{"id":11298,"date":"2025-01-29T09:57:26","date_gmt":"2025-01-29T09:57:26","guid":{"rendered":"\/cybersecurity-blog\/?p=11298"},"modified":"2025-01-29T09:58:26","modified_gmt":"2025-01-29T09:58:26","slug":"cyber-attacks-january-2025","status":"publish","type":"post","link":"https:\/\/any.run\/cybersecurity-blog\/cyber-attacks-january-2025\/","title":{"rendered":"3 Major Cyber Attacks in January 2025"},"content":{"rendered":"\n<p>Our cyber threat analysts detected and explored a number of malware campaigns this January. Here are the three most dangerous attacks dissected with the aid of <a href=\"https:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=cyber_attacks_jan_25&amp;utm_term=290125&amp;utm_content=linktolanding\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN\u2019s Interactive Sandbox<\/a> and <a href=\"https:\/\/any.run\/cybersecurity-blog\/introducing-any-run-threat-intelligence-lookup\/\" target=\"_blank\" rel=\"noreferrer noopener\">Threat Intelligence Lookup<\/a>.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Fake YouTube links redirect users to phishing pages&nbsp;<\/h2>\n\n\n\n<p><a href=\"https:\/\/x.com\/anyrun_app\/status\/1877364257496473802\" target=\"_blank\" rel=\"noreferrer noopener\"><em>Original post on X<\/em><\/a><em><\/em>&nbsp;<\/p>\n\n\n\n<p>Using the Uniform Resource Identifier authority (URI), phishers obfuscate links and place a legitimate resource address, like http:\/\/youtube, at the beginning of URLs to deceive users and make the link appear authentic and safe.&nbsp;&nbsp;&nbsp;<\/p>\n\n\n\n<p>Not just YouTube is getting abused. We\u2019ll keep monitoring and sharing the details with you, so your company can make effective decisions to address the threat.&nbsp;<\/p>\n\n\n\n<p>Watch how the attack unveils in our Interactive Sandbox and gather <a href=\"https:\/\/any.run\/cybersecurity-blog\/indicators-of-compromise\/\" target=\"_blank\" rel=\"noreferrer noopener\">IOCs<\/a> for setting up your security systems.&nbsp;<br>&nbsp;<br><a href=\"https:\/\/app.any.run\/tasks\/ace1b2b4-1c1a-4669-a3fc-231d473bc3b9\/\" target=\"_blank\" rel=\"noreferrer noopener\">View analysis<\/a><\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"565\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/01\/image5-3-1024x565.png\" alt=\"\" class=\"wp-image-11299\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/01\/image5-3-1024x565.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/01\/image5-3-300x165.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/01\/image5-3-768x423.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/01\/image5-3-1536x847.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/01\/image5-3-2048x1129.png 2048w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/01\/image5-3-370x204.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/01\/image5-3-270x149.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/01\/image5-3-740x408.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Opening a letter with a phishing link in the sandbox<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>Use this search request in TI Lookup to find more sandbox sessions and enforce the protection of your business by fine-tuning malware detection in your network: &nbsp;<br>&nbsp;<br><a href=\"https:\/\/intelligence.any.run\/analysis\/lookup\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=cyber_attacks_jan_25&amp;utm_term=290125&amp;utm_content=linktolookup#%257B%2522query%2522:%2522commandLine:%255C%2522youtube.com%2525%255C%2522%2522,%2522dateRange%2522:180%257D\" target=\"_blank\" rel=\"noreferrer noopener\">commandLine:&#8221;youtube.com%&#8221;<\/a>&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"486\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/01\/image2-3-1024x486.png\" alt=\"\" class=\"wp-image-11300\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/01\/image2-3-1024x486.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/01\/image2-3-300x142.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/01\/image2-3-768x364.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/01\/image2-3-1536x729.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/01\/image2-3-370x175.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/01\/image2-3-270x128.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/01\/image2-3-740x351.