Advisories

ZeroFox Weekly Intelligence Brief – August 23, 2025

|by Alpha Team

banner image

ZeroFox Weekly Intelligence Brief – August 23, 2025

ZeroFox’s Weekly Intelligence Briefing highlights the major developments and trends across the threat landscape, including digital, cyber, and physical threats. ZeroFox Intelligence is derived from a variety of sources, including—but not limited to—curated open-source accesses, vetted social media, proprietary data sources, and direct access to threat actors and groups through covert communication channels. Information relied upon to complete any report cannot always be independently verified. As such, ZeroFox applies rigorous analytic standards and tradecraft in accordance with best practices and includes caveat language and source citations to clearly identify the veracity of our Intelligence reporting and substantiate our assessments and recommendations. All sources used in this particular Intelligence product were identified prior to 6:00 AM (EDT) on August 21, 2025; per cyber hygiene best practices, caution is advised when clicking on any third-party links.

Read the Brief

View the full report here

Russian Government Cyber Actors Targeting Networking Devices and Critical Infrastructure

What we know:

  • The FBI is warning the public and private sectors and the international community that Russian government-linked threat actors are exploiting outdated Cisco Smart Install (CVE-2018-0171) and Simple Network Management Protocol (SNMP) vulnerabilities.
  • Actors linked to the Russian Federal Security Service (FSB) were observed exploiting the flaws to collect thousands of configuration files for networking devices within critical infrastructure sectors in the United States.
  • They were also observed modifying some devices to enable unauthorized access to target entities in the United States and globally.

Warlock Ransomware Claims to have Breached Colt Technology Services and Hitachi

What we know:

  • Warlock ransomware has claimed UK-based telecom provider Colt Technology Services and Japanese conglomerate Hitachi as its latest victims on its leak site. The ransomware operation is reportedly linked to China-based threat actor “Storm-2603” and has been active since March 2025.

Stolen PayPal Credentials for Sale on Dark Web Forum

What we know:

  • Threat actor "Chucky_BF" is allegedly selling a dataset containing more than 15 million PayPal logins on a cybercrime forum for USD 750.

Tags: tlp:green