Daily Security Briefing 020
- DjediTech
- Security , Newsletter
- September 24, 2025
Table of Contents
September 24, 2025 | Read Online
BRICKSTORM espionage backdoor, massive SIM card seizure in NYC, Firebase apps exposing user data
Executive Summary
Today’s cybersecurity landscape highlights significant threats from advanced persistent threats and large-scale criminal operations. Notably, the BRICKSTORM backdoor continues to target U.S. legal and tech sectors, underscoring sustained espionage risks linked to suspected China-affiliated groups. Meanwhile, law enforcement disrupted a massive SIM card network in New York capable of telecom attacks during a major international event. Additionally, a widespread misconfiguration in Google’s Firebase platform has led to exposure of sensitive data across hundreds of popular mobile apps. On the cybercrime front, a prolific ransom group known as Scattered Spider is under prosecution, and global police efforts have recovered over $439 million stolen by cybercriminal rings. Threat actors also leverage GitHub to distribute sophisticated malware targeting macOS users by impersonating trusted brands.
Top Articles
Another BRICKSTORM: Stealthy Backdoor Enabling Espionage into Tech and Legal Sectors
Google’s Threat Intelligence Group and Mandiant have identified ongoing BRICKSTORM malware campaigns since March 2025, aimed at maintaining persistent access within U.S. organizations, particularly in legal services and technology. This stealthy backdoor facilitates espionage efforts attributed to China-linked cyber threat actors targeting sensitive industries.
cloud.google.com
US Disrupts Massive Cell Phone Array in New York
The U.S. Secret Service thwarted a large-scale network of over 300 SIM servers and 100,000 SIM cards in New York City, which had the potential to disable cellular systems during the United Nations General Assembly. This telecom disruption reflects growing concerns over attacks on critical communication infrastructure during major international events.
schneier.com
Multiple Apps on Google’s Firebase Platform Exposing Sensitive Data
Security researchers uncovered a widespread vulnerability affecting more than 150 popular mobile apps using Google Firebase, exposing sensitive user data due to misconfigurations. This issue potentially affects millions of users globally, marking one of the largest data exposure incidents linked to mobile app backend services.
gbhackers.com | cyberpress.org
Weaponized Malware: GitHub Hosts Malware from Malwarebytes, LastPass, Citibank, SentinelOne, and More
Threat actors are currently using fake GitHub pages to distribute macOS information-stealing malware disguised as well-known software including Malwarebytes, LastPass, Citibank, and SentinelOne. This campaign highlights evolving tactics of leveraging trusted brand impersonation via GitHub Pages to infect victims with the macOS Atomic Stealer payload.
gbhackers.com | cyberpress.org
Feds Tie ‘Scattered Spider’ Duo to $115M in Ransoms
U.K. authorities charged Thalha Jubair, 19, alongside a co-conspirator, as core members of the Scattered Spider ransomware group accused of extorting over $115 million. The group targeted major retailers and transit systems in the UK, demonstrating the scale and sophistication of rampant ransomware operations affecting critical infrastructure.
krebsonsecurity.com
Chinese Hackers RedNovember Target Global Governments Using Pantegana and Cobalt Strike
Recorded Future upgraded its assessment of the China-linked threat cluster TAG-100 to RedNovember, a state-sponsored group conducting espionage against government and private-sector organizations worldwide. The group employs tools such as Pantegana malware and Cobalt Strike to infiltrate targets across multiple continents.
thehackernews.com
UNC5221 Uses BRICKSTORM Backdoor to Infiltrate U.S. Legal and Technology Sectors
Analysts attribute recent espionage campaigns delivering the BRICKSTORM backdoor to UNC5221, a suspected Chinese threat group. The group focuses on U.S.-based legal, SaaS, BPO, and technology companies to facilitate long-term access and intelligence gathering.
thehackernews.com
New Supermicro BMC Flaws Can Create Persistent Backdoors
Two newly disclosed vulnerabilities in Supermicro’s Baseboard Management Controller firmware allow attackers to install malicious images, potentially creating persistent hardware-level backdoors that are difficult to detect and mitigate, posing serious risks to enterprise infrastructure.
bleepingcomputer.com
Police Seizes $439 Million Stolen by Cybercrime Rings Worldwide
A joint five-month global operation led by Interpol resulted in the seizure of more than $439 million in cash and cryptocurrency linked to cyber-enabled financial crimes impacting thousands worldwide. This milestone highlights law enforcement’s increasing collaboration and success in combating cybercrime proceeds.
bleepingcomputer.com
AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.