ZeroFox Daily Intelligence Brief - February 4, 2026

ZeroFox Daily Intelligence Brief - February 4, 2026

ZeroFox Intelligence collects, curates, and analyzes information derived from open and proprietary sources. Here is today’s daily roundup to give you and your clients an advantage over the adversary.

Brief Highlights

• DDoS Attack Infrastructure Seized After Polish Cybercrime Arrest
• Fintech Firm “Step Finance” Loses USD 40 Million; Native STEP Token Crashes 90%
• FBI Warns of Romance Scams Ahead of Valentine’s Day

DDoS Attack Infrastructure Seized After Polish Cybercrime Arrest

Source: https://www.theregister.com/2026/02/03/polish_cops_ddos_arrest/

What we know: Polish cybercrime police has arrested an individual suspected of launching large-scale DDoS attacks against websites worldwide, including "strategically important services." Authorities seized their computer equipment and dismantled the infrastructure used to host and distribute DDoS tools.

Context: The suspect organized and carried out repeated DDoS attacks using C2 stresser and command-and-control infrastructure, causing service disruptions across multiple countries.

Analyst note: In this law enforcement action, if the C2 and stresser infrastructure was seized, it is likely to contain logs and configuration data that can expose the suspect’s operations. Authorities are likely to find crucial information about planned future attacks, attack history, methods, and potential collaborators or customers, enabling authorities to identify additional actors and related activity.

Fintech Firm “Step Finance” Loses USD 40 Million; Native STEP Token Crashes 90%

Source: https://www.bleepingcomputer.com/news/security/step-finance-says-compromised-execs-devices-led-to-40m-crypto-theft/

What we know: Step Finance, a decentralized finance (DeFi) platform and analytics tool, has reportedly lost USD 40 million worth of crypto assets after sophisticated threat actors compromised devices belonging to the company's team of executives.

Context: The attackers gained access to treasury wallets and critical authentication credentials during, enabling them to bypass multiple security layers. Additionally, the investigation revealed that the attackers moved funds across multiple blockchain networks to obscure the transaction trail.

Analyst Note: Drawing from similar incidents in the past, the attack vector highlights a shift from smart contract exploits that are hard to break to personnel targeting, using humans as weak links to trick.

FBI Warns of Romance Scams Ahead of Valentine’s Day

Source: https://www.fbi.gov/contact-us/field-offices/jacksonville/news/think-before-you-click-romance-scam-warning-from-fbi-jacksonville-ahead-of-valentines-day

What we know: The FBI is warning Americans of romance scams ahead of Valentine’s Day. Scammers often use fake profiles on dating sites and other social media platforms, including using gen AI, to establish romantic connections with their victims for extortion.

Context: The scammers coerce victims to wire them money citing travel expenses, medical emergencies, or secretive investment opportunities, while avoiding in-person meetings. According to the Internet Crime Complaint Center annual report, 2025 recorded an increase in confidence and romance fraud complaints nationwide compared with 2024.

Analyst note: FBI advises the public to avoid sharing sensitive personal information like social security numbers or financial account details, sending gift cards or cryptocurrency with strangers online, especially someone unknown in person. Scammers are also likely to manipulate targets with tragic stories to elicit compassion and assistance.

DEEP AND DARK WEB INTELLIGENCE

BreachForums user nxe: Well reputed threat actor “nxe” has advertised stolen data allegedly belonging to SEKISUI Aerospace, a U.S subsidiary of a Japan-based company. The actor claims to have exfiltrated approximately 70 GB of proprietary aerospace technical data. The actor claims that the dataset contains sensitive aerospace manufacturing information, including detailed engineering drawings, 3D CAD/STEP models, material specifications, and process documentation. If the actor’s claims are true, the data is likely to be sold to nation-state entities to accelerate domestic aerospace and defense production, while bypassing suppliers and export controls.

VULNERABILITY AND EXPLOIT INTELLIGENCE

CVE-2025-40551: SolarWinds Web Help Desk has patched a critical Remote Code Execution (RCE) vulnerability CVE-2025-40551 caused by an untrusted data deserialization flaw that enables unauthenticated attackers to execute arbitrary commands on unpatched devices, potentially leading to full system compromise.

Affected products: SolarWinds Web Help Desk versions prior to 2026.1.