This Week in Cyber 14th March 2025

Analyst Insight

This week in cyber, we have seen three major threat actor groups targeting a range of sectors including: Social Media, Maritime and Logistics, and Finance. These sectors are valuable targets due to their size, wealth and social impact resulting in the largest theft of cryptocurrency to date.  We have also seen an attack on a major Japanese telecommunications provider, with no linked threat actor at the time of writing. In addition, 57 vulnerabilities and 7 actively exploited zero days within Microsoft products have been patched this Tuesday highlighting the reactive effort of software vendors in protecting customer security.

Lazarus Group Cashes Out Hundreds of Millions From $1.5bn ByBit Hack

In a previous blog post, we informed our readers about Lazarus Group successfully stealing $1.5bn (£1.16bn) of cryptocurrency from the ByBit exchange, where the compromise of a smart contract and evading fraud prevention enabled the threat actors to steal the crypto. This week, the BBC reported that Lazarus Group have successfully laundered at least $300 million of the stolen cryptocurrency through various channels. The threat actors utilised exchanges which are less likely to cooperate with law enforcement to launder the funds. Elliptic, a blockchain analysis company states that 20% of the funds have now “gone dark”, meaning those funds are likely to never be recovered. 

Maritime Sector Faces Attacks From SideWinder

SideWinder, a prolific threat actor that is also known by Rattlesnake, has been seen escalating attacks in maritime and logistics sectors. Researchers from both Kaspersky and BlackBerry have been closely tracking the group. The group have their own home grown stealer toolkit dubbed "StealerBot" that is delivered through mostly well known and publicly exploited vulnerabilities. In particular they have been sighted using CVE-2017-11882 to drop their stealer toolkit. Their main delivery method has been spear-phishing, usually through malicious DOCX files that are dressed up to look relevant to their target. SideWinder relies on already publicly exposed CVEs and vulnerabilities well logged in the KEV catalog. Many of these exploits can be entirely mitigated via available vendor patches. 

Dark Storm Hacktivist Group Claims X DDoS Attack

After worldwide outages on social media platform X, The Dark Storm hacktivist group claims responsibility for a DDoS attack conducted against X on Monday 11th March 2025. Dark Storm has previously targeted organizations in Israel, Europe, and the US. Sourced by BleepingComputer, the group posted their claims to their Telegram channel with screenshots of check-host[.]net to prove that the website is down for users globally. After the attack, X has now reinforced their services with Cloudflare DDoS-Protection.

Japanese Telecoms Provider Breached with 18,000 Customers Affected

NTT Communications Corporation, a Japanese telecommunications provider, has experienced a data breach, as disclosed to their customers. The breach, discovered on February 5th, revealed that hackers had accessed an internal system used for managing service orders. The stolen data includes customer names, phone numbers, emails, addresses, and usage information of around 18,000 organisations. NTT Com has identified that no data on personal customers has been stolen by the threat actors. No threat actor groups have claimed responsibility for the attack at the time of writing.

March Patch Tuesday: Microsoft Releases Fixes for 57 Vulnerabilities

This month’s Microsoft Patch Tuesday releases fixes for 57 vulnerabilities, including 7 actively exploited zero days. Some highlights include a critical vulnerability affecting Windows Remote Desktop Services (CVE-2025-24035) allowing threat actors to remotely execute code, a Win32 Kernel Subsystem Vulnerability (CVE-2025-24044) permitting privilege escalation and a vulnerability affecting Microsoft Streaming Service (CVE-2025-24046) leading to remote code execution. More information about the March patch can be found on Microsoft MSRC or BleepingComputer.