April 22, 2025 Cyber Threat Intelligence Briefing

kroll logo
Kroll
Apr 22, 2025
Kroll

This week’s briefing covers:

00:00 - Intro and Situational Awareness

Palo Alto Confirms Brute Force Campaign Against PAN-OS Devices Worldwide
Following Kroll's previous bulletin highlighting a report from GreyNoise indicating a large uptick in activity targeting Palo Alto devices, it has been confirmed that Palo Alto has detected an ongoing campaign to brute force login credentials to PAN-OS devices.

CVE Numbering Process Almost Disrupted Due to Halt in MITRE Funding
U.S. government funding for MITRE’s Common Vulnerabilities and Exposures (CVE) program was set to expire on April 16 after the Department of Homeland Security (DHS) did not renew MITRE’s contract.

03:47 [CAMPAIGN] KTA071 (Lazarus) Code Challenge Application Lure
Key Takeaways

  • KTA071 continues targeting job applicants within the Financial sector, this time using code challenges to lure victims to run malicious code
  • The group use a series of Python code (RNLOADER and RNSTEALER) to gather information from victims before assessing whether to proceed with a wider compromise

06:40 [MALWARE SPOTLIGHT] RESOLVERRAT
Key Takeaways
RESOLVERRAT is a new malware seen targeting Healthcare and Pharmaceutical companies. First documented by Morphisec the malware is a.NET based remote access trojan (RAT).
Phishing links within emails is the initial access method used to distribute RESOLVERRAT. The phishing emails are written in the language of the target organisation and usually contain subjects designed to stoke anxiety in the recipient, often with themes regarding the evidence of the organisation committing violations or infringements.

Dive deeper:

Kