June 17, 2025
June 17, 2025
Predatory Sparrows are back
Predatory Sparrow’s past cyber attacks on Iranian steel plants and gas stations have demonstrated tangible effects in Iran. Disrupting the availability of this bank’s funds, or triggering a broader collapse of trust in Iranian banks, could have major impacts there. https://t.co/QIqFWjrA8f
— Rob Joyce (@RGB_Lights) June 17, 2025
The hacker group Predatory Sparrow (Gonjeshke Darande), which has previously claimed major cyber operations against Iranian infrastructure, said on Tuesday it carried out a cyberattack that destroyed all data at Iran’s Bank Sepah, a financial institution linked to the Islamic… pic.twitter.com/hAFMozEeLy
— Iran International English (@IranIntl_En) June 17, 2025
1.CodeBreakers emerges, hacking Sepah bank.
— Hamid Kashfi (@hkashfi) June 17, 2025
2.They demand $42M for ransom,
3. Release the most valuable chunks of records for free, while hardly pushing sponsored PR!
4.They disappear and the tg. group is gone
5.Predatory Sparrows drops in and nuke the Sepah bank.
2+2=3.14?
Thoughts
In the Iranian calendar, wages are paid on the 22nd of every month. If the bank, which has some 30 million clients, does not come back online before then, it will be unable to pay its rank and file or government employees
This explanation seems implausible. While there is a “theory of victory” here, it doesn’t fit with the reality on the ground. Delays in payments are not unusual in Iran, so even during peace time this is unlikely to have any impact on daily life. However, during war time when there is a “rally round the flag” effect, it seems unlikely that people will treat a delay in their wages as a “regime change” event.
In my opinion, given what we know right now, this is the least exciting Predatory Sparrows attack so far. Very pedestrian. “Disrupt the banks. Announce on Twitter.” 3/10, would not recommend.
Large Language Model agents are vulnerable to prompt injection attacks that hijack tool use and leak data.
— Rohan Paul (@rohanpaul_ai) June 15, 2025
The paper proposes six design patterns that restrict where untrusted text can act, giving resistance without crippling usefulness.
⚙️ The Core Concepts
Prompt injection… pic.twitter.com/95FbXqk3K8
Sharing my custom Amsi bypass that I kept private for a while, it patches AmsiOpenSession and is currently not detected by Defender.https://t.co/hum69V7K7u#penetrationtesting
— LainKusanagi (@unknownseeker99) June 16, 2025
Dropping new research - this time on recent #XDSpy operations. Out of hundreds of LNK files leveraging ZDI-CAN-25373, we isolated a tiny cluster using an additional LNK parsing trick, leading us to uncover a multi-stage infection chain actively targeting government entities pic.twitter.com/lHpWBs92u1
— Ariel Jungheit (@ArielJT) June 16, 2025
Thread by @ArielJT on Thread Reader App – Thread Reader App
@ArielJT: Dropping new research - this time on recent #XDSpy operations. Out of hundreds of LNK files leveraging ZDI-CAN-25373, we isolated a tiny cluster using an additional LNK parsing trick, leading us to uncover ...…
Another excellent post by prof Misra on the hard information theoretic limits of AI, including:
— martin_casado (@martin_casado) June 16, 2025
- limits to long term agentic behavior
- limits to long term reasoning
- limits to self improvement pic.twitter.com/JMUyOnql3E
https://www.darkreading.com/threat-intelligence/hacking-hackers-bad-guys-guard-down
Ransomware gang rolled up in casino crackdown
https://www.khaosodenglish.com/news/2025/06/17/pattaya-hotel-raid-uncovers-gambling-den-chinese-ransomware-ring/Group 3 – Ransomware Scammers: 6 Chinese nationals operating from the 8th floor, working online to send malicious links to Chinese companies for ransomware deployment. Computer evidence showed they were paid employees distributing links to release ransomware.
They were charged with being members of a criminal organization with concealed methods and illegal purposes, plus working without permits. Authorities seized 9 laptop computers and 15 mobile phones.
Thoughts
To me, the interesting part here is that this team of people were just employees doing ransomware distribution. There is blue collar cybercrime!