ZeroFox Weekly Intelligence Brief – September 13, 2025

ZeroFox Weekly Intelligence Brief – September 13, 2025

ZeroFox’s Weekly Intelligence Briefing highlights the major developments and trends across the threat landscape, including digital, cyber, and physical threats. ZeroFox Intelligence is derived from a variety of sources, including—but not limited to—curated open-source accesses, vetted social media, proprietary data sources, and direct access to threat actors and groups through covert communication channels. Information relied upon to complete any report cannot always be independently verified. As such, ZeroFox applies rigorous analytic standards and tradecraft in accordance with best practices and includes caveat language and source citations to clearly identify the veracity of our Intelligence reporting and substantiate our assessments and recommendations. All sources used in this particular Intelligence product were identified prior to 6:00 AM (EDT) on September 11, 2025; per cyber hygiene best practices, caution is advised when clicking on any third-party links.

Read the Brief

View the full report here

U.S. Treasury Sanctions Southeast Asian Cyber Scam Networks

What we know:

• The Department of the Treasury’s Office of Foreign Assets Control (OFAC) has sanctioned a large network of scam centers across Southeast Asia that steal billions of dollars from Americans using forced labor and violence.
• The sanction targets centers in Shwe Kokko, Myanmar—a notorious hub for virtual currency investment scams under the protection of the OFAC-designated Karen National Army (KNA)—and 10 centers based in Cambodia.
• Many of the targeted centers in Cambodia were built as casinos by Chinese criminal actors, but became hubs for virtual currency investment scams when that activity proved more profitable.
• Additionally, the Department of Justice sentenced an individual to 51 months in federal prison for laundering over USD 36.9 million from U.S. victims in a Cambodia-based digital asset investment scam.

Supply Chain Attack Targets Popular Npm Packages with 2.6 Billion Downloads

What we know:

• Npm packages with more than 2.6 billion weekly downloads have been compromised in a supply chain attack.
• Threat actors have injected the packages with malware, following a phishing attack targeting the package maintainer’s account.

Spy Radios Discovered in Inverters and Battery Systems

What we know:

• Undocumented cellular radios have reportedly been discovered in Chinese-manufactured inverters and battery systems powering solar-based highway infrastructure.