Activity Summary - Week Ending on 28 March 2025:
- Red Sky identified 16,964 connections from ‘new’ and unique, compromised IP addresses
- Layerstack Cloud in Hong Kong hit 19x
- CISA Alert – CVE’s: 2025-24472 & 2025-30066
- RansomHub Affiliates
- Custom Backdoor Designed for Ransomware Attacks
- Tap-to-Pay Scheme
- Apple iMessage Service and through RCS
- France: A single infected USB key
- Ukrainian State Railways - Ukrzaliznytsia
- BlackMatter et al - Targeteer
Link to the full report: IR-25-087-001_weekly087.pdf