Monday, Jun 23, 2025 // (IG): BB // GITHUB // SN R&D
Strait of Hormuz in Crosshairs as Iran Threatens Oil Disruption Amid Cyber and Kinetic Escalation
Bottom Line Up Front (BLUF): Iran has threatened to block the Strait of Hormuz—a vital chokepoint for global oil shipments—in response to recent U.S. and Israeli strikes on its nuclear facilities. Experts warn that in addition to military retaliation, Iran may deploy cyber operations targeting maritime and energy infrastructure to destabilize global oil supply routes.
Analyst Comments: The possibility of Iran disrupting traffic through the Strait of Hormuz—either physically or via cyber means—poses a severe threat to global energy security. Iran has historically used asymmetric tactics to pressure adversaries without confrontation, including cyberattacks on maritime navigation systems and energy firms. Given its growing cyber capabilities, Iran could combine electronic warfare with cyber sabotage, potentially targeting oil tankers, port logistics, or ship-tracking systems. This scenario underscores the need to harden physical and digital infrastructure supporting global energy flows.
FROM THE MEDIA: Tensions in the Middle East escalated sharply after U.S. and Israeli forces conducted coordinated strikes on Iranian nuclear and military sites. In response, Iran signaled it may retaliate by closing or disrupting the Strait of Hormuz, a narrow passage through which nearly one-third of the world’s seaborne oil passes daily. Analysts warn that such a move could send oil prices soaring and trigger a global economic shock. In past confrontations, Iran has used fast boats, mines, and drones in the Strait, and experts now fear cyberattacks on shipping navigation systems or oil terminals could be part of a hybrid retaliation strategy. The situation remains fluid as governments and energy firms prepare for possible multi-domain disruptions.
READ THE STORY: Times of India
Pro-Houthi Group Claims Massive Saudi Leak and DDoS Attack on Truth Social
Bottom Line Up Front (BLUF): A pro-Houthi hacktivist group known as Cyber Avengers claims responsibility for leaking nearly 2 terabytes of data from Saudi Arabian government and private entities. The group also alleges it launched a successful DDoS attack on Truth Social, Donald Trump's social media platform, in retaliation for perceived Western and Gulf state involvement in the Yemen conflict.
Analyst Comments: The dual nature of the attack—data exfiltration and a platform takedown—reflects a shift in tactics designed for maximum political visibility. If the data leak is verified, it could damage Saudi Arabia’s digital trust posture and expose sensitive state or corporate information. Including Truth Social also suggests an expanding target scope tied to geopolitical narratives rather than regional boundaries alone.
FROM THE MEDIA: Cyber Avengers have leaked what it claims is nearly 2TB of sensitive data from Saudi Arabia, involving both governmental and private sector systems. The data is allegedly distributed via Telegram, with screenshots and documentation shared to bolster the group's credibility. In tandem with the leak, the group launched a distributed denial-of-service (DDoS) attack on Truth Social, rendering the platform inaccessible for a brief period. Cyber Avengers, aligned with the Houthi movement, cited ongoing Saudi involvement in the Yemen conflict as motivation for the attacks. Truth Social has not publicly confirmed the incident, and Saudi authorities have yet to issue an official response regarding the authenticity of the breach.
READ THE STORY: CyberNews
‘LAPSU$-Style’ Espionage Campaign Exploits IoT Routers in Global Surveillance Operation
Bottom Line Up Front (BLUF): Researchers have uncovered a global cyber-espionage campaign dubbed LAPDOGS. This campaign exploits vulnerabilities in IoT and home-office routers to covertly monitor targeted individuals and exfiltrate sensitive data. The threat actors behind LAPDOGS are using stealthy infrastructure and advanced techniques to avoid detection.
Analyst Comments: Attackers gain persistent access with limited oversight by compromising routers outside traditional enterprise perimeters. LAPDOGS also reflects a growing convergence between state-aligned cyber actors and criminal TTPs (tactics, techniques, and procedures) reminiscent of groups like LAPSU$. The use of obfuscated infrastructure and tailored payloads suggests this is not a mass exploit operation, but a targeted surveillance effort that may escalate or proliferate if left unchecked.
FROM THE MEDIA: The attackers exploit unpatched or poorly secured devices to establish command-and-control footholds, allowing for long-term surveillance and data exfiltration. The operation has targeted journalism, academia, and government individuals across multiple continents. Researchers noted that the attackers' infrastructure includes rotating IP addresses and stealth DNS tunneling techniques to avoid detection. Although attribution remains unclear, the sophistication suggests links to state-sponsored actors or highly organized APT groups. Experts warn that many of the affected routers remain unpatched and vulnerable.
