zerofox logo
Advisories

ZeroFox Weekly Intelligence Brief – February 28, 2026

|by Alpha Team

banner image

ZeroFox Weekly Intelligence Brief – February 28, 2026

ZeroFox’s Weekly Intelligence Briefing highlights the major developments and trends across the threat landscape, including digital, cyber, and physical threats. ZeroFox Intelligence is derived from a variety of sources, including—but not limited to—curated open-source accesses, vetted social media, proprietary data sources, and direct access to threat actors and groups through covert communication channels. Information relied upon to complete any report cannot always be independently verified. As such, ZeroFox applies rigorous analytic standards and tradecraft in accordance with best practices and includes caveat language and source citations to clearly identify the veracity of our Intelligence reporting and substantiate our assessments and recommendations. All sources used in this particular Intelligence product were identified prior to 6:00 AM (EST) on February 26, 2026; per cyber hygiene best practices, caution is advised when clicking on any third-party links.

Read the Brief

View the full report here

U.S. Sanctions Russian Zero-Day Broker Operation Zero

What we know:

  • The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) has sanctioned Russian company Matrix LLC (operating as Operation Zero) for stealing and selling at least eight proprietary cyber tools created exclusively for use by the U.S. government and its allies.
  • OFAC has also sanctioned entities that include United Arab Emirates (UAE) firm Special Technology Services LLC FZ (STS), offensive cybersecurity company Advance Security Solutions, a suspected member of the Trickbot cybercrime gang, and other associated individuals and entities.
  • Operation Zero claims the Russian government among its clients.

Anthropic Catches Chinese Companies Copying Claude’s Capabilities

What we know:

  • Anthropic has accused China-linked companies DeepSeek, Moonshot AI, and MiniMax of using 24,000 fake accounts and 16 million queries to extract from its AI chatbot Claude’s capabilities, through large-scale illicit distillation methods.

Russia-Linked Actor Breaches Over 600 Fortinet Firewalls Without Zero-Days

What we know:

  • A Russia-linked threat actor has reportedly breached over 600 Fortinet FortiGate firewalls across 55 countries in five weeks by brute-forcing exposed management interfaces without MFA, and not using zero-days.
  • The actor is assessed to have low to moderate skillsets and was observed attempting multiple CVE exploits, but abandoned hardened systems in favor of easier targets.

Tags: tlp:green