zerofox logo
Advisories

ZeroFox Daily Intelligence Brief - March 3, 2026

|by Alpha Team

banner image

ZeroFox Daily Intelligence Brief - March 3, 2026

ZeroFox Intelligence collects, curates, and analyzes information derived from open and proprietary sources. Here is today’s daily roundup to give you and your clients an advantage over the adversary.

Brief Highlights

  • Iran SITREP: U.S. Embassy in Riyadh Attacked, Shipping Threats Surge Freight Costs
  • North Korea Associated Threat Group Targets Air-Gapped South Korean Systems
  • Pakistani News Channels Hit by Transmission Hijack; Retaliatory Attacks Target Indian Media

Iran SITREP: U.S. Embassy in Riyadh Attacked, Shipping Threats Surge Freight Costs

Source: https://www.zerofox.com/advisories/38669/

  • U.S. President Donald Trump reportedly said that the Iran conflict could continue for “four weeks or less.” Meanwhile, the U.S. embassy in Riyadh was attacked by two drones, according to Saudi Arabia’s Ministry of Defense.
  • Following the death of Iran’s Supreme Leader Ayatollah Khamanei, ZeroFox assesses that Khamenei’s successor is unlikely to countenance concessions that imperil the government. Any concessions risk being upended by Khamenei's eventual long-term successor. If the Iranian government perceives it is in an existential battle, it will likely revert to asymmetric targeting designed to ensure the survival of the government.
  • The Israeli military has struck the Lebanese capital, Beirut, targeting Hezbollah’s command centers. Qatar’s Ministry of Defense said it has intercepted a number of Iranian projectiles, including 101 ballistic missiles, so far.
  • An Iranian official has reportedly warned vessels to avoid transiting the Strait of Hormuz, threatening them with serious response. Prominent maritime insurers have reportedly cancelled war risk cover for vessels operating in the Gulf. Vessels have been forced to reroute, resulting in an increase in freight costs and at least three vessels have been damaged so far in the conflict.
  • Over 1,100 ships operating across the Gulf region have reportedly been targeted in GPS jamming attacks or had their automatic identification system (AIS) communications technology disrupted.
  • The UK's National Cyber Security Centre has warned organizations with presence or supply chains in the Middle East, of heightened risk of indirect cyber threat by Iran-linked actors.

North Korea Associated Threat Group Targets Air-Gapped South Korean Systems

Source: https://www.securityweek.com/north-korean-apt-targets-air-gapped-systems-in-recent-campaign/

What we know: North Korea-linked APT37 has been observed targeting South Korea, mostly, in data theft and surveillance campaigns. The group deployed multiple malicious tools targeting air-gapped systems, including payloads that involved an Arabic decoy document referencing the Palestine–Israel conflict.

Context: APT37 bypasses air gaps by weaponizing USB drives, using social engineering, other removable media devices abuse, memory-resident execution, and cloud-based command and control to introduce malware and steal data across isolated systems.

Analyst note: The use of an Arabic-language Palestine–Israel decoy likely suggests tailored social engineering aligned with the victim’s professional or geopolitical stance, indicating pre-operational reconnaissance and carefully profiled targeting rather than opportunistic phishing.

Pakistani News Channels Hit by Transmission Hijack; Retaliatory Attacks Target Indian Media

Source: https://hackread.com/pakistan-news-channels-hacked-anti-military-messages/

What we know: Several major Pakistani television channels have experienced a significant broadcast disruption after unknown actors of unconfirmed allegiance allegedly hijacked satellite transmissions. Following the incident, threat group Pakistan Cyber Force allegedly carried out retaliatory cyber activity, targeting major Indian broadcaster ABP News, defacing a website, and launching DDoS attacks.

Context: The breach occurred during peak Ramadan viewing hours when hackers allegedly interfered with transmissions carried via PAKSAT satellite, displaying unauthorized on-screen messages criticizing the Pakistan Armed Forces and urging opposition to the military.

Analyst note: The politically charged hijacked messages indicate an influence-driven operation aligning with broader regional conflicts. Given Pakistan's long-standing conflict with India and, recently, Afghanistan, the incident likely involves nationalist hacktivist collectives, proxy actors, and false-flag efforts aimed at intimidation or provoking escalation against factions belonging to these countries.

DEEP AND DARK WEB INTELLIGENCE

RehubCom user cortana9000: Threat actor "cortana9000" has advertised a web shell and SSH access with root rights to an unnamed U.S.-based telecommunications company, on predominantly Russian-language dark web forum RehubCom. The threat actor is asking USD 15,000 for the access. The offer is likely to be fraudulent, given the vague description and unknown reputation of the threat actor.

VULNERABILITY AND EXPLOIT INTELLIGENCE

CVE-2026-0628: This is an already-patched insufficient policy enforcement vulnerability in Google Chrome’s WebView tag. Successful exploitation of the flaw enables attackers to escalate privileges and access local files on the system. Threat actors are likely to exploit the flaw to steal browser-stored credentials and sensitive documents.

Affected products: Google Chrome up to and excluding 143.0.7499.192

Tags: DIBtlp:green