ZeroFox Daily Intelligence Brief - July 30, 2025

ZeroFox Daily Intelligence Brief - July 30, 2025

ZeroFox Intelligence collects, curates, and analyzes information derived from open and proprietary sources. Here is today’s daily roundup to give you and your clients an advantage over the adversary.

Brief Highlights

• U.S. Law Enforcement Seizes USD 2.4 Million from Chaos Ransomware Member
• FBI Warns of Rising Impersonation Scams
• Geopolitical Focus: Hawaii Braces for Tsunami

U.S. Law Enforcement Seizes USD 2.4 Million from Chaos Ransomware Member

Source: http://bleepingcomputer.com/news/security/fbi-seizes-24m-in-bitcoin-from-new-chaos-ransomware-operation/

What we know: The U.S. law enforcement seized approximately USD 2.4 million worth of cryptocurrency reportedly associated with a member, named “Hors,” of the Chaos ransomware group in April.

Context: Chaos ransomware is allegedly made up of former members of the Blacksuit ransomware group, whose domains were recently seized in Operation Checkmate. Meanwhile, ZeroFox has observed a drop of nearly 30 percent in ransomware and digital extortion (R&DE) during Q2 of 2025, compared to first quarter of the year.

Analyst note: The seizure of cryptocurrency is very likely to disrupt Chaos ransomware group’s funding and impact its operations for a short-period of time. Sustained law enforcement action against BlackSuit ransomware group is likely to impact associated groups like Chaos due to shared personnel and infrastructure, and vice versa.

FBI Warns of Rising Impersonation Scams

Source: https://www.fbi.gov/contact-us/field-offices/boston/news/fbi-warns-new-englanders-to-beware-of-law-enforcement-and-government-impersonation-scams

What we know: The FBI is warning of a surge in government impersonation phone scams across New England, the United States. Scammers spoof caller IDs and pose as law enforcement to extort money or steal personal information.

Context: Scammers threaten victims with arrest and seizures unless they pay through prepaid cards, wire transfers, or cryptocurrency. These scams can also occur through email, and include poor grammar and fake official imagery to appear legitimate.

Analyst note: Since scammers threaten victims with arrests and asset seizure, victims are likely to feel increased pressure to comply with their demands. Additionally, the personal information stolen during these scams will likely be sold on carding forums and dark web marketplaces, which could result in identity theft, financial fraud, and further scams.

Geopolitical Focus: Hawaii Braces for Tsunami

Source: https://edition.cnn.com/world/live-news/russia-japan-tsunami-earthquake-hnk-intl-07-30-25

• Evacuations across Oahu, including Honolulu, have been lifted, allowing residents to return. As of 10:39 p.m. HST, the tsunami warning for Hawaii was downgraded to an advisory, with officials saying the worst is over. The only remaining tsunami warning in the United States is for Northern California.
• Tsunami alerts are also in effect for the U.S. Pacific coast and multiple Pacific nations following an 8.8 magnitude earthquake near Russia’s remote eastern region. The National Oceanic and Atmospheric Administration has issued a tsunami threat for Papua New Guinea, the Solomon Islands, and Vanuatu.
• Tsunami waters spilled into a parking lot at Haleiwa Boat Harbor on Oahu’s North Shore, briefly reaching ankle height of 9:10 p.m. (local time) before receding after five minutes.
• The largest observed wave in the U.S. West Coast was at Arena Cove (1.6 ft), followed by Crescent City (1.5 ft), and Monterey (1.4 ft) in California. Advisories are in place for the rest of the California coast, the San Francisco Bay Area, Oregon, and Washington.
• Several flights to Hawaii from Los Angeles, San Francisco, Vancouver, and San Diego were forced to return mid-route late Tuesday. Hawaiian and Alaska Airlines have paused some departures, diverted flights en route, and are urging travelers to monitor flight updates.

DEEP AND DARK WEB INTELLIGENCE

National Guard activated for St. Paul cyberattack: The state of Minnesota activated the National Guard after a cyberattack disrupted the City of Saint Paul on July 25. While emergency services remain unaffected, online payments and several city services, including libraries and recreation centers, are unavailable. This could lead to delayed utility payments and slow administrative functions in the city.

VULNERABILITY AND EXPLOIT INTELLIGENCE

Apple security patches: Apple has released security patches for eight vulnerabilities affecting various products. The vulnerabilities include a logic issue in accessibility (CVE-2025-31229) that could result in the passcode being read aloud by VoiceOver and a denial-of-service issue (CVE-2025-43223) that could enable an attacker to modify restricted network settings. The vulnerabilities are likely to enable threat actors to steal sensitive information and install malware in unpatched devices.

Affected products: The affected products are included in this advisory.