- CYBERDEFENSE.NET
- Posts
- SILENT KILLER: THE STEALTH CYBERATTACK THAT ENDS BUSINESSES OVERNIGHT
SILENT KILLER: THE STEALTH CYBERATTACK THAT ENDS BUSINESSES OVERNIGHT
The digital battlefield is in full swing. Invisible enemies but omnipresent are armed with powerful technologies and continue to evolve. Behind screens, cybercriminals prepare to strike, and exploit the flaws of the past and the weapons of tomorrow.
Johnny Rico
July 03, 2025
π€ Dear internet users and fellow Cyberdefenders,
Ransomware, attacks targeting Microsoft Exchange servers and malicious artificial intelligence... every day, the threats become more insidious, more precise and more devastating.
Imagine: one group of hackers, Dire Wolf, is now using advanced techniques to strike with military efficiency in strategic sectors such as technology and industry.
And while war rages on these fronts, invisible agents are injecting keyloggers into vulnerable Microsoft Exchange servers. Their aim is to steal credentials and compromise vital infrastructures.
Faced with this growing threat, a new generation of defenders is rising up. Startups like Bonfy.AI are entering the arena. Their mission is to create digital shields to protect companies from data breaches and reputation-threatening risks.
But this battle is just the beginning. In this new digital age, where AI, ransomware and cybersecurity merge, one thing is certain: those who fail to prepare will be the next to fall.
Ready to understand how this war is waged and learn how you can defend your turf? Read on.
HIGHLIGHTS
π Microsoft Exchange Under Attack: Keyloggers Steal Credentialsπ
π Dire Wolf Ransomware Panic: How Hackers Hold You Hostageπ»
π AI Jailbreak Unleashed: Cybercriminals' New Ultimate Weapon π€
π Bonfy.AI Lands $9.5M to Fight AI-Powered Cyber Threats π
π Cybersecurity Joins Forces with NGOs to Fight Digital Threats π
If this letter was forwarded to you, subscribe by clicking this link !
ποΈβ Guess what ?
Attacks are targeting Microsoft Exchange servers exposed to the Internet to exploit known vulnerabilities (ProxyShell, ProxyLogon) to inject keyloggers. This phenomenon affects a wide range of sectors, from government to private enterprise.
The Dire Wolf group uses double extortion tactics not only to encrypt files, but also to threaten to publish sensitive data. Their recently analyzed sample shows increased sophistication that exploits critical services. Moreover, they use Golang to obfuscate their code and evade detection.
Cybercriminals are exploiting jailbroken AI models such as WormGPT and FraudGPT to generate malicious code and orchestrate massive attacks. These models, often based on open-source AI, enable extreme customization of attacks.
Israeli startup Bonfy.AI has raised $9.5 million to develop a platform dedicated to securing AI-generated content, particularly in regulated sectors such as healthcare, finance and legal.
The global Common Good Cyber Fund initiative aims to support non-profit organizations that protect the cybersecurity of vulnerable communities, particularly in the fields of the press and human rights. The fund is supported by renowned institutions such as the Internet Society and the Global Cyber Alliance.
π€β You want to know more ?
1οΈβ£β Microsoft Exchange: 70 servers compromised with keyloggers to steal credentials
Summary : Malicious actors are targeting exposed Microsoft Exchange servers with keylogger injections to collect user credentials. This series of attacks, which has already affected more than 65 victims in 26 countries, is based on the exploitation of vulnerabilities such as ProxyShell and ProxyLogon. Attackers take advantage of unpatched vulnerabilities to insert malicious scripts, often undetectable, that harvest sensitive data in the background.
Details :
Exploitation of ProxyShell flaws: Attackers exploit old flaws in Microsoft Exchange to inject malicious code directly into login pages.
Keyloggers and data theft: Keyloggers capture user keystrokes. This enables hackers to steal user IDs and other sensitive information.
Local and remote vulnerabilities: Two types of keyloggers have been identified: those that store data locally and those that send it to a remote server.
Difficulty of detection: The attack is particularly insidious, as it requires no outgoing traffic, making detection difficult.
Targeted sectors: More than 20 compromised servers were found in government agencies, demonstrating the diversity of sectors affected by this attack.
What should we remember?
Unpatched vulnerabilities in Microsoft Exchange continue to be exploited for sophisticated attacks. Companies must apply security patches to avoid such intrusions.
βββββββββββββββββββββββββ
2οΈβ£β Dire Wolf ransomware causes panic: discover its modus operandi
Summary : The Dire Wolf ransomware group is emerging as a serious new threat in the cybersecurity landscape. Its use of a double extortion model, combined with sophisticated tactics to hide and operate undetected, is particularly worrying. Its ransomware, written in Golang, is highly portable, making it difficult to detect by traditional antivirus software. This group mainly targets the manufacturing and technology sectors, with 16 victims reported to date in several countries.
Details :
Double extortion: Dire Wolf uses the double extortion technique to threaten not only to encrypt files, but also to publish sensitive data on the dark web if the ransom is not paid.
Golang script: The ransomware is written in Golang. This is a popular language among cybercriminals, thanks to its portability across multiple operating systems.
Targeting critical services: Attackers try to stop and disable critical services, including security software such as Sophos and Symantec, to facilitate their malicious activity.