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/01\/image2-3.png 1655w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Sandbox analyses featuring malicious pseudo-YouTube links<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<ul class=\"wp-block-list\">\n<li>Technically, the URI Scheme replaces the userinfo field (user:pass) with a domain name: foo:\/\/ &lt;user:pass&gt; @ domain . Zone.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Storm 1747 domain infrastructure \u2014 checkers, redirectors and main pages \u2014 has a standard template for Tycoon 2FA phishkit installed.&nbsp;&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>The technique of replacing user info is also employed by various other phishing kits, such as Mamba 2FA and EvilProxy.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>To study the behavior and indicators of all these malware samples, use ANY.RUN\u2019s Interactive Sandbox.&nbsp;&nbsp;<\/p>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\n\nAnalyze malicious files and URLs <br>with ANY.RUN&#8217;s <span class=\"highlight\">Interactive Sandbox<\/span>&nbsp;\n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/any.run\/demo\/?utm_source=anyrunblog&#038;utm_medium=article&#038;utm_campaign=cyber_attacks_jan_25&#038;utm_term=290125&#038;utm_content=linktodemo\" rel=\"noopener\" target=\"_blank\">\nGet 14-day trial\n<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<h2 class=\"wp-block-heading\">Phishers use fake online shops with surveys to steal credit card information&nbsp;<\/h2>\n\n\n\n<p><a href=\"https:\/\/x.com\/anyrun_app\/status\/1879883672263803060\" target=\"_blank\" rel=\"noreferrer noopener\">Original post on X<\/a>&nbsp;<\/p>\n\n\n\n<p>The new phishing scheme we named FoxWhoops targets American e-commerce customers with fake sites promising a reward for completing a survey&nbsp;<\/p>\n\n\n\n<p>The attack utilizes a system of checks. Users who fail them are sent to a Fox News RSS page or a page with a \u2018Whoops!\u2019 image. Those who pass the checks are offered to enter their bank card info to purchase the \u2018reward\u2019 at a discount. &nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"576\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/01\/image3-3-1024x576.png\" alt=\"\" class=\"wp-image-11301\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/01\/image3-3-1024x576.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/01\/image3-3-300x169.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/01\/image3-3-768x432.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/01\/image3-3-1536x864.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/01\/image3-3-2048x1152.png 2048w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/01\/image3-3-370x208.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/01\/image3-3-270x152.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/01\/image3-3-740x416.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>The attack\u2019s algorithm with successful and fail outcomes<\/em><\/figcaption><\/figure><\/div>\n\n\n<p>&nbsp;<br>A number of examples of such attacks have been submitted in our sandbox:&nbsp;&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/browses\/566dac16-0dee-4343-9dc7-ad9e6c71a780\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=cyber_attacks_jan_25&amp;utm_term=290125&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Fake Market<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/e5bab257-0de4-4ef9-801e-756b88598649\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=cyber_attacks_jan_25&amp;utm_term=290125&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">FoxNews RSS<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/28b68210-807f-4beb-bd6c-720fc0c61f8f\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=cyber_attacks_jan_25&amp;utm_term=290125&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Whoops!<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>Checks and redirects:&nbsp;&nbsp;<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>A script detects scanning by Google, Bing, Baidu, DuckDuckGo, etc.