Advisories

ZeroFox Weekly Intelligence Brief – August 9, 2025

|by Alpha Team

banner image

ZeroFox Weekly Intelligence Brief – August 9, 2025

ZeroFox’s Weekly Intelligence Briefing highlights the major developments and trends across the threat landscape, including digital, cyber, and physical threats. ZeroFox Intelligence is derived from a variety of sources, including—but not limited to—curated open-source accesses, vetted social media, proprietary data sources, and direct access to threat actors and groups through covert communication channels. Information relied upon to complete any report cannot always be independently verified. As such, ZeroFox applies rigorous analytic standards and tradecraft in accordance with best practices and includes caveat language and source citations to clearly identify the veracity of our Intelligence reporting and substantiate our assessments and recommendations. All sources used in this particular Intelligence product were identified prior to 6:00 AM (EDT) on August 7, 2025; per cyber hygiene best practices, caution is advised when clicking on any third-party links.

Read the Brief

View the full report here

Chinese Threat Actors in Billion-Dollar Card Theft

What we know:

  • A major Chinese cybercrime syndicate operation compromised up to 115 million U.S. payment cards between July 2023 and October 2024.
  • The group used smishing (SMS phishing), fake e-commerce sites, and phishing-as-a-service (PhaaS) platforms to steal card data, which was then tokenized for use in mobile wallets such as Apple Pay.
  • By bypassing multi-factor authentication and avoiding fraud alerts through strategic card limits per device, the operation has caused billions in losses and presents a new, harder-to-detect threat to the financial sector.

FinCEN Issues Notice on the Use of CVC Kiosks for Scam Payments and Other Illicit Activity

What we know:

  • The U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) has urged financial institutions to monitor and report illicit activity (including scams, cybercrimes, and drug trafficking) involving convertible virtual currency (CVC) kiosks.

New Malware Campaign Exploits Shortcut Files to Hijack Systems

What we know:

  • A deceptive malware campaign has been identified using malicious shortcut (.LNK) files on a popular desktop operating system to deliver the REMCOS remote access trojan.

Tags: tlp:green