ZeroFox Daily Intelligence Brief - September 11, 2025
|by Alpha Team
ZeroFox Daily Intelligence Brief - September 11, 2025
ZeroFox Intelligence collects, curates, and analyzes information derived from open and proprietary sources. Here is today’s daily roundup to give you and your clients an advantage over the adversary.
Brief Highlights
- Spy Radios Discovered in Inverters and Battery Systems
- MacOS Malware ChillyHell Evaded Detection Since 2021
- Chinese APT Targets Philippines-Based Military Company
Spy Radios Discovered in Inverters and Battery Systems
What we know: Undocumented cellular radios have reportedly been discovered in Chinese-manufactured inverters and battery systems powering solar-based highway infrastructure.
Context: The power inverters and battery management systems (BMS) are reportedly deployed across highway infrastructure, such as electric vehicle (EV) chargers, traffic cameras, weather stations, roadside signs, and warehouses.
Analyst note: Hidden radios could enable threat actors to remotely tamper with systems, cause large-scale infrastructure outages, steal data, sabotage roadside systems, and interfere with autonomous vehicle safety.
MacOS Malware ChillyHell Evaded Detection Since 2021
Source: https://www.theregister.com/2025/09/10/chillyhell_modular_macos_malware/
What we know: Modular macOS backdoor, known as ChillyHell, has reportedly been evading detection and infecting Intel processors in Macs since at least 2021. Despite being flagged as malware in 2023, it had passed Apple’s notarization process.
Context: Apple has revoked ChillyHell’s developer certificates after discovering it on a malware scanning platform in May 2025. In 2023, ChillyHell was linked to a cyber espionage group targeting a Ukrainian website used by government officials.
Analyst note: Critical infrastructure entities using Intel Macs are likely to have been impacted by the malware. Compromised systems are likely at risk of unauthorized access and credential attacks.
Chinese APT Targets Philippines-Based Military Company
Source: https://thehackernews.com/2025/09/chinese-apt-deploys-eggstreme-fileless.html
What we know: A Chinese advanced persistent threat (APT) has reportedly compromised a Philippines-based military company using EggStreme, a fileless malware framework designed for data exfiltration and espionage.
Context: The campaign, active since early 2024, has leveraged dynamic link library (DLL) sideloading to evade detection, memory injection, and multi-stage loaders to establish persistence.
Analyst note: Access to sensitive defense data, including operational plans, communications, and technology, could supplement China’s understanding of Philippine military capabilities. Such intelligence could help in regional military strategies, especially in contested areas of the South China Sea.
DEEP AND DARK WEB INTELLIGENCE
DDoS defender targeted: An unnamed distributed denial-of-service (DDoS) mitigation service provider in Europe was reportedly hit with a 1.5 Bpps of DDoS attack. The malicious traffic was launched from hijacked customer-premises equipment (CPE) across more than 11,000 unique networks worldwide. DDoS attacks targeting defender services are very likely intended to cause service outages.
VULNERABILITY AND EXPLOIT INTELLIGENCE
CVE-2025-54236: Adobe has patched an improper input validation vulnerability in its Commerce and Magento Open Source platforms. If successfully exploited, the vulnerability can enable attackers to take over customer accounts. E-commerce entities using the affected Adobe platforms are likely to be affected by the flaw. Compromised entities likely risk losing control of online storefronts and sensitive data.
Affected products: The affected products are listed in this advisory.
Tags: DIB, tlp:green