<\/li>\n\n\n\n<li>If the first check is passed, the script triggers a redirect&nbsp;<\/li>\n\n\n\n<li>If the second check is passed, the user is redirected to a phishing page with a fake online shop payment form&nbsp;<\/li>\n\n\n\n<li>If the first check fails, the user is redirected to a Fox News RSS feed&nbsp;&nbsp;<\/li>\n\n\n\n<li>If the second check fails, the \u2018Whoops\u2019 page is displayed. &nbsp;<\/li>\n<\/ol>\n\n\n\n<p>Possible attack scenarios based on these steps:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Phishing scenario: 1 \u2192 2 \u2192 3. <\/strong>A phishing survey with a \u2018reward\u2019 after a small payment in a fake store. Credit card info stolen.&nbsp;<\/li>\n\n\n\n<li><strong>Evasion scenario: 1 \u2192 4. <\/strong>If the victim fails the first check, they are redirected to what appears to be a Fox News RSS feed. The URL includes a \u2018q\u2019 parameter that specifies the reason for the redirect, such as:&nbsp;&nbsp;&#8220;<em>IP provider is blacklisted! ASN-CXA-ALL-CCI-22773-RDC<\/em>&#8220;.&nbsp;<\/li>\n\n\n\n<li><strong>Placeholder scenario: 1 \u2192 2 \u2192 5. <\/strong>Users are shown a placeholder page.&nbsp;&nbsp;<\/li>\n<\/ul>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"508\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/01\/image6-2-1024x508.png\" alt=\"\" class=\"wp-image-11302\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/01\/image6-2-1024x508.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/01\/image6-2-300x149.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/01\/image6-2-768x381.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/01\/image6-2-1536x762.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/01\/image6-2-2048x1016.png 2048w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/01\/image6-2-370x183.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/01\/image6-2-270x134.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/01\/image6-2-740x367.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>FoxWhoops attack on the invasion scenario runs in the sandbox<\/em><\/figcaption><\/figure><\/div>\n\n\n<p>Examine the attack\u2019s mechanics to facilitate employee security training in your organization and prevent social engineering attempts with ANY.RUN\u2019s Sandbox!&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">A SystemBC client is targeting Linux-based platforms<\/h2>\n\n\n\n<p><a href=\"https:\/\/x.com\/anyrun_app\/status\/1884207667058463188\" target=\"_blank\" rel=\"noreferrer noopener\"><em>Original post on X<\/em><\/a><em><\/em>&nbsp;<\/p>\n\n\n\n<p>The <a href=\"https:\/\/any.run\/cybersecurity-blog\/linux-malware-analysis-sandbox\/\" target=\"_blank\" rel=\"noreferrer noopener\">Linux<\/a> version of <a href=\"https:\/\/any.run\/malware-trends\/systembc\" target=\"_blank\" rel=\"noreferrer noopener\">SystemBC<\/a> proxy implant is potentially designed for internal corporate services. It is commonly used to target corporate networks, cloud servers, and even IoT devices.&nbsp;<\/p>\n\n\n\n<p>This <a href=\"https:\/\/any.run\/malware-trends\/rat\" target=\"_blank\" rel=\"noreferrer noopener\">Remote Access Trojan <\/a>is designed to maintain encrypted communication with C2 servers, using the same custom protocol, ensuring connection to a unified infrastructure of both Windows and Linux implants.&nbsp; &nbsp;<\/p>\n\n\n\n<p>A proxy implant within a victim&#8217;s infrastructure is a crucial tool for attackers, allowing for lateral movement and pivoting without deploying additional detectable tools, further evading detection on the host.&nbsp;<\/p>\n\n\n\n<p>This version is more stealthy and far more dangerous. Samples do not have clear family detection by security vendors.&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/app.any.run\/tasks\/63a3a89a-6f81-4960-9289-f8fd1e7a698a\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=cyber_attacks_jan_25&amp;utm_term=290125&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Take a look<\/a> at the Linux version analysis in the sandbox: &nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"800\" height=\"448\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/01\/image7-2.png\" alt=\"\" class=\"wp-image-11303\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/01\/image7-2.png 800w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/01\/image7-2-300x168.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/01\/image7-2-768x430.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/01\/image7-2-370x207.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/01\/image7-2-270x151.