Hello there 👋
Welcome back to the Kraven Security weekly newsletter, triaging the week. We round up the week’s top news stories, highlight our featured article, give you some learning resources, and finish with a few personal notes about what’s happening at the company. Enjoy!
Top 5 News Stories
X Faces Massive Cyberattack as Dark Storm Claims Responsibility for DDoS Disruptions
X was hit by a massive cyberattack, with the Dark Storm hacktivist group claiming responsibility for multiple DDoS outages affecting users worldwide. Elon Musk confirmed the attack, and X has since enabled Cloudflare protections to mitigate further disruption.
Key takeaways:
🕵️♂️ Outage Chaos: X suffered multiple global outages on March 10, 2025, disrupting access for thousands. The Dark Storm hacktivist group claimed credit for launching DDoS attacks.
🌩️ Dark Storm Strikes: The pro-Palestinian group boasted on Telegram about targeting X, sharing proof via check-host.net, while Musk called it a “massive cyberattack” requiring significant resources.
🛡️ Cloudflare Shield: X activated Cloudflare’s DDoS protections, adding CAPTCHAs for suspicious IPs to fend off the attack and restore functionality.
🔍 Tracing Culprits: Musk hinted at a large coordinated effort or state involvement, though no evidence was provided. Experts note that DDoS attacks often mask true origins.
⚠️ Stay Alert: Users should expect potential lingering issues and avoid sharing personal information amid such attacks—cyber resilience is key.
North Korean Lazarus Hackers Target Developers with Malicious npm Packages
North Korean Lazarus hackers are at it again, infecting hundreds via six malicious npm packages designed to steal credentials and crypto data. Stay safe—vet your downloads and watch for typosquatting traps!
Key takeaways:
🕵️♂️ Lazarus Strikes: Six malicious npm packages linked to North Korea’s Lazarus group have been uncovered. They have been downloaded 330 times and target developers with stealthy attacks.
🔓 Data Theft: These packages steal account credentials, install backdoors, and extract cryptocurrency info, using typosquatting to mimic legit libraries like “is-buffer.”
💻 Active Threat: Despite discovery, the packages remain live on npm and GitHub, amplifying risks for unwary developers integrating them into projects.
🛡️ Protect Yourself: To avoid this cyber trap, developers must double-check package sources, avoid typosquatting names, and monitor supply chains.
CISA Warns of Medusa Ransomware Targeting Over 300 Critical Infrastructure Organizations
CISA reports that Medusa ransomware has struck over 300 critical infrastructure organizations in the U.S., hitting sectors like healthcare and tech since 2021. Urgent action needed—patch systems and boost defenses to stop this growing threat!
Key takeaways:
🕵️♂️ Medusa Strikes: CISA says Medusa ransomware has impacted over 300 U.S. critical infrastructure orgs since 2021, targeting medical, education, legal, insurance, tech, and manufacturing sectors, as of February 2025.
🔓 Attack Surge: The gang’s activity spiked in 2023 with a new leak site. The gang pressured victims by stealing data and demanding ransoms, often exploiting unpatched vulnerabilities.
🌐 Global Reach: While distinct from MedusaLocker, this group shares traits with other ransomware ops, with CISA noting related Ghost ransomware attacks hitting over 70 countries.
🛡️ Defend Now: CISA, FBI, and MS-ISAC urge orgs to patch systems, segment networks, and filter traffic to block Medusa’s tactics and curb future attacks.
Cybersecurity & Infrastructure Security Agency Center (CISA)
AI-Powered Fake GitHub Repos Distribute SmartLoader and Lumma Stealer Malware
Trend Micro uncovers a campaign using AI-generated fake GitHub repos to spread SmartLoader and Lumma Stealer, targeting users with deceptive gaming cheats and cracked software. These malicious ZIP files can steal crypto wallets and credentials.
Key takeaways:
🕵️♂️ Fake Repos Exposed: Trend Micro revealed a campaign leveraging AI to create convincing fake GitHub repositories, distributing SmartLoader and Lumma Stealer malware disguised as gaming cheats and cracked software.
💾 Malware Delivery: Attackers use ZIP files with obfuscated Lua scripts to deliver payloads, exploiting GitHub’s trusted reputation to evade detection and steal sensitive data like crypto wallets and login credentials.
📜 AI Deception: The campaign employs AI-generated README files and documentation to make repos appear legitimate, increasing the likelihood of users downloading harmful content.
🌐 Wide Impact: If successful, these attacks can lead to identity theft and financial fraud by harvesting personally identifiable information (PII) and two-factor authentication (2FA) data.
🛡️ Stay Safe: To mitigate risks from this sophisticated scam, developers should verify repository authenticity, check commit history, and avoid untrusted downloads.
