This article discusses three major cyber attacks that occurred in January 2025, highlighting phishing schemes that exploit trusted platforms like YouTube and fake online shops. The analysis emphasizes the importance of using tools like ANY.RUN’s Interactive Sandbox for threat detection and response. Affected: YouTube, Fox News, Linux-based platforms
Keypoints :
- Three significant cyber attacks were detected in January 2025.
- Phishing attacks used fake YouTube links to redirect users to phishing pages.
- Fake online shops with surveys targeted American e-commerce customers.
- The SystemBC proxy implant was identified as a threat to Linux-based platforms.
- ANY.RUN’s Interactive Sandbox is recommended for analyzing and responding to these threats.
MITRE Techniques :
- Phishing (T1566) – Attackers use deceptive links to redirect users to malicious sites.
- Credential Dumping (T1003) – Phishers aim to collect credit card information through fake online shops.
- Remote Access Tools (T1219) – SystemBC proxy implant facilitates communication with C2 servers for Linux systems.
Indicator of Compromise :
- [url] http://youtube
- [url] foxnews.com
- [others ioc] SystemBC proxy implant
- [others ioc] Tycoon 2FA phishkit
- [others ioc] Mamba 2FA phishing kit
- Check the article for all found IoCs.
Full Research: https://any.run/cybersecurity-blog/cybersecurity-blog/cyber-attacks-january-2025/