Serious Intelligence Weekly
Wednesday, March 12, 2025
This week revealed significant developments in state-sponsored cyber threats and critical infrastructure vulnerabilities. Most notably, Chinese hackers were found deploying backdoor malware on Juniper routers, while a separate investigation showed that China's Volt Typhoon hackers maintained access to the US electric grid for 300 days, demonstrating persistent threats to critical infrastructure.
Major security updates were released across multiple platforms. Microsoft addressed a Windows Kernel zero-day vulnerability that had been exploited since 2023, while Zoom patched four high-severity vulnerabilities. The FTC reported that fraud losses reached $12.5 billion in 2024, with investment scams accounting for $5.7 billion of the total.
In the realm of machine identities, a concerning trend emerged as machine identities were reported to outnumber humans, increasing security risks seven-fold. This development highlights the growing complexity of managing digital identities and securing automated systems in modern infrastructure.
This week saw significant developments in international cyber relations and major security breaches. Former CISA Director Jen Easterly highlighted concerns about a potential new 'China, Russia, Iran, and North Korea intelligence sharing' alliance, suggesting a shift in global intelligence cooperation. This development coincided with the US Department of Justice's indictment of 12 Chinese hackers, including members of the Silk Typhoon group responsible for the US Treasury breach.
Microsoft's March Patch Tuesday revealed six actively exploited zero-day vulnerabilities, while thousands of WordPress sites were compromised with four distinct backdoors. In cryptocurrency-related developments, federal investigators linked a $150 million cyberheist to the 2022 LastPass breach, and Indian authorities arrested the co-founder of Garantex, a cryptocurrency exchange sanctioned for money laundering.
On the defensive front, the EFF introduced Rayhunter, an open-source tool for detecting IMSI catchers, demonstrating growing efforts to counter surveillance technologies.
This week saw significant developments in vulnerability management and threat detection. Microsoft's March Patch Tuesday addressed 51 vulnerabilities, including six zero-day exploits. While only six vulnerabilities were rated critical, the presence of actively exploited vulnerabilities demands immediate attention from system administrators.
Security researchers observed increased scanning activity targeting VMware Hybrid Cloud Extension (HCX) API endpoints, potentially indicating preparation for exploitation attempts. Meanwhile, the City of Mission, Texas declared a local state of emergency following a severe cybersecurity incident threatening to expose sensitive personal information and health records.
In infrastructure security, researchers identified multiple vulnerabilities in ICONICS Suite, a SCADA software widely used in operational technology applications. Additionally, security teams reported ongoing probes for common webshell URLs, highlighting the persistent threat of web-based attacks.
Microsoft's March 2025 Patch Tuesday release addressed 56 CVEs, including six critical vulnerabilities and seven zero-day flaws. According to Tenable's analysis, remote code execution (RCE) vulnerabilities accounted for 41.1% of the patches, while elevation of privilege (EoP) vulnerabilities made up 39.3%. Notable fixes included CVE-2025-26633, a security feature bypass in Microsoft Management Console that was actively exploited, and CVE-2025-24985, a RCE vulnerability in Windows Fast FAT File System Driver.
The update included critical patches for Windows Remote Desktop Services (CVE-2025-24035 and CVE-2025-24045) with CVSSv3 scores of 8.1. Multiple vulnerabilities in Windows NTFS were addressed, including CVE-2025-24993, a RCE vulnerability that was exploited in the wild. Microsoft Access also received attention with CVE-2025-26630, a zero-day vulnerability that was publicly disclosed before patching.
The comprehensive patch release covered multiple Microsoft products and services, including .NET, Azure services, Office applications, and various Windows components. The high number of zero-day vulnerabilities and actively exploited flaws highlights the increasing sophistication of cyber threats targeting Microsoft systems.
ISO Serious Ltd. is a company registered England and Wales (Company No. 15466339), Dragon CoWorking, 7-8 New Road Avenue, Rochester, Kent, United Kingdom, ME4 6BB.
intelligence@isoserious.com | Privacy Policy
Weekly Intelligence Briefing: 12 March 2025
The Short Version (For Busy People)
Hello there! It's been another eventful week in the world of digital security. We've translated the usual techno-babble into something approaching plain English, so you can understand what's actually going on and what you need to do about it.
๐จ๐ณ State-Backed Hackers: They've Been Busy
Chinese government-supported hackers have been rather active lately:
๐ง Microsoft's Monthly Security Fixes: Extra Large Edition
Microsoft released their March security updates, and it's a big one:
๐ญ Infrastructure & Business Systems at Risk
Some concerning developments for critical systems:
What You Actually Need to Do
๐จ Do These Today (Really, Today)
โ ๏ธ Do These This Week
๐ Get These on Your Calendar
What's Actually Happening Out There
Government-Backed Hackers
They're getting more coordinated and persistent:
- Chinese hackers maintained access to the US electric grid for 300 days
- Security agencies warn about countries sharing hacking techniques
- Sophisticated backdoor deployments targeting essential infrastructure
The Cost of Cybercrime
The financial impact continues to grow:
- Total fraud losses reached $12.5 billion in 2024
- Investment scams accounted for $5.7 billion of that total
- A $150 million theft linked to the 2022 LastPass breach
- Cryptocurrency exchange executive arrested for money laundering
Essential Services Under Threat
The systems we rely on daily face increasing risks:
- Persistent threats to power grid systems
- Vulnerabilities in industrial control software
- Local government services compromised
- Remote work tools facing serious security flaws
Special Focus: Too Many Machine Identities
This week, researchers reported that digital machine identities (automated accounts, service accounts, API keys, etc.) now outnumber human users by seven to one. This creates massive security challenges.
Why You Should Care: Unlike humans, machines don't attend security training, don't worry about getting fired for mistakes, and don't feel guilty about poor security practices. They just do exactly what they're programmed to doโwhich becomes a problem when hackers re-programme them.
What To Do About It:
- Create an inventory of all machine identities in your organisation
- Implement proper access controls for all automated systems
- Remove unnecessary permissions from system accounts
- Regularly check and update security certificates
- Monitor for unusual behaviour in automated systems
Startling Stat of the Week
This week's "well that's concerning" award goes to: 41.1% of Microsoft's March patches fixed flaws that would allow attackers to run their own code on your systems. Nearly half of all security fixes were for vulnerabilities that could give attackers complete control. No pressure.
As always, if you need help implementing any of these recommendations or just want to vent about the never-ending security challenges, we're here. Reach out at intelligence@isoserious.com.
Stay secure,
ISO Serious