EP 252.5 Deep Dive. The IT Privacy and Security Weekly Update for the Week Ending July 22nd., 2025 and no Trucks

A single compromised password led to the collapse of 158-year-old UK logistics firm KNP, after hackers—suspected to be the Akira gang—used it to gain access, encrypt systems, and demand a £5 million ransom. Unable to pay, the company lost all its data and folded, putting 700 employees out of work. The breach underscores how weak access controls can have catastrophic consequences.

To counter massive botnets, Google is now combining technical defenses with legal action. Its lawsuit against the “BadBox 2.0” operators marks a major shift: targeting criminals behind malware that infected over 10 million Android devices. Google’s strategy includes leveraging the CFAA and RICO Act to not just stop malware but dismantle the entire criminal infrastructure—signaling a more aggressive, litigation-driven cybersecurity era.

Meanwhile, a new malware delivery method is exploiting DNS—a common but often under-monitored network function. Attackers hide malware in DNS TXT records, break it into chunks, and reassemble it on target systems using standard DNS queries. Since DNS traffic is rarely scrutinized, this technique bypasses traditional defenses, making DNS monitoring essential for comprehensive protection.

Travelers to China face serious privacy risks. Authorities are using malware like “Massistant” to extract sensitive data from mobile phones during inspections. Developed by Chinese firm Meiya Pico, the software accesses encrypted texts, location history, and even Signal messages upon installation. Though evidence of compromise may remain, the intrusion happens before detection, raising concerns for anyone bringing devices into the country.

China has also shifted its cyberattack strategy by outsourcing operations to private firms. These companies now discover and sell zero-day vulnerabilities to government agencies. This model, which evolved from loosely affiliated hacker groups, blurs the line between state and private enterprise, making attribution difficult. As a result, China-linked hackers increasingly infiltrate U.S. critical infrastructure while masking their origins, and exposure alone no longer seems to deter them.

In response to national security concerns, Microsoft has removed China-based engineers from U.S. military cloud projects. A ProPublica investigation revealed their prior involvement, prompting a Pentagon ban on such support. Previously, Chinese engineers worked under U.S. supervision, a practice now deemed too risky for defense-related systems.

Microsoft’s SharePoint is also under siege. Chinese state actors exploited a critical flaw dubbed “ToolShell” to compromise at least 54 organizations, including those in critical infrastructure. The attack allowed for deep system access, extraction of encryption keys, and installation of web shells—despite prior patches. The incident stresses the need for rapid patching and vigilance, even on widely used enterprise platforms.

Cyberwarfare is influencing real-world military dynamics. Ukrainian cyber operatives claim to have digitally crippled a major Russian drone manufacturer, deleting 47TB of production data and disabling access systems. Allegedly backed by military intelligence, the attack highlights how digital sabotage can directly disrupt military production and reshape conflict outcomes. Code is now as consequential as conventional weapons on the modern battlefield.