Advisories

ZeroFox Weekly Intelligence Brief – October 4, 2025

|by Alpha Team

banner image

ZeroFox Weekly Intelligence Brief – October 4, 2025

ZeroFox’s Weekly Intelligence Briefing highlights the major developments and trends across the threat landscape, including digital, cyber, and physical threats. ZeroFox Intelligence is derived from a variety of sources, including—but not limited to—curated open-source accesses, vetted social media, proprietary data sources, and direct access to threat actors and groups through covert communication channels. Information relied upon to complete any report cannot always be independently verified. As such, ZeroFox applies rigorous analytic standards and tradecraft in accordance with best practices and includes caveat language and source citations to clearly identify the veracity of our Intelligence reporting and substantiate our assessments and recommendations. All sources used in this particular Intelligence product were identified prior to 6:00 AM (EDT) on October 2, 2025; per cyber hygiene best practices, caution is advised when clicking on any third-party links.

Read the Brief

View the full report here

FIN11 Suspected of Being Behind Emails Claiming Oracle E-Business Suite Data Theft

What we know:

  • Executives at multiple companies have reportedly received emails claiming their data from Oracle E-Business Suite systems was stolen.
  • The extortion emails were sent from a large number of compromised email accounts with at least one account associated with financially-motivated threat actor FIN11.
  • Associated email addresses have reportedly also appeared on Cl0p ransomware’s data leak site, suggesting a potential connection.

Fake North Korean IT Workers Expand Targeting Beyond Tech Sector

What we know:

  • Fake North Korean IT workers have been observed targeting companies beyond the tech sector in multiple different countries in order to funnel money back to Pyongyang.

Japan’s Brewer, Asahi, Suspends Operations Due to Cyberattack

What we know:

  • Japan’s major brewer, Asahi Group Holdings, has suspended its ordering and shipping operations due to a cyberattack.
  • Call center operations, including customer service desks, are also suspended.

Tags: tlp:green