June 02, 2025

Our analyst team shares a few articles each week in our email newsletter which goes every Thursday. Make sure to register! This blog highlights those articles in order of what was the most popular in our newsletter – what our readers found the most intriguing. Stay tuned for a recap every month. We hope sharing these resources and news articles emphasizes the importance of cybersecurity and sheds light on the latest in threat intelligence.

1. FBI: Scammers pose as FBI IC3 employees to ‘help’ recover lost funds – Bleeping Computer

On April 18, 2025, the Federal Bureau of Investigation (FBI) released a public service announcement warning of an ongoing fraud scheme in which scammers are impersonating FBI Internet Crime Complaint Center (IC3) employees. According to the announcement, the FBI has received more than 100 reports of such impersonation scams between December 2023 and February 2025. The scammers have been observed impersonating IC3 employees while offering to assist victims of fraud. Read full article.

2. Europol Shuts Down Six DDoS-for-Hire Services Used in Global Attacks – The Hacker News

In a May 7 press release, Europol announced that Polish authorities arrested four individuals “who allegedly ran a network of platforms used to launch thousands of cyberattacks worldwide.” The suspects were linked to six DDoS-for-hire platforms, specifically Cfxapi, Cfxsecurity, neostress, jetstress, quickdown and zapcut. As noted in the report, the arrests were part of a coordinated international operation involving four countries and assisted by Europol. Furthermore, as part of the operation the United States also seized nine domains associated with booster services. Article here.

3. Chinese hackers target Russian govt with upgraded RAT malware – Bleeping Computer

Researchers at Kaspersky’s Global Research and Analysis Team have observed IronHusky hackers targeting Russian and Mongolian government entities. IronHusky, a Chinese-speaking threat group that has been active since at least 2017, is using an upgraded version of MysterySnail remote access trojan (RAT) malware. Researchers identified the updated RAT “while investigating recent attacks where the attackers deployed the RAT malware using a malicious MMC script camouflaged as a Word document.”
Read more here.

4. Fake AI video generators drop new Noodlophile infostealer malware – Bleeping Computer

Researchers at Morphisec have observed threat actors distributing malware via fake AI-powered video generators. According to Morphisec’s May 08 report, the fake AI platforms are being predominantly advertised in Facebook groups. Victims who are lured into visiting the fake site are prompted to upload their images or videos to generate content. The users are subsequently asked to download the generated AI content—in attempting to do so, however, the victims unknowingly download a malicious ZIP archive instead (“VideoDreamAI.zip”). The file then installs the newly identified infostealer dubbed “Noodlophile.” Read here.

6. 3AM ransomware uses spoofed IT calls, email bombing to breach networks – Bleeping Computer

In a May 20 report, Sophos researchers outlined two distinct threat clusters using “’email bombing’ to overload a targeted organization’s employee with unwanted emails, and then […] posing as a tech support team member to deceive that employee into allowing remote access to their computer.” As noted in the report, Sophos has observed over 55 attempted attacks using this technique between November 2024 and January 2025. Among the tracked incidents was an attack carried out in 2025 by a 3AM ransomware group affiliate that used a similar email bombing technique; rather than calling via Microsoft Teams, however, the threat actors used a real phone spoofing the organization’s IT department. Read full article.

7. U.S. Charges Yemeni Hacker Behind Black Kingdom Ransomware Targeting 1,500 Systems – The Hacker News

In a May 1 press release, the U.S. Department of Justice (DOJ) announced that a Yemeni national was indicted for allegedly deploying Black Kingdom ransomware “on roughly 1,500 computers in the United States and abroad.” The 36-year-old suspect has been charged with “one count of conspiracy, one count of intentional damage to a protected computer, and one count of threatening damage to a protected computer.” According to the press release, the individual is currently believed to be residing in Yemen. Read full article.

8. Germany Shuts Down eXch Over $1.9B Laundering, Seizes €34M in Crypto and 8TB of Data – The Hacker News

In a May 07 press release, Germany’s Federal Criminal Police Office, the Bundeskriminalamt, announced the takedown of the cryptocurrency exchange platform “eXch” for alleged money laundering. According to the report, the operation took place on April 30, 2025, and also involved authorities seizing over eight terabytes of data and €34 million worth of crypto assets (Bitcoin, Ether, Litecoin, and Dash). Significantly, this is the “third-largest seizure of crypto assets in the history of the BKA”. Learn more.

Make sure to register for our weekly newsletter to get access to what our analysts are reading on a weekly basis.