFox Weekly Intelligence Brief – July 26, 2025
ZeroFox’s Weekly Intelligence Briefing highlights the major developments and trends across the threat landscape, including digital, cyber, and physical threats. ZeroFox Intelligence is derived from a variety of sources, including—but not limited to—curated open-source accesses, vetted social media, proprietary data sources, and direct access to threat actors and groups through covert communication channels. Information relied upon to complete any report cannot always be independently verified. As such, ZeroFox applies rigorous analytic standards and tradecraft in accordance with best practices and includes caveat language and source citations to clearly identify the veracity of our Intelligence reporting and substantiate our assessments and recommendations. All sources used in this particular Intelligence product were identified prior to 6:00 AM (EDT) on July 24, 2025; per cyber hygiene best practices, caution is advised when clicking on any third-party links.
Read the Brief
View the full report here
Key Figure Behind Major Russian-Speaking Cybercrime Forum Arrested in Ukraine
What we know:
- On July 22, 2025, the suspected administrator of the Russian-language cybercrime forum xss[.]is was arrested in Kyiv in a joint operation by Europol and French and Ukrainian authorities.
- The forum’s clearnet domain was seized and now displays an official law enforcement notice.
- A backup clearnet domain (xss[.]as) is currently inactive. However, the forum remains operational via its .onion (Tor) domain.
- On July 24, an alleged admin, “#root,” claimed the main server was not affected and that efforts were underway to restore the infrastructure.
- Two newly observed domains (theazot[.]icu and theazot[.]xyz) registered in Malaysia appear to redirect users to xss.
Joint Advisory Issued on Interlock Ransomware
What we know:
- The Cybersecurity and Infrastructure Security Agency (CISA) and other organizations have issued a joint Cybersecurity Advisory, warning organizations about Interlock ransomware, which targets popular operating systems and uses double extortion tactics after breaching networks.
Russia-Linked LAMEHUG Malware Using AI-Generated Commands for Attacks
What we know:
- Ukraine’s national cyber incident response team (CERT-UA) has warned about a new Russia-linked malware family called “LAMEHUG,” which uses AI-generated computer commands, aimed at system reconnaissance and data exfiltration.
Tags: tlp:green