What'd I Miss? April 18-20, 2025

The Sherpa Intelligence Weekend News Roundup

This Information Security and Data Privacy news roundup includes items from Friday through Sunday, so that you can hit the ground running on Monday morning.

These news roundups are not comprehensive and focus on news that may have been overlooked or under reported, and from lesser-known sources like local press.

This Sherpa Intelligence newsletter is curated by Tracy Z. Maleeff (aka InfoSecSherpa) and is just the tip of the iceberg of the research, OSINT, and information security research services we provide.

---

Friday, April 18 - Sunday, April 20, 2025

---

---

Friday, April 18th

1. Ahold Delhaize confirms data theft in U.S. systems following November cyberattack
   (Teiss)
   - Multinational food retail conglomerate Ahold Delhaize has confirmed that data was stolen from its U.S. business systems during a cyberattack that was initially disclosed on November 8, 2024.
   - INC Ransom has been actively targeting U.S.-based organizations, with cybersecurity researchers tracking one of its members—known as "Vanilla Tempest" by Microsoft—as being responsible for several recent high-profile attacks.

2. Seoul mobilizes national cyber defenses amid surge in AI-driven attacks
   (Indo-Pacific Defense Forum)
   - Republic of Korea (South Korea) is implementing strategies outlined in its National Cybersecurity Strategy and National Cybersecurity Basic Plan, both introduced in 2024, to protect its critical infrastructure, financial systems and national defense from escalating digital threats.

3. What other countries can learn from cyber Netherlands
   (Innovation Origins)
   - A recent report by cyber security company Okta states that the Netherlands has made significant progress in detecting digital threats over the past year.
   - The Netherlands also has a strong community in the field of cybersecurity. Jordens continues: ”There is a lot of cooperation and knowledge sharing between companies and experts.

   ---

Saturday, April 19th

1. AI-Driven Cyber Espionage: Navigating the Rising Threat
   (Grey Dynamics)
   - Artificial Intelligence is redefining the landscape of cyber espionage, equipping both attackers and defenders with unprecedented capabilities.
   - Effectively confronting this growing threat requires a multifaceted response. We need advanced AI security tools, stronger international cooperation, improved public awareness, and a firm commitment to ethical responsibility.

2. Nepal’s Digital Frontier: How Safe Are We from Cyber Attacks?
   (Nepal Republic Media)
   - Government of Nepal released advisory notes on January 21, 2025, with the goal of strengthening cybersecurity and protecting IT-related materials and equipment, which signaled a rising awareness of the country's vulnerabilities and emphasized the significance of cyber safety.
   - Three major obstacles stand in the way of Nepal's cybersecurity progress: implementing the National Cyber Security Policy (NCSP), preventing IT corruption, and closing the skills gap.

3. Report highlights growing cyber risks to aviation
   (Geneva Internet Platform DigWatch)
   - Aviation cybersecurity remains under pressure as legacy systems struggle to meet rising demand, with recent disruptions highlighting vulnerabilities even without direct cyberattacks and amid a series of cybersecurity incidents affecting related infrastructure.
   - Foundation for Defense of Democracies report- Turbulence Ahead: Navigating the Challenges of Aviation Cybersecurity.

   ---

Sunday, April 20th

1. Chinese Ghost Hackers Hit Hospitals And Factories In America And U.K.
   (Forbes)
   - According to a new report from Rebecca Harpur at Blackfog, the Ghost threat campaigns are operated by a financially motivated group from China and don’t have any known state affiliations.
   - Initial access is by way of public-facing systems through unpatched vulnerability exploitation. These include virtual private network appliances as well as web and email servers. Ghost then installs a backdoor, by way of web shells and tools such as Cobalt Strike to maintain stealthy access. The attackers often create new user accounts and disable security software having escalated system privileges.

2. Cyber threats target F-35 in new era of military defense risks
   (Bulgarian Military)
   - In April 2025, a NATO exercise in the Czech Republic exposed a stark reality: a simulated cyberattack on critical infrastructure could paralyze allied defenses in hours.
   - The F-35’s Block 4 upgrade, rolled out in 2024, enhances its computing power with the Integrated Core Processor, capable of 20 trillion operations per second. Yet, this sophistication increases its attack surface, making it a prime target for adversaries seeking to exploit software vulnerabilities.

3. Dutch Ministry of Defense seeks cyber reservists to strengthen national security
   (NL Times)
   - Dutch Ministry of Defense is seeking to expand its cyber defense capabilities by recruiting cyber reservists as part of its growing efforts to bolster the military’s readiness against rising global cyber threats.

   ---