ZeroFox Daily Intelligence Brief - March 11, 2026
|by Alpha Team
ZeroFox Daily Intelligence Brief - March 11, 2026
ZeroFox Intelligence collects, curates, and analyzes information derived from open and proprietary sources. Here is today’s daily roundup to give you and your clients an advantage over the adversary.
Brief Highlights
- Lazarus Uses Deepfaked Recruiter in Fake Interview; Gets Caught
- Poland Uncovers Minors Selling DDoS Tools
- Iran SITREP - U.S. Hits Minelaying Vessels, Chinese Hackers Target Energy Industry
Lazarus Uses Deepfaked Recruiter in Fake Interview; Gets Caught
Source: https://hackread.com/fake-linkedin-interview-lazarus-hackers-allsecure-ceo/
What we know: North Korean threat group Lazarus Group targeted a security company’s CEO through a fake job interview arranged via a popular job portal. They tried to trick the CEO into opening a malicious coding project in Visual Studio Code as part of a fake technical interview with a recruiter impersonating a real person for the “interview.”
Context: The CEO suspected a deepfake impersonation after noticing that the recruiter’s voice did not match the real individual’s voice in publicly available videos. Additionally, the project contained the group’s BeaverTail malware, but the CEO analyzed it in a sandbox, prompting the attackers to activate a kill switch and erase activity.
Analyst note: A CEO’s laptop typically contains privileged emails, credentials, and internal documents that are likely to enable further infiltration or intelligence gathering. Lazarus was likely trying to collect intelligence on security defenses and potentially gain access to networks monitored or protected by the CEO’s company, which can enable them to improve future cyber operations.
Poland Uncovers Minors Selling DDoS Tools
What we know: Poland’s cyber police has identified seven minors who allegedly ran a scheme selling tools used to conduct distributed denial-of-service (DDoS) attacks. The suspects sold the tools that were reportedly used to target popular websites, including auction platforms, hosting services, IT domains, and accommodation booking sites.
Context: During the searches, officers seized smartphones, laptops, storage drives, a ledger, and handwritten notes, along with tools and infrastructure allegedly used to launch DDoS attacks. Because the suspects are minors, the case will be handled by family courts to determine further action.
Analyst note: It is likely that the suspects sold these tools to buyers that wanted to disrupt websites to cause them operational harm and disrupt transactions. Seizing the infrastructure is likely to provide law enforcement information to identify affected businesses and uncover other cybercrimes that the DDoS attacks veiled.
Iran SITREP - U.S. Hits Minelaying Vessels, Chinese Hackers Target Energy Industry
- On March 10, 2026, U.S. Defense Secretary Pete Hegseth claimed Iran's missile launch capacity had been degraded by 90 percent so far. Israel confirmed strikes against three missile launchers in unspecified locations. With missile forces severely degraded, ZeroFox assesses that the combined force targeting by U.S. and Israeli militaries will very likely focus on Iran’s drone production in the coming days.
- Restoring security at Strait of Hormuz (SoH) has been one of the major goals as the war began. The U.S. Central Command said U.S. forces eliminated multiple Iranian naval vessels, including 16 minelayers near SoH. ZeroFox assesses that SoH will likely remain impassable in the coming days.
- Meanwhile, Iran has continued to target U.S. and oil assets in the Gulf region. Islamic Revolutionary Guard Corps (IRGC) claimed to have struck U.S. bases in Kuwait. An alleged Iranian drone also reportedly struck Baghdad Diplomatic Support Center in Iraq on March 10, 2026.
- Russia has drafted a short U.N. resolution urging all parties in the Iran war to end military activities. However, the draft does not name Iran, Israel, or the United States. The resolution is likely to be put to vote on March 11, 2026. Meanwhile, North Korea said it respects Iran’s election of its new Supreme Leader and condemned the United States and Israel for their alleged “illegal” attacks on Iran.
- In cyberspace, pro-Iranian hacktivist groups continue claiming attacks targeting government and private entities in the United States, Israel, and other Gulf countries, which is likely to be exaggerated. China-linked hackers are reportedly targeting Gulf’s energy industry and military targets with malware disguised as Middle East conflict news. Furthermore, the GPS attacks in the Middle East region are also impacting food delivery and navigation apps for residents in the Gulf Cooperation Council (GCC) countries.
DEEP AND DARK WEB INTELLIGENCE
Exploit user privisnanet: An untested threat actor named "privisnanet" has advertised AnyDesk access to five Point-of-Sale (POS) terminals of an undisclosed company based in New York on dark web forum Exploit. The starting bid for the access starts at USD 200, with an instant purchase price of USD 1,000. If the offer is legitimate, the access is likely to enable threat actors to remotely view and manipulate the victim entity’s financial transactions. This is likely to result in financial losses as well as the exposure of customers’ financial data.
VULNERABILITY AND EXPLOIT INTELLIGENCE
Microsoft patch Tuesday March 2026: Microsoft patched 84 vulnerabilities across its products for March 2026 patch Tuesday, including eight critical and two publicly known flaws. Among the patched vulnerabilities is CVE-2026-26144, a cross-site scripting flaw in Microsoft Excel that can enable a zero-click information disclosure attack via Copilot Agent. Successful exploitation of any of the flaws, individually or in a chain, is likely to lead to remote attacks resulting in data theft and corruption, disruptions to operations, and other consequences.
Affected products: The affected products are listed in this advisory.
Tags: DIB, tlp:green