Top news stories this week
- Crackdown. Russia-based LockBit hosting provider sanctioned as international law enforcement takes down 8Base.
- SIMply hacked. Hacker pleads guilty to SEC X account SIM swap attack.
- Malicious code. Researchers uncover harmful machine learning models on Hugging Face platform.
- Ghost busters. US citizen guilty of facilitating North Korean IT employment fraud scheme.
- Do better. Hong Kong regulators identify areas for cyber improvement.
- Patch now. Apple, Microsoft, and SonicWall patch critical vulnerabilities in February updates.
1. US, UK, and Australia sanction Russia-based LockBit hosting provider amid 8Base takedown
The US, UK, and Australia have imposed sanctions on Russia-based bulletproof hosting company Zserver and Russian nationals Alexander Igorevich Mishin and Aleksandr Sergeyevich for respectively providing infrastructure and operating the LockBit ransomware gang. Police in Amsterdam also seized 127 servers connected to Zserver following a raid.
Separately, an international operation by agencies including the US Department of Justice (DOJ) has taken down 27 servers linked to the ransomware group 8Base. Four Russian nationals, including 8Base operators Roman Berezhnoy and Egor Nikolaevich Glebov, who have since been charged by the DOJ, were arrested in Thailand as part of the operation.
So what?
Countries are increasingly targeting cybercriminals but the impact of these latest actions on the wider cyber ecosystem remains to be seen.
[Researcher: Waithera Junghae]
2. SEC hacker breached agency’s X account via SIM swap attack
Eric Johnson, a 25-year-old man from Alabama, has pleaded guilty to compromising the US Securities and Exchange Commission’s (SEC) X account last January via a SIM swap attack. During the compromise, Johnson took over the account and posted false information on cryptocurrency, causing the value of Bitcoin to fluctuate.
So what?
Organizations should enforce multi-factor authentication (MFA) and avoid using SMS-based authentication. Instead, they should opt for app-based authentication whenever possible to prevent SIM swap attacks.
[Researcher: Aditya Ganjam Mahesh]
3. Malicious machine learning models found on Hugging Face platform
Researchers uncovered malicious machine learning models containing hidden code designed to poison data, steal information and evade detection on a widely used machine learning and data science platform called Hugging Face. After being informed of the issue, Hugging Face removed the malicious models and updated their security tool to improve threat detection.
So what?
Organizations rushing to implement AI and machine learning models should ensure they originate from verified sources and undergo rigorous security due diligence.
[Researcher: Milda Petraityte]
4. US citizen pleads guilty to USD 17 million North Korean IT worker scheme
A US citizen has pleaded guilty to facilitating a fraudulent North Korean employment scheme that earned USD 17 million. Christina Marie Chapman assisted North Korean workers in obtaining stolen US identities and ran a laptop farm which created the illusion that the employees, who were hired at several Fortune 500 companies, were working from within the US.
SO WHAT?
Organizations that hire remote-only workers should thoroughly vet candidates as part of the recruitment process. This includes independent employment authorization, identity verification, and video interviews.
[Researcher: Jon Seland]
5. Hong Kong regulator cybersecurity compliance review highlights key areas for improvement
The Hong Kong Securities and Futures Commission (SFC) has published a thematic review of licensed corporations’ compliance with cybersecurity requirements, including the identification of gaps in areas such as phishing threats, end-of-life technology, remote access, cloud security, and third-party management. Notably, the SFC highlighted significant disruptions caused by challenges in managing third-party compromises.
So What?
Senior management should conduct regular cybersecurity reviews, update policies and procedures, and establish adequate contingency plans to ensure third-party providers are qualified.
[Researcher: Nor Liana Kamaruzzaman]
6. Microsoft, SonicWall, and Apple patch critical vulnerabilities in February updates
Microsoft’s February 2025 Patch Tuesday fixed 55 vulnerabilities, including four zero-days and two actively exploited vulnerabilities that allow hackers to delete files and gain system privileges. SonicWall also urged users to upgrade SonicOS firmware as security researchers at Bishop Fox have published complete exploitation details for the CVE-2024-53704, which allows attackers to hijack SSL VPN sessions without authentication.
Apple released emergency security updates to fix a zero-day vulnerability (CVE-2025-24200) exploited in highly sophisticated targeted attacks to bypass USB Restricted Mode on locked devices.
SO WHAT?
Users of the relevant Microsoft, SonicWall, and Apple products should update their software immediately and adhere to the vendor recommended guidelines.
[Researcher: Denisa Greconici]
-1-1.jpeg?width=121&height=121&name=MicrosoftTeams-image%20(11)-1-1.jpeg)