READ THE STORY: ITPRO
Hackers Allegedly Sell Zero-Day Exploit for Intelbras Routers on Dark Web
Bottom Line Up Front (BLUF): A zero-day exploit targeting Intelbras wireless routers is reportedly sold on dark web forums for $7,000. The exploit allegedly allows remote code execution on multiple Intelbras router models, posing a significant threat to users in Latin America, where these devices are widely deployed.
Analyst Comments: If the exploit is legitimate, it represents a serious risk for residential and small business networks relying on Intelbras hardware, particularly in Brazil and other South American countries. The price tag and presentation suggest it could be used in targeted cybercrime or espionage campaigns. Given the history of IoT and router exploitation in botnet operations like Mirai and Mozi, this vulnerability could also be weaponized for large-scale DDoS attacks or network foothold operations. A swift vendor response and possible firmware update will mitigate the threat.
FROM THE MEDIA: The exploit, which the seller claims affects several popular models, purportedly enables unauthenticated remote code execution via the device’s web interface. A sample video shared by the vendor demonstrates successful exploitation of a model WRF 240, showing complete control over the device. The listing price is $7,000, and the seller offers exclusive access to the buyer, indicating the exploit is not publicly weaponized. Intelbras has not yet confirmed the vulnerability or issued a statement.
READ THE STORY: GBhackers
Cyber Warfare Escalates in Israel-Iran Conflict: U.S. Warned of Retaliatory Attacks
Bottom Line Up Front (BLUF): The conflict between Israel and Iran has expanded into the cyber domain, with both nations launching sophisticated digital attacks on critical infrastructure, financial systems, and media outlets. U.S. agencies warn of potential Iranian cyber retaliation, including attacks on American utilities and internet-connected systems.
Analyst Comments: The Israel-Iran cyber exchange underscores the growing normalization of cyberattacks as a frontline tool in geopolitical conflict. Iran's capacity for retaliation—especially via cyber proxies—is substantial, with historical precedents targeting U.S. banks, water systems, and energy grids. The warnings from U.S. officials suggest that adversarial cyber operations are likely to escalate in response to kinetic events. This evolving conflict will test the resilience of civilian critical infrastructure worldwide and push cyber defense into a more explicitly geopolitical role.
FROM THE MEDIA: Iranian hackers have reportedly targeted Israeli financial institutions, media networks, and public infrastructure with disinformation and disruption campaigns. In retaliation, a pro-Israeli group known as Predatory Sparrow claimed responsibility for paralyzing Iran’s Bank Sepah, compromising cryptocurrency platform Nobitex, and leaking sensitive source code. Iran responded by shutting down internet access nationwide and instructing officials to avoid internet-connected devices. U.S. officials, including former CISA Director Jen Easterly, warned that Iranian cyber actors may now target poorly secured American infrastructure, urging organizations to heighten defenses. U.S. Cyber Command is reportedly involved in the broader conflict but has not publicly disclosed its operations.
READ THE STORY: Politico
Ransomware Attack Hits U.S. Steel Giant Nucor Corporation
Bottom Line Up Front (BLUF): Nucor Corporation, the largest steel producer in the United States, has confirmed a cyberattack that disrupted parts of its IT systems. The company disclosed the incident in an SEC filing, stating it investigates the impact and continuing operations where possible.
Analyst Comments: Nucor plays a key role in domestic steel production, and the breach could have downstream effects on supply chains, particularly in construction and defense. While the full scope of the intrusion is still under investigation, threat actors targeting industrial companies increasingly aim for maximum operational disruption to force ransom payments. Organizations in heavy industry should treat this as a reminder to reinforce segmentation between operational technology (OT) and IT networks.
FROM THE MEDIA: Nucor Corporation was recently hit by a cyberattack that compromised parts of its IT infrastructure. The incident was disclosed via a filing with the U.S. Securities and Exchange Commission (SEC), in which the company acknowledged the event and noted it had taken containment and mitigation steps. Nucor did not confirm the nature of the attack, but sources familiar with the matter suggest ransomware is the likely vector. Despite the cyber disruption, Nucor maintains certain business operations and collaborates with external cybersecurity experts and law enforcement. No threat actor group has claimed responsibility for the breach, and no data exfiltration has been confirmed.
READ THE STORY: GBhackers
Cyber and Kinetic Tensions Drive Oil Market Surge Amid Iran-Israel Escalation
Bottom Line Up Front (BLUF): Oil prices spiked following US and Israeli strikes on Iranian nuclear and military facilities, escalating regional tensions. Market analysts are closely monitoring Iran’s response, which could include cyber retaliation targeting energy infrastructure across the Middle East and beyond.
Analyst Comments: Iran has a documented history of using cyberattacks—particularly on energy and maritime sectors—as asymmetric responses to physical aggression. The oil market's sensitivity underscores how cyber threats can indirectly influence global economies before any digital retaliation materializes. As tensions rise, Western energy firms and critical infrastructure operators should prepare for potential retaliatory campaigns from Iranian APT groups.