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/01\/image7-2-740x414.png 740w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><figcaption class=\"wp-element-caption\"><em>SystemBC sandbox session with a Suricata rule triggered<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>To respond effectively, use ANY.RUN\u2019s Linux virtual machine and quickly detect malicious communication with in-depth network traffic insights, powered by advanced Suricata rules from our experts.&nbsp;<\/p>\n\n\n\n<!-- CTA Split START -->\n<div class=\"cta-split\">\n<div class=\"cta__split-left\">\n\n<!-- Image -->\n<img decoding=\"async\" loading=\"lazy\" src=\"https:\/\/mcusercontent.com\/663b94f19348582a8dc323efe\/images\/0d88188b-3e89-2314-5a60-cb87e8077326.png\" alt=\"ANY.RUN cloud interactive sandbox interface\" class=\"cta__split-icon\" \/>\n<\/div>\n\n<div class=\"cta__split-right\">\n<div>\n\n<!-- Heading -->\n<h3 class=\"cta__split-heading\"><br>Major Attacks in December 2024<\/h3>\n\n<!-- Text -->\n<p class=\"cta__split-text\">\nLearn about <span class=\"highlight\">phishing attacks<\/span> leveraging Microsoft&#8217;s Azure and OneDrive services and discover details on the LogoKit phish kit.\n<br \/>\n<\/p>\n<\/div>\n<!-- CTA Link -->\n<a target=\"_blank\" rel=\"noopener\" id=\"article-banner-split\" href=\"https:\/\/any.run\/cybersecurity-blog\/cyber-attacks-december-2024\/\"><div class=\"cta__split-link\">See details<\/div><\/a>\n<\/div>\n<\/div>\n<!-- CTA Split END -->\n<!-- CTA Split Styles START -->\n<style>\n.cta-split {\noverflow: hidden;\nmargin: 3rem 0;\ndisplay: grid;\njustify-items: center;\nborder-radius: 0.5rem;\nwidth: 100%;\nmin-height: 25rem;\ngrid-template-columns: repeat(2, 1fr);\nborder: 1px solid rgba(75, 174, 227, 0.32);\nfont-family: 'Catamaran Bold';\n}\n\n.cta__split-left {\ndisplay: flex;\nalign-items: center;\njustify-content: center;\nheight: 100%;\nwidth: 100%;\nbackground-color: #161c59;\nbackground-position: center center;\nbackground: rgba(32, 168, 241, 0.1);\n}\n\n.cta__split-icon { \nwidth: 100%;\nheight: auto;\nobject-fit: contain;\nmax-width: 100%;\n}\n\n.cta__split-right {\ndisplay: flex;\nflex-direction: column;\njustify-content: space-between;\npadding: 2rem;\n}\n\n.cta__split-heading { font-size: 1.5rem; }\n\n.cta__split-text {\nmargin-top: 1rem;\nfont-family: Lato, Roboto, sans-serif;\n}\n\n.cta__split-link {\npadding: 0.5rem 1rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: white;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\ndisplay: block;\nz-index: 1000;\nposition: relative;\ncursor: pointer !important;\n}\n\n.cta__split-link:hover {\nbackground-color: #68CBFF;\ncolor: white;\ncursor: pointer;\n}\n\n.highlight { color: #ea2526;}\n\n\n\/* Mobile styles START *\/\n@media only screen and (max-width: 768px) {\n\n.cta-split {\ngrid-template-columns: 1fr;\nmin-height: auto;\n}\n\n.cta__split-left {\nheight: auto;\nmin-height: 10rem;\n}\n\n\n.cta__split-left, .cta__split-right {\nheight: auto;\n}\n\n.cta__split-heading { font-size: 1.2rem; }\n\n.cta__split-text { font-size: 1rem; }\n.cta__split-icon {\nmax-height: auto;\nobject-fit: cover;\n}\n\n}\n\/* Mobile styles END *\/\n<\/style>\n<!-- CTA Split Styles END -->\n\n\n\n<h2 class=\"wp-block-heading\">Conclusion&nbsp;<\/h2>\n\n\n\n<p>The cyber threat landscape this January was marked by sophisticated and varied attack strategies targeting individuals and organizations alike. From phishing schemes exploiting trusted platforms to deceptive fake online shops, hackers demonstrated increasing ingenuity and adaptability.&nbsp;<\/p>\n\n\n\n<p>Organizations must remain vigilant and proactive by leveraging tools such as <a href=\"https:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=cyber_attacks_jan_25&amp;utm_term=290125&amp;utm_content=linktolanding\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN\u2019s Interactive Sandbox<\/a> and Threat Intelligence Lookup to identify and analyze threats in real time. Staying informed and prepared is the key to safeguarding critical assets in this ever-changing digital battlefield.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">About ANY.RUN<\/h2>\n\n\n\n<p><a href=\"https:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=cyber_attacks_jan_25&amp;utm_term=290125&amp;utm_content=linktolanding\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN<\/a> helps more than 500,000 cybersecurity professionals worldwide. Our interactive sandbox simplifies malware analysis of threats that target both Windows and Linux systems. Our threat intelligence products, <a href=\"https:\/\/any.run\/cybersecurity-blog\/introducing-any-run-threat-intelligence-lookup\/\" target=\"_blank\" rel=\"noreferrer noopener\">TI Lookup<\/a>, <a href=\"https:\/\/any.run\/cybersecurity-blog\/yara-search\/\" target=\"_blank\" rel=\"noreferrer noopener\">YARA Search<\/a>, and <a href=\"https:\/\/any.run\/cybersecurity-blog\/threat-intelligence-feeds\/\" target=\"_blank\" rel=\"noreferrer noopener\">Feeds<\/a>, help you find IOCs or files to learn more about the threats and respond to incidents faster.<\/p>\n\n\n\n<p><a href=\"https:\/\/any.run\/demo\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=cyber_attacks_jan_25&amp;utm_term=290125&amp;utm_content=linktodemo\" target=\"_blank\" rel=\"noreferrer noopener\">Request free trial of ANY.RUN&#8217;s services \u2192<\/a>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Our cyber threat analysts detected and explored a number of malware campaigns this January. Here are the three most dangerous attacks dissected with the aid of ANY.RUN\u2019s Interactive Sandbox and Threat Intelligence Lookup.&nbsp; Fake YouTube links redirect users to phishing pages&nbsp; Original post on X&nbsp; Using the Uniform Resource Identifier authority (URI), phishers obfuscate links [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":11314,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8],"tags":[57,10,34,40],"class_list":["post-11298","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-malware-analysis","tag-anyrun","tag-cybersecurity","tag-malware-analysis","tag-malware-behavior"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.10 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>3 Major Cyber Attacks in January 2025 - ANY.RUN&#039;s Cybersecurity Blog<\/title>\n<meta name=\"description\" content=\"Discover three cyberattacks in January 2025 analyzed with the help of ANY.RUN&#039;s Interactive Sandbox and TI Lookup.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/any.run\/cybersecurity-blog\/cyber-attacks-january-2025\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"ANY.RUN\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/cyber-attacks-january-2025\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/cyber-attacks-january-2025\/\"},\"author\":{\"name\":\"ANY.RUN\",\"@id\":\"https:\/\/any.run\/\"},\"headline\":\"3 Major Cyber Attacks in January 2025\",\"datePublished\":\"2025-01-29T09:57:26+00:00\",\"dateModified\":\"2025-01-29T09:58:26+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/cyber-attacks-january-2025\/\"},\"wordCount\":950,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"keywords\":[\"ANYRUN\",\"cybersecurity\",\"malware analysis\",\"malware behavior\"],\"articleSection\":[\"Malware Analysis\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/cyber-attacks-january-2025\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/cyber-attacks-january-2025\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/cyber-attacks-january-2025\/\",\"name\":\"3 Major Cyber Attacks in January 2025 - ANY.RUN&#039;s Cybersecurity Blog\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/\"},\"datePublished\":\"2025-01-29T09:57:26+00:00\",\"dateModified\":\"2025-01-29T09:58:26+00:00\",\"description\":\"Discover three cyberattacks in January 2025 analyzed with the help of ANY.RUN's Interactive Sandbox and TI Lookup.\",\"breadcrumb\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/cyber-attacks-january-2025\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/cyber-attacks-january-2025\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/cyber-attacks-january-2025\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Malware Analysis\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/category\/malware-analysis\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"3 Major Cyber Attacks in January 2025\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN&#039;s Cybersecurity Blog\",\"description\":\"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.