Welcome to Osint10x Newsletter #4, your weekly update on threat intelligence insights, tools, and investigations from around the globe. Here’s what we have for you this week.
In the recent campaigns, the China-linked threat actor RedDelta, active since 2012, has targeted Mongolia, Taiwan, Myanmar, Vietnam, and Cambodia, deploying a customized PlugX backdoor from July 2023 to December 2024. The group used spear-phishing emails with lure documents themed around political and regional topics, such as the 2024 Taiwanese elections, the Vietnamese National Holiday, and ASEAN meetings, to initiate infections. Moreover, Trend Micro has uncovered a malicious campaign targeting cybersecurity researchers through a fake Proof-of-Concept (PoC) exploit for CVE-2024-49113, a denial-of-service (DoS) vulnerability in Microsoft’s LDAP. Dubbed “LDAPNightmare,” the attack involves a malicious repository disguised as a legitimate source. Researchers downloading the fake PoC accidentally execute information-stealing malware that collects data, such as system details and network information, and transmits it to an attacker-controlled server.
Another interesting story from the past week was about Gravy Analytics. the A hack of location data company Gravy Analytics has revealed which apps are—knowingly or not—being used to collect your information behind the scenes.
One of our recent investigations revealed that an alias named “FreeStorm” made a post on an underground forum claiming responsibility for an attack on the U.S. Treasury Department’s website. The user, who joined the forum on December 1, 2025, currently has zero reputation points. They identify themselves as hacktivists.
In the post, they claimed to have carried out a DDoS attack lasting approximately two hours and allegedly obtained data in formats such as .txt, .xlsx, and .sql.
RedDelta Deploys PlugX Malware to Target Mongolia and Taiwan in Espionage Campaigns
RedDelta,a Chinese cyber-espionage group, has been using PlugX malware in targeted campaigns against Mongolia and Taiwan. The campaign focuses on stealing sensitive information by leveraging malicious emails with weaponized documents. Researchers noted advanced stealth techniques and tailored payloads to evade detection. Read more
Fake PoC Exploit Targets Cybersecurity Researchers with Malware
A malicious Proof-of-Concept (PoC) exploit is circulating among cybersecurity researchers. Instead of demonstrating a vulnerability, it installs malware on the researcher’s system. The malware allows attackers to exfiltrate sensitive data and gain persistent access, posing a significant risk to the research community. Read more
BayMark Health Services Sends Breach Notifications After Ransomware Attack
BayMark Health Services suffered a ransomware attack, compromising sensitive patient data. The attackers accessed and encrypted records, forcing the company to issue breach notifications. This incident highlights the ongoing threat ransomware poses to the healthcare sector. Read more
Microsoft Sues Hacking Group Exploiting Azure AI for Harmful Content Creation
Microsoft has filed a lawsuit against a hacking group exploiting Azure AI capabilities for generating malicious content. The attackers used AI-driven tools to automate harmful campaigns, including phishing and misinformation. The case underscores the misuse of AI in cybercrime and the need for enhanced security measures. Read more
FreeStorm’s Claimed Attack on the U.S. Treasury Department – Developing Scoop
FreeStorm,a known cybercriminal group, has claimed responsibility for an attack on the U.S. Treasury Department. While details are still emerging, the group allegedly used phishing and advanced malware to compromise Treasury networks. This incident is under investigation, with potential implications for national security. Read more
Threat Actor Interview: Spotlighting on Funksec Ransomware Group
Funksec, a double extortion ransomware group, emerged in late 2024 and quickly gained notoriety by breaching databases and selling access to 15 government websites within just a month. Claiming to be entirely self-taught and operating without collaboration from other groups, Funksec is a four-member team driven primarily by financial motives. Read More
Other Explorations:-
A tool for checking if MFA is enabled on multiple Microsoft Services.
Uncover true IP Address of websites
The Kairos group is gaining attention on the dark web for its extortion campaigns.
Open-Source Intelligence Round-Up
Thanks for reading this week’s update! We are committed to bringing you the latest and most insightful updates about cyberspace. We hope our stories provide you with valuable knowledge about cybersecurity, threat intelligence, and more. Be sure to visit us next week for more exciting updates!
Leave a Reply