FROM THE MEDIA: The attack, believed to be a response to Iran's advancing nuclear program, has pushed Brent crude prices up by over 3% amid fears of a broader conflict. While Iran has not publicly responded, officials and market observers are bracing for potential reprisals. Analysts caution that Iran’s countermeasures could include cyberattacks on regional or global oil infrastructure, recalling past intrusions into Saudi Aramco and Western maritime systems. The White House has called for de-escalation, but with regional cyber capabilities on alert, the risk of digital conflict remains high.
READ THE STORY: Politico
UK’s NCSC Issues Alert on ‘UMBRA-Stand’ Malware Targeting Defense and Aerospace Sectors
Bottom Line Up Front (BLUF): The UK’s National Cyber Security Centre (NCSC) has issued an alert regarding a new malware strain named UMBRA-Stand, which is actively targeting defense and aerospace organizations. The malware uses advanced evasion techniques and has been linked to a state-backed threat actor.
Analyst Comments: The emergence of UMBRA-Stand demonstrates an ongoing trend of custom malware development by sophisticated threat actors, likely linked to state-sponsored espionage. Targeting high-value sectors like defense and aerospace suggests focusing on long-term strategic intelligence gathering. UMBRA-Stand’s stealth features, including encrypted communication and sandbox evasion, point to a well-resourced actor. As cyber operations increasingly blur with geopolitical maneuvering, this malware may be part of a broader campaign aimed at disrupting or extracting sensitive military technologies.
FROM THE MEDIA: NCSC has released a security advisory concerning the UMBRA-Stand malware family. The malware is specifically crafted to infiltrate organizations in the defense and aerospace sectors, using spear-phishing emails and malicious document attachments as initial vectors. Once inside a system, UMBRA-Stand establishes persistence, evades sandbox analysis, and communicates through encrypted channels to a remote command-and-control server. The advisory notes that the malware’s design bears hallmarks of a state-sponsored advanced persistent threat (APT), although attribution has not been formally made.
READ THE STORY: GBhackers
Items of interest
Massive Infostealer Database Leak Exposes Over 10 Billion Compromised Credentials
Bottom Line Up Front (BLUF): Cybernews researchers have uncovered multiple databases containing approximately 16 billion stolen credentials compiled from infostealer malware campaigns, representing one of the largest known collections of compromised login data. While security experts debate whether this constitutes recycled data rather than fresh breaches, the leak underscores the massive scale of credential theft operations targeting users across major platforms, including Google, Apple, Microsoft, and government services.
Analyst Comments: As some experts suggest, even if portions contain recycled or inflated data, the sheer volume demonstrates how pervasive credential theft has become. The structured nature of the data—containing URLs, usernames, passwords, and metadata—indicates systematic harvesting by sophisticated malware families. Organizations must assume employee credentials are compromised and prioritize zero-trust architectures, mandatory multi-factor authentication, and continuous credential monitoring. The leak's timing amid escalating cyber warfare activities makes it particularly concerning for critical infrastructure and government entities.
FROM THE MEDIA: The data exhibits characteristics typical of infostealer malware output, containing structured records with URLs, usernames, passwords, and associated metadata. Affected platforms span the digital ecosystem from major tech companies like Apple, Facebook, and Google to GitHub, Telegram, and various government portals. However, BleepingComputer and security firm Hudson Rock have challenged the significance of the leak, arguing it represents a compilation of previously circulated credentials rather than fresh breaches. Critics note that achieving 16 billion unique credentials would require infecting 320 million devices—an unrealistic figure given current infection trends. Despite the debate over novelty, the leak demonstrates the continued proliferation of credential theft operations that enable account takeovers, identity theft, and targeted intrusions across multiple sectors.
READ THE STORY: CyberNews
16 Billion Passwords Just Leaked... (Video)
FROM THE MEDIA: The headline-grabbing “16 billion passwords leaked” event is mostly recycled data from past breaches, not a single catastrophic hack of companies like Apple, Google, or Facebook. While the total number is accurate, much of the fear is driven by clickbait rather than confirmed threats. However, this incident is a critical reminder to practice strong cybersecurity hygiene, especially using a password manager and two-factor authentication.
Lumma Malware Stopped, Telemessage & MANY Data Leaks (Video)
FROM THE MEDIA: Microsoft and international law enforcement have taken down the notorious Lumma malware-as-a-service operation, while simultaneous U.S. indictments target Qakbot’s alleged mastermind. Meanwhile, TeleMessage leaks and massive credential exposures highlight widespread failures in digital security hygiene.
The selected stories cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in its original material or related links on its sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.