\",\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/any.run\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"url\":\"https:\/\/any.run\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"contentUrl\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"width\":1,\"height\":1,\"caption\":\"ANY.RUN\"},\"image\":{\"@id\":\"https:\/\/any.run\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/www.any.run\/\",\"https:\/\/twitter.com\/anyrun_app\",\"https:\/\/www.linkedin.com\/company\/30692044\",\"https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\"caption\":\"ANY.RUN\"},\"url\":\"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"3 Major Cyber Attacks in January 2025 - ANY.RUN&#039;s Cybersecurity Blog","description":"Discover three cyberattacks in January 2025 analyzed with the help of ANY.RUN's Interactive Sandbox and TI Lookup.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/any.run\/cybersecurity-blog\/cyber-attacks-january-2025\/","twitter_misc":{"Written by":"ANY.RUN","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/any.run\/cybersecurity-blog\/cyber-attacks-january-2025\/#article","isPartOf":{"@id":"https:\/\/any.run\/cybersecurity-blog\/cyber-attacks-january-2025\/"},"author":{"name":"ANY.RUN","@id":"https:\/\/any.run\/"},"headline":"3 Major Cyber Attacks in January 2025","datePublished":"2025-01-29T09:57:26+00:00","dateModified":"2025-01-29T09:58:26+00:00","mainEntityOfPage":{"@id":"https:\/\/any.run\/cybersecurity-blog\/cyber-attacks-january-2025\/"},"wordCount":950,"commentCount":0,"publisher":{"@id":"https:\/\/any.run\/"},"keywords":["ANYRUN","cybersecurity","malware analysis","malware behavior"],"articleSection":["Malware Analysis"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/any.run\/cybersecurity-blog\/cyber-attacks-january-2025\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/any.run\/cybersecurity-blog\/cyber-attacks-january-2025\/","url":"https:\/\/any.run\/cybersecurity-blog\/cyber-attacks-january-2025\/","name":"3 Major Cyber Attacks in January 2025 - ANY.RUN&#039;s Cybersecurity Blog","isPartOf":{"@id":"https:\/\/any.run\/"},"datePublished":"2025-01-29T09:57:26+00:00","dateModified":"2025-01-29T09:58:26+00:00","description":"Discover three cyberattacks in January 2025 analyzed with the help of ANY.RUN's Interactive Sandbox and TI Lookup.","breadcrumb":{"@id":"https:\/\/any.run\/cybersecurity-blog\/cyber-attacks-january-2025\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/any.run\/cybersecurity-blog\/cyber-attacks-january-2025\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/any.run\/cybersecurity-blog\/cyber-attacks-january-2025\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/any.run\/cybersecurity-blog\/"},{"@type":"ListItem","position":2,"name":"Malware Analysis","item":"https:\/\/any.run\/cybersecurity-blog\/category\/malware-analysis\/"},{"@type":"ListItem","position":3,"name":"3 Major Cyber Attacks in January 2025"}]},{"@type":"WebSite","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/","name":"ANY.RUN&#039;s Cybersecurity Blog","description":"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.","publisher":{"@id":"https:\/\/any.run\/"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/any.run\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/any.run\/","name":"ANY.RUN","url":"https:\/\/any.run\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","contentUrl":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","width":1,"height":1,"caption":"ANY.RUN"},"image":{"@id":"https:\/\/any.run\/"},"sameAs":["https:\/\/www.facebook.com\/www.any.run\/","https:\/\/twitter.com\/anyrun_app","https:\/\/www.linkedin.com\/company\/30692044","https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ"]},{"@type":"Person","@id":"https:\/\/any.run\/","name":"ANY.RUN","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","caption":"ANY.RUN"},"url":"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/"}]}},"_links":{"self":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/11298"}],"collection":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/comments?post=11298"}],"version-history":[{"count":13,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/11298\/revisions"}],"predecessor-version":[{"id":11319,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/11298\/revisions\/11319"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media\/11314"}],"wp:attachment":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media?parent=11298"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/categories?post=11298"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/tags?post=11298"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}