Disabling event logs: Once executed, the malware disables Windows event logs, making it even more difficult to detect intrusions.
Geographic concentration: The group continues to grow, with a notable concentration of attacks in the USA, Thailand and Taiwan.
What should we remember?
Dire Wolf marks a worrying development in ransomware, which exploits the flexibility of Golang to evade detection. Companies need to strengthen their defenses, particularly against attacks targeting critical processes and services.
ββββββββββββββββββββββ
3οΈβ£β Jailbroken AI: cybercriminals' new weapon for ultra-efficient attacks
Summary: Cybercriminals are increasingly exploiting "jailbroken" AIs to carry out complex attacks. These AI models, such as WormGPT and FraudGPT, are used to generate malware, phishing emails and social engineering scripts. Thanks to jailbreak techniques, these AIs evade security filters. This provides criminals with a powerful platform to automate their
Details:
Malicious AI models: WormGPT and FraudGPT are "jailbroken" versions of AIs that can generate malicious content without any restrictions.
Accessibility on underground forums: These tools are available on underground forums. This allows cybercriminals to use them without requiring advanced technical skills.
Attack automation: These AIs are used to automate the creation of malware, making attacks faster and harder to detect.
Exploitation of models such as Grok and Mixtral: The Grok and Mixtral models are popular bases for the creation of illegal versions of AI, used to bypass conventional protections.
Increasing the effectiveness of cyberattacks: Although these AIs do not introduce new types of malware, they considerably increase the effectiveness of cyberattacks.
What should we remember?
Cybercriminals are now exploiting powerful and malicious AIs to improve the effectiveness of their attacks. Vigilance and adaptation of defenses must be top priorities.
ββββββββββββββββββββ-
4οΈβ£β Bonfy.AI raises $9.5 million to protect businesses against AI-generated risks
Summary : Bonfy.AI, an Israeli startup specializing in AI-generated content security, has raised $9.5 million to develop its platform. Bonfy Adaptive Content Security (Bonfy ACS) protects companies against sensitive data leaks, privacy breaches and reputational risks by analyzing content generated by AI and human users.
Details:
An innovative approach: Bonfy.AI sets itself apart from traditional solutions by combining business logic and behavioral context to detect risks in AI-generated content.
Protection of AI and human content: The platform protects not only AI-generated content, but also human communications to cover a wide range of channels.
Targeting regulated sectors: Bonfy specifically targets regulated sectors, such as healthcare, finance and legal, where security and compliance are critical.
Elimination of false positives: The platform eliminates the false positives common in conventional data loss prevention (DLP) tools.
Strict compliance: Bonfy.AI relies on strict compliance policies, including RGPD and CCPA, to ensure the security of sensitive data.
What's important to remember?
Bonfy.AI provides an innovative response to AI-related risk management. Thanks to this start-up, companies can now protect their content and ensure regulatory compliance at the same time.
5οΈβ£ Cybersecurity for NGOs: Common Good Cyber Fund supports digital defense players
Summary : The Common Good Cyber Fund, launched by organizations such as the Internet Society and the Global Cyber Alliance, supports NGOs and non-profit initiatives that protect cybersecurity and civil liberties worldwide. The fund aims to bridge the funding gap for organizations working to secure vulnerable communities in the face of growing threats.
Details:
Support for NGOs: The fund aims to strengthen the cybersecurity capabilities of NGOs, particularly those protecting journalists, human rights defenders and activists.
Critical infrastructure funding: It finances projects related to critical digital infrastructure, such as DNS and threat analysis services.
First fund of its kind: The fund stands out as the first to focus exclusively on cybersecurity for the public good.
International support: It has received support from countries such as Canada and the UK, underlining its importance in defending digital civil spaces./
Investment in sustainability: The funds are intended to support global initiatives, and at the same time promote cybersecurity that is inclusive and accessible to all.
What's important ?
The Common Good Cyber Fund is a major initiative to support global cybersecurity efforts, particularly for NGOs protecting high-risk communities.
π‘οΈ Digital Combat Ops
Φ Prompt injection - How to protect yourself against this invisible attack that threatens AI and your data?
Prompt injection is a cyberattack that targets AI services, particularly those using large language models (LLMs) such as GPT-3/4 or BERT.
It involves inserting malicious inputs into the system, causing the AI to generate unintended results, including sensitive information or inappropriate content.
This attack is difficult to detect because it relies on natural language queries, which do not follow fixed structures like conventional injections.
To protect yourself, it is advisable to implement strategies such as the use of control instructions. This also applies to the encapsulation of user input with random markers, or the prior evaluation of prompts by a separate LLM.
CYBERTRIVIA - DID YOU KNOW? π€
Did you know that the most expensive ransomware in history hit the US public hospital University of California San Francisco (UCSF) in 2020? The attack paralyzed the hospital for several days and required the payment of a $1.14 million ransom to recover data. The attack showed just how vulnerable healthcare facilities can be to ransomware and highlights the importance of cybersecurity in the medical sector.
SURVEY π
π©πΌβπ» What is your main defense against cyber attacks? |
ποΈ Let me know if you need further adjustments !
Don't miss any crucial cybersecurity news! Subscribe now to our newsletter to receive in-depth analysis, expert advice, and stay informed about the latest threats and solutions to protect your business. 'This is for all the newcomers: I have only one rule. Everyone fights. No one quits.
