Advisories

ZeroFox Weekly Intelligence Brief – January 31, 2026

|by Alpha Team

banner image

ZeroFox Weekly Intelligence Brief – January 31, 2026

ZeroFox’s Weekly Intelligence Briefing highlights the major developments and trends across the threat landscape, including digital, cyber, and physical threats. ZeroFox Intelligence is derived from a variety of sources, including—but not limited to—curated open-source accesses, vetted social media, proprietary data sources, and direct access to threat actors and groups through covert communication channels. Information relied upon to complete any report cannot always be independently verified. As such, ZeroFox applies rigorous analytic standards and tradecraft in accordance with best practices and includes caveat language and source citations to clearly identify the veracity of our Intelligence reporting and substantiate our assessments and recommendations. All sources used in this particular Intelligence product were identified prior to 6:00 AM (EST) on January 29, 2026; per cyber hygiene best practices, caution is advised when clicking on any third-party links.

Read the Brief

View the full report here

Long-Term Espionage Reportedly Targeting UK Govt Officials

What we know:

  • Chinese state-linked espionage group Salt Typhoon allegedly maintained long-term access to phones used by senior UK government aides, raising concerns that sensitive communications since at least 2021 have been exposed.
  • The suspected intrusion reportedly targeted phones used by senior aides to former UK prime ministers Boris Johnson, Liz Truss, and Rishi Sunak, though it remains unclear if the prime ministers’ own devices were compromised.
  • As of reporting, it is unconfirmed whether Salt Typhoon’s access to critical communication lines has been removed.

FBI Seizes Russian Dark Web Forum RAMP

What we know:

  • The Federal Bureau of Investigation (FBI) has seized popular Russian-language dark web forum Russian Anonymous Marketplace (RAMP), which was used by cybercriminals to advertise and promote various cybercrime services, including ransomware operations.

ShinyHunters Targeting Over 100 Organizations in SSO Credential Stealing Campaign

What we know:

  • Threat group ShinyHunters is reportedly targeting more than a hundred organizations in its ongoing single sign-on (SSO) credential stealing campaign.
  • Canva and Epic Games are among the organizations being allegedly targeted.

Tags: tlp:green