July 01, 2025

Our analyst team shares a few articles each week in our email newsletter which goes every Thursday. Make sure to register! This blog highlights those articles in order of what was the most popular in our newsletter – what our readers found the most intriguing. Stay tuned for a recap every month. We hope sharing these resources and news articles emphasizes the importance of cybersecurity and sheds light on the latest in threat intelligence.

1. Police arrests 20 suspects for distributing child sexual abuse content – Bleeping Computer

In a June 6 press release, INTERPOL announced the arrest of 20 suspects involved in the production and distribution of child sexual abuse material (CSAM). The international operation was led by the Spanish National Police, which initiated the investigation in late 2024 when it discovered several instant messaging groups dedicated to the circulation of CSAM. Seven of the identified suspects were arrested by Spanish authorities, 10 were arrested across seven Latin American countries, and “the remaining suspects were arrested elsewhere in Europe and the United States.” Read full article.

2. Police seizes Archetyp Market drug marketplace, arrests admin- Bleeping Computer

In a June 16 press release, Europol announced the disruption of the infamous darknet marketplace Archetyp Market in an international operation dubbed “Operation Deep Sentinel.” According to the statement, Germany, the Netherlands, Romania, Spain, and Sweden participated in a series of coordinated actions between June 11 and 13 “targeting the platform’s administrator, moderators, key vendors, and technical infrastructure.” The site’s suspected administrator—a 30-year-old German national—was also arrested in Barcelona. Article here.

3. FIN6 hackers pose as job seekers to backdoor recruiters’ devices – Bleeping Computer

Researchers have identified social engineering attacks carried out by the hacking group FIN6 (also known as Skeleton Spider) targeting recruiters by posing as job seekers. In 2019, the cybercrime group initially known for financial fraud expanded its operations to include ransomware attacks. Since then, the group has increasingly focused on social engineering campaigns. Its most recent campaigns have been used to deliver the JavaScript-based backdoor “more eggs,” which “facilitates credential theft, system access, and follow-on attacks, including ransomware deployment.” Read more here.

4. Russian hackers bypass Gmail MFA using stolen app passwords – Bleeping Computer

Researchers at Google Threat Intelligence Group (GTIG) have observed a suspected Russian state-sponsored threat actor impersonating U.S. Department of State officials. From April through June 2025, the threat actor has targeted “prominent academics and critics of Russia, often using extensive rapport building and tailored lures to convince the target to set up application specific passwords (ASPs).” After setting up the ASPs, the victims were instructed to share the ASP passcodes, thereby providing the threat actors with access to their emails. Read here.

5. New PathWiper Data Wiper Malware Disrupts Ukrainian Critical Infrastructure in 2025 Attack – The Hacker News

Researchers at Cisco Talos have observed a newly identified data wiper malware dubbed “PathWiper” targeting a critical infrastructure entity in Ukraine. According to the report, “the attack was instrumented via a legitimate endpoint administration framework,” suggesting that the attackers had access to the administrative console “that was then used to issue malicious commands and deploy PathWiper across connected endpoints.” Based on the observed tactics, techniques, and procedures (TTPs), it is assessed with high confidence that the attack was carried out by a Russia-nexus advanced persistent threat (APT) actor. Learn more.

6. Hackers switch to targeting U.S. insurance companies – Bleeping Computer

Researchers at Google Threat Intelligence Group (GTIG) have warned of hackers targeting insurance companies based in the U.S. GTIG is aware of multiple breaches impacting American companies “which bear all the hallmarks of Scattered Spider activity.” As highlighted by BleepingComputer, Scattered Spider is known for its sector-by-sector focus; the recent targeting of insurance companies signals that “the insurance industry should be on high alert.” Prior to the recent insurance industry breaches, Scattered Spider was observed targeting retail organizations in both the U.K. and U.S. Read full article.

7. Iranian man pleads guilty in US to 2019 Baltimore ransomware attack – Reuters

An Iranian national pled guilty to participating in a ransomware attack using the Robinhood variant between 2019 and 2024. Sina Gholinejad, 37, was arrested in January 2025 at Raleigh-Durham International Airport. In a statement the DOJ stated that one of the attacks against Baltimore city “cost the city more than $19 million from damage to computer networks and disruptions to city services including the processing of property taxes, water bills, parking citations and other revenue-generating functions lasting many months. Read full article.

8. BidenCash carding market domains seized in international operation – Bleeping Computer

On June 04, the U.S. Department of Justice (DOJ) announced the seizure of “approximately 145 darknet and traditional internet domains, and cryptocurrency funds associated with the BidenCash marketplace.” As highlighted by BleepingComputer, the domains were seized as part of an operation led by the United States Secret Service (USSS) and the Federal Bureau of Investigation (FBI), with support from the Dutch National Police. The marketplace’s domain currently redirects to a U.S. law enforcement-controlled server. Learn more.

Make sure to register for our weekly newsletter to get access to what our analysts are reading on a weekly basis.