zerofox logo
Advisories

ZeroFox Weekly Intelligence Brief – March 14, 2026

|by Alpha Team

banner image

ZeroFox Weekly Intelligence Brief – March 14, 2026

ZeroFox’s Weekly Intelligence Briefing highlights the major developments and trends across the threat landscape, including digital, cyber, and physical threats. ZeroFox Intelligence is derived from a variety of sources, including—but not limited to—curated open-source accesses, vetted social media, proprietary data sources, and direct access to threat actors and groups through covert communication channels. Information relied upon to complete any report cannot always be independently verified. As such, ZeroFox applies rigorous analytic standards and tradecraft in accordance with best practices and includes caveat language and source citations to clearly identify the veracity of our Intelligence reporting and substantiate our assessments and recommendations. All sources used in this particular Intelligence product were identified prior to 6:00 AM (EDT) on March 12, 2026; per cyber hygiene best practices, caution is advised when clicking on any third-party links.

Read the Brief

View the full report here

High-Profile Signal and WhatsApp Accounts Targeted

What we know:

  • Dutch security and military services have revealed that Russian state-linked threat actors have taken over Signal and WhatsApp accounts belonging to some government officials, military personnel, and other high-profile targets.

Lazarus Group Uses Deepfaked Recruiter in Fake Interview

What we know:

  • North Korean threat group Lazarus Group targeted a security company’s CEO through a fake job interview arranged via a popular job portal.
  • They tried to trick the CEO into opening a malicious coding project in Visual Studio Code as part of a fake technical interview, with a recruiter impersonating a real person for the “interview.”

Poland Uncovers Minors Selling DDoS Tools

What we know:

  • Poland’s cyber police has identified seven minors who allegedly ran a scheme selling tools used to conduct distributed denial-of-service (DDoS) attacks.
  • The suspects sold tools that were reportedly used to target popular websites, including auction platforms, hosting services, IT domains, and accommodation booking sites.

Tags: tlp:green