ZeroFox Weekly Intelligence Brief – August 30, 2025

ZeroFox Weekly Intelligence Brief – August 30, 2025

ZeroFox’s Weekly Intelligence Briefing highlights the major developments and trends across the threat landscape, including digital, cyber, and physical threats. ZeroFox Intelligence is derived from a variety of sources, including—but not limited to—curated open-source accesses, vetted social media, proprietary data sources, and direct access to threat actors and groups through covert communication channels. Information relied upon to complete any report cannot always be independently verified. As such, ZeroFox applies rigorous analytic standards and tradecraft in accordance with best practices and includes caveat language and source citations to clearly identify the veracity of our Intelligence reporting and substantiate our assessments and recommendations. All sources used in this particular Intelligence product were identified prior to 6:00 AM (EDT) on August 28, 2025; per cyber hygiene best practices, caution is advised when clicking on any third-party links.

Read the Brief

View the full report here

CISA Publishes Advisory on China-Linked Cyber Threats

What we know:

• The Cybersecurity and Infrastructure Security Agency (CISA) has published an advisory on China-linked advanced persistent threat (APT) actors targeting global networks, including telecom, government, military, transportation, and lodging sectors.
• These actors have been observed exploiting compromised routers, virtual private server (VPS) infrastructure, and edge devices to pivot through trusted connections, modify routing, and mirror traffic, enabling persistent access into telecom and internet service providers (ISP) networks.
• CISA expects these actors to keep adapting tactics, techniques, and procedures (TTPs) and expand to other devices as new vulnerabilities emerge.

Hacktivist Group Claims DDoS Attack on ICJ’s Website

What we know:

• Hacktivist group “Keymous+” has claimed to have targeted the official website of the International Court of Justice (ICJ) in a distributed denial-of-service (DDoS) attack.

1,200 Arrested in Africa Cybercrime Sweep

What we know:

• Operation Serengeti 2.0, a joint law enforcement campaign between African countries and the United Kingdom, led to arrests of more than 1,200 cybercriminals who targeted nearly 88,000 victims.
• The campaign dismantled over 11,000 malicious infrastructures and recovered USD 97.4 million from ransomware, scams, and business email compromise (BEC) schemes.