Top news stories this week
- Exhausted. Worldwide outage at X due to DDoS attack by hacktivist group Dark Storm.
- Blurred lines. North Korean threat actor observed deploying Qilin encryptor.
- Compromised. 2,700 infected devices uncovered in Singapore during global cyber operation.
- Shutter shock. Vulnerability in security cameras allows illegitimate access.
- Inside job. Software developer uses custom malware to interfere with employer’s systems.
- Dodgy conversion. FBI warns free file converter tools lead to malware download.
1. X suffers worldwide outage due to DDoS attack by hacktivist group Dark Storm
The Dark Storm Team hacktivist group claimed responsibility for the large-scale distributed denial of service (DDoS) attack on X, the platform formerly known as Twitter, which caused multiple worldwide outages on the social media platform. Elon Musk initially blamed the DDoS attack on Ukraine due to the location of IP addresses associated with the attack, this position was criticized by security experts, and the hacktivist group denied any connection with the country.
So what?
Threat actors are able to easily launch large scale DDoS attacks against organizations leveraging botnets. Consider implementing DDoS protection to secure your organization from service outages.
[Researcher: Milda Petraityte]
2. North Korean threat actor deploying Qilin ransomware
According to Microsoft security researchers, a North Korea state-linked threat actor tracked as ‘Moonstone Sleet’ has been deploying Qilin ransomware since February 2025. Qilin is a prolific ransomware-as-a-service operation, in which the group, who are believed to be based in Russia, provides access to its encryption tooling to affiliates.
So what?
The links between Qilin and North Korean threat actors highlight the importance of conducing threat intelligence to understand the risk of sanctions exposure before considering any payment to ransomware operators.
[Researcher: Lena Krummeich]
3. 2,700 infected devices found in Singapore during global cyber operation
The Cyber Security Agency of Singapore (CSA) identified about 2,700 infected devices in Singapore during an international cyber operation against a global botnet. These devices, including baby monitors and internet routers, were compromised due to poor cyber hygiene practices. The operation aimed to disinfect these devices and prevent their use in cyber-attacks.
So what?
This operation underscores the urgent need for proactive cyber hygiene measures to protect devices from being compromised.
[Researcher: Nor Liana Kamaruzzaman]
4. Legacy security cameras exploited to gain remote access
Threat actors are exploiting a software flaw in legacy Edimax IC-7100 IP security cameras to gain remote access to vulnerable devices. The appliances are used for remote surveillance at homes and in offices. Compromised devices could be joined to botnets and used to launch DDoS attacks, proxy malicious traffic, or pivot to other devices on the same network.
SO WHAT?
Threat actors often exploit unsecured Internet of Things (IoT) devices to conduct cyber-attacks, including for ransomware deployment. It is vital to apply security updates and limit the level of access such devices have to corporate networks.
[Researcher: Lena Krummeich]
5. Software developer found guilty of installing ‘kill switch’ on employer’s network
A software developer was found guilty of creating and deploying malicious code to intentionally disrupt his employer’s systems after a demotion and in anticipation of his eventual termination. The malware interfered with production servers and user logins. The disgruntled employee also included a ‘kill switch’ that was triggered on the day of his termination, causing significant operational and financial impact.
So What?
It is important to regularly review access rights and monitor the activity of privileged users. Ensure that the onboarding and offboarding process includes a review of code developed by recent movers and leavers.
[Researcher: Adelaide Parker]
6. FBI warns free file converter tools could lead to malware installation
Last Friday, the FBI Denver Field Office warned that cybercriminals are using free online file converters or downloaders to steal personal information and install malware that could lead to ransomware attacks. Examples of such tools are websites that convert .doc to .pdf files or .MP3/.MP4 downloading tools.
SO WHAT?
It is important to be vigilant when downloading files from unknown sources and scan them with an anti-virus product before opening them.
[Researcher: Denisa Greconici]
-1-1.jpeg?width=121&height=121&name=MicrosoftTeams-image%20(11)-1-1.jpeg)
