CYFIRMA: Cybersecurity Dossier - August 25, 2025

Threat Actor in FocusShinyHunters – Advanced Sophistication Techniques and Potential Collaboration with Scattered Spider

ShinyHunters is a prominent cybercriminal group, active since at least 2020, and primarily motivated by financial gains. The group has been associated with multiple high-profile data breaches impacting organizations worldwide. Their operations typically involve exploiting security vulnerabilities, and advanced social engineering attacks to gain unauthorized access to corporate databases. Following intrusion, they systematically exfiltrate sensitive information, including personally identifiable information (PII), login credentials, and financial records. READ MORE

Lazarus Stealer : Android Malware for Russian Bank Credential Theft Through Overlay and SMS Manipulation

At CYFIRMA, we deliver actionable intelligence on emerging cyber threats impacting both individuals and organizations. This report analyzes a sophisticated Android banking malware known as “Lazarus Stealer” not to be mistaken for the DPRK-linked Lazarus Group. The name “Lazarus Stealer” stems solely from how it is labeled in its control panel by the developer and bears no relation to the nation-state actor. Disguised as a harmless application called “GiftFlipSoft“, the malware specifically targets multiple Russian banking apps, extracting card numbers, PINs, and other sensitive credentials. READ MORE

EXECUTIVE THREAT LANDSCAPE REPORT : SAUDI ARABIA

Why Do Cyber Threat Actors Target Saudi Arabia? Energy Superpower: As the world’s largest oil exporter, any disruption to Saudi energy assets can ripple across global markets, making them a high-value target for both state-sponsored and financially motivated attackers. Geopolitical Positioning: Its leadership role in the Gulf, close ties to Western allies, and rivalry with Iran place it at the center of cyber operations from adversarial nation-states and proxy groups. Vision 2030 & Digital Expansion: The accelerated shift toward smart cities, e-government, and digital finance increases the attack surface, especially in sectors like defense, finance, and infrastructure. READ MORE

CYFIRMA INDUSTRY REPORT : GOVERNMENT & CIVIC

Welcome to the CYFIRMA infographic industry report, where we delve into the external threat landscape of the government & civic organizations over the past three months. This report provides valuable insights and data-driven statistics, delivering a concise analysis of attack campaigns, phishing telemetry, and ransomware incidents targeting the government & civic sectors. We aim to present an industry-specific overview in a convenient, engaging, and informative format. Leveraging our cutting-edge platform telemetry and the expertise of our analysts, we bring you actionable intelligence to stay ahead in the cybersecurity landscape. READ MORE

Ransomware of the Week

CYFIRMA Research and Advisory Team has found Charon Ransomware while monitoring various underground forums as part of our Threat Discovery Process. Researchers identified a new ransomware variant named Charon, which demonstrates a technically consistent encryption-and-renaming cycle across compromised environments. Once executed, the malware traverses local and shared directories, systematically encrypting accessible files with strong cryptographic algorithms. To mark its activity and prevent redundant operations, each locked file is appended with the distinctive “.Charon” extension. READ MORE

Trending Malware of the Week

This week “PhantomCard” is trending. Researchers uncovered PhantomCard, a newly emerging Android banking trojan in Brazil that exploits NFC technology to steal payment card information. Masquerading as a fake “Card Protection” app on counterfeit Google Play pages with fabricated reviews, once installed, it secretly relays sensitive information from victims’ cards to cybercriminals for fraudulent transactions. The campaign is linked to the “Go1ano developer” threat actor, known for distributing Android malware in Brazil, who recently promoted a tool called GHOST NFC CARD. READ MORE

CYFIRMA is a threat discovery and cyber-intelligence company with the world’s first platform that can deliver predictive cyber-intelligence. We combine cyber-intelligence with attack surface discovery and digital risk protection to deliver early warning, personalized, contextual, outside-in, and multi-layered insights. We have built the next generation of AI-powered threat intelligence platform called External Threat Landscape Management (ETLM) to provide cyber defenders with the hacker’s view to help clients prepare for impending attacks.

SCHEDULE A DEMO HERE

Visit www.cyfirma.com