CyberNews

Security analysts have tracked a sophisticated ransomware campaign by the “Fog” group, which targets financial institutions using a stealthy tactic: weaponising legitimate IT and cybersecurity tools. Instead of deploying obvious malware, the attackers rely on trusted applications to move laterally, gather intelligence, and launch their ransomware payloads.

The campaign leveraged penetration testing frameworks, such as Cobalt Strike and Brute Ratel, along with commercially available employee-monitoring software, including NetMonitor and ActivTrak. These tools, commonly used for red-teaming or compliance tracking, were repurposed to exfiltrate data and establish persistence in compromised environments.

By blending into normal IT activity, Fog operatives successfully evaded traditional endpoint detection and security alerting. The use of widely whitelisted tools gave them the advantage of stealth, while data exfiltration before encryption indicated a dual-motive operation, monetary ransom and strategic espionage.

Most victims were concentrated in financial hubs across Southeast Asia, with reports suggesting attackers spent days to weeks inside networks before triggering ransomware deployment. This campaign underscores the rising threat of “tool hijacking”, where the line between benign and malicious activity is increasingly blurred. Financial institutions and security teams must re-evaluate how trusted tools are deployed and monitored, implementing stricter access policies, real-time behaviour analytics, and segmentation controls to stay ahead.

In May 2025, Adidas confirmed a data breach that exposed customer contact details through a third-party service provider. The compromised data was limited to information related to individuals who had previously interacted with the brand's customer service desk. Thankfully, no passwords or financial information were involved.

Initial access appears to have been gained through an unauthorised external actor exploiting weaknesses in a vendor-integrated support platform, a recurring weak link in today’s interconnected digital supply chains. The breach reflects a growing pattern where attackers sidestep enterprise-grade protections by pivoting through third parties with softer defences.

Adidas responded with containment measures and brought in security experts for an investigation, but specifics around the initial breach timeline or the scope of impacted records remain unclear. The company is in the process of notifying affected individuals and engaging regulators.

This incident follows a worrying trend in the retail sector, with M&S and Co-op suffering similar attacks recently, signalling that threat actors are now increasingly targeting retail operations not just for payment data, but also for system disruption and information that can aid social engineering.

The US Defence Intelligence Agency (DIA) has released its 2025 Threat Assessment, painting a grim but clear picture: cyber warfare is not on the rise — it's already here, and it’s evolving fast.

Key findings:

• China is digging deep into U.S. government networks, stealing data and intellectual property while laying the groundwork for critical infrastructure attacks.

• Russia is relentless in its espionage, with both state and non-state actors probing U.S. water and energy systems, think SVR on Microsoft-level targets.

• North Korea is treating cybercrime as a revenue stream, combining crypto theft and ransomware with military-grade espionage aimed at defense and aerospace.

• Iran is turning up the volume on cyberattacks, especially targeting Israel, with AI-fueled tactics adding new layers of complexity.

Advanced tech isn’t just shaping innovation, it’s redefining how adversaries wage digital war. Defensive postures must shift from reactive to preemptive if nations hope to keep up.