Apple Patches Critical WebKit Zero-Day Exploited in Sophisticated Attacks
Apple just released a fix for a nasty WebKit zero-day (CVE-2025-24201) that’s been exploited in “extremely sophisticated” attacks targeting older iOS versions. Update your iPhone, iPad, Mac, and Vision Pro now to stay safe—this bug could break out of the Web Content sandbox!
Key takeaways:
🕵️♂️ Zero-Day Targeted: Apple patched CVE-2025-24201 in WebKit, which was exploited in “extremely sophisticated” attacks on iOS versions before 17.2. This allowed attackers to escape the Web Content sandbox with malicious web content.
📱 Devices at Risk: The flaw impacts iPhones, iPads, Macs, Safari, and Vision Pro, marking Apple’s third zero-day fix of 2025. To block the threat, update to iOS 18.3.2 or later.
🔒 Patch Details: This is a supplementary fix for an attack initially mitigated in iOS 17.2. Apple urges immediate updates for high-risk users like those targeted by nation-state actors.
⚠️ Sophisticated Threat: Likely aimed at specific individuals (think spies or law enforcement targets), this threat shows no sign of broad exploitation. However, don’t wait—patch now to avoid surprises.
🛡️ Stay Secure: Install updates ASAP, avoid sketchy web links, and watch for more details on these shadowy attacks as they emerge.
Top Tips of the Week
Threat Intelligence
- Collaborate with law enforcement for CTI investigations. Strengthen efforts against cybercrime through information sharing.
- Use threat intelligence in threat modeling. Identify potential threats early in the development process to enhance security measures.
- Use CTI to inform incident response playbooks. Enhance the effectiveness and efficiency of response efforts.
Threat Hunting
- Monitor emerging technologies in cyber threat hunting. Evaluate and incorporate new tools and methodologies to stay ahead of evolving threats.
- Encourage diversity in cyber threat hunting teams. Different perspectives enhance problem-solving and threat identification.
Custom Tooling
- Regularly assess custom tool dependencies. Keep libraries and frameworks up to date to benefit from the latest features and security patches.
- Collaborate with the cybersecurity community. Share insights and contribute to open-source projects related to custom tooling.
Feature Article
The challenges of building a CTI team are abundant. There are common challenges every project manager faces when creating a technical team, like budget constraints and talent acquisition. However, there are also unique challenges like managing data, operational integration, and ethical/legal considerations.
This breakdown of the top five challenges you will face when building a CTI team will highlight common obstacles you must overcome and potential solutions to these problems. You will see how careful planning, understanding CTI’s impact on the business, and open-source tools can help you build a successful CTI team.
Learning Resources
Creating Intelligence Requirements 101
Are you having trouble creating your intelligence requirements? Fear not—this excellent YouTube playlist will help you get started!
It covers how to use Intel471’s Cyber Underground General Intelligence Handbook (CU-GIRH) to take general intelligence and make it unique to your organization. This includes creating Priority Intelligence Requirements, assessing the feasibility of these requirements, and building a Collection Plan to ensure you can fulfill them.
A great resource I recommend every cyber threat intelligence analyst tries out!
3 Software Principles to Make Your Code Better
Coding is a game-changing skill for anyone working in a technical role. It allows you to harness the power of automation and 10x your output!
This video explains three crucial software design principles that can make your code more modular, scalable, and easier to maintain. These principles include the Single Responsibility Principle (SRP), the Open-Closed Principle (OCP), and the Dependency Inversion Principle (DIP).
The names might sound scary, but clear coding examples demonstrate these principles in action and help take your coding skills to the next level.
How Do You Maintain a Work-Life Balance?
Work-life means a lot of things to different people. It could mean working fewer hours but being intentional about your time, working longer hours to push through a tough period, or having strategies to split work and home life so you don’t get burnt out.
This excellent video by Tim Curry discusses the challenges of balancing work and life, especially in the tech industry, where the expectation of being constantly available is high. He highlights key strategies to help you maintain a balance like setting boundaries early, negotiating expectations with your boss, and finding a sustainable balance even when working long hours.
Make sure you prioritize your mental health!
Building Your Team’s CTI Brand
A robust cyber threat intelligence (CTI) brand is crucial for advancing your CTI program. A well-established CTI brand fosters internal trust and support while attracting external partnerships and resources.
This presentation examines how a credible CTI brand can bolster trust, increase engagement, and facilitate the program’s overall development. By concentrating on brand-building techniques—such as clear communication, active engagement with the business, and showcasing successful threat intelligence initiatives—organizations can establish their CTI program as a vital and trusted aspect of their cyber security framework.
This is a must-watch for any CTI manager who wants to establish strong partnerships, secure internal backing, and foster external trust and engagement.
