February has been another busy month, as cyber threats target everything from critical infrastructure to personal data. This month, we witnessed a rise in sophisticated campaigns leveraging trusted platforms like LinkedIn, GitHub, and even AI tools like ChatGPT.
As attacks get smarter, they are becoming more covert and difficult to detect, affecting both individuals and businesses. In this month’s roundup, we’ll highlight some of the most significant recent cyber incidents.
Cybercriminals exploit LinkedIn job offers to target professionals
Cybercriminals increasingly use LinkedIn as a hunting ground, luring victims with fake job offers to spread malware and steal sensitive data. Security firm Bitdefender uncovered a campaign linked to North Korea's Lazarus Group, where scammers pose as recruiters, request personal information, and trick targets into running malicious code disguised as job-related materials.
These attacks aim to steal cryptocurrency wallet credentials and infiltrate industries like defence and aviation. Experts warn LinkedIn users to stay vigilant, avoid opening unverified links or files, and verify job postings before engaging.
NHS service provider investigates suspected ransomware attack
HCRG Care Group, a private provider of NHS and local authority health services, is investigating a suspected ransomware attack following claims by a cybercrime group that sensitive data was breached. The organisation, formerly Virgin Care, has implemented containment measures and is working with forensic experts to assess the situation.
Despite the incident, HCRG has assured that patient services remain unaffected and urged individuals with appointments to continue as planned. Authorities, including the Information Commissioner, have been notified, and the investigation is ongoing.
Bybit suffers record-breaking $1.4 billion crypto hack
Cryptocurrency exchange Bybit has confirmed a massive security breach where hackers stole over $1.4 billion worth of Ethereum. The attack occurred as funds were being transferred from a secure offline wallet to an online wallet, exploiting key vulnerabilities in the transaction process. CEO Ben Zhou assured customers that other wallets remained secure and that Bybit had sufficient liquidity to cover withdrawals.
Investigators, including blockchain analysts and cybersecurity firms, are examining the breach, speculating that wallet provider Safe may have been compromised. Bybit has already secured bridge loans to recover most of the lost funds. The hack is among the largest in crypto history, following previous high-profile breaches of DeFi platforms.
UK government pressures Apple for access to encrypted user data
The UK government has formally demanded access to encrypted data stored by Apple users, invoking the Investigatory Powers Act. This law compels tech firms to share information with law enforcement, potentially overriding Apple's "Advanced Data Protection" (ADP), which prevents even the company itself from accessing user data. Apple has previously stated that it would remove such services from the UK instead of creating a "back door" for authorities.
Privacy advocates and cybersecurity experts have condemned the move, warning that it sets a dangerous precedent that authoritarian regimes could exploit. While the government insists access would only be granted in national security cases, critics argue it threatens personal privacy without significantly curbing crime. Apple can appeal but must comply with the ruling in the meantime.
Hackers use fake GitHub projects to steal Bitcoin and personal data
Cybercriminals have been exploiting GitHub by hosting fake open-source projects to steal personal and financial data, including cryptocurrency wallet credentials. Dubbed "GitVenom" by Kaspersky, the campaign has been running for at least two years, tricking users with bogus tools for Instagram automation, Telegram-based Bitcoin management, and gaming hacks. The malware embedded in these repositories has stolen bitcoins worth approximately $456,600 by hijacking clipboard wallet addresses and exfiltrating sensitive data.
The attack primarily targets users in Russia, Brazil, and Turkey, deploying information-stealing malware and remote administration tools to gain control over infected systems. Researchers warn that as platforms like GitHub remain widely used for code sharing, threat actors will continue leveraging them for malicious campaigns. Experts advise developers and users to thoroughly vet third-party code before running or integrating it into projects.
OpenAI bans accounts abusing ChatGPT for surveillance and influence campaigns
OpenAI has banned multiple accounts that misused its ChatGPT tool to create AI-driven surveillance systems, primarily targeting anti-China protests and gathering data for Chinese authorities. The campaign, codenamed Peer Review, involved monitoring social media platforms like X, Facebook, and Reddit to analyse posts and comments on sensitive topics.
Also, OpenAI disrupted several other malicious networks involved in disinformation, cybercrime, and influence operations tied to North Korea, Iran, and China. These activities highlight the growing concern over AI's role in amplifying cyber-enabled disinformation campaigns and manipulation efforts.
Onboard industry-leading cybersecurity tools
The February cybersecurity headlines are a stark reminder that the threats we face are as diverse as they are sophisticated. From targeted attacks on cryptocurrency platforms to the misuse of AI and job recruitment networks, cybercriminals are becoming increasingly creative in exploiting vulnerabilities.
It's essential that organisations and individuals stay vigilant, adopt stronger security practices, and respond swiftly to emerging threats. Here at Brigantia, we help businesses remain proactive in defending against risks and protecting themselves and their digital future.
Contact the Brigantia team to discuss our market-leading cybersecurity vendors.
Enjoyed this article? Visit our resources page to read more just like it: https://www.brigantia.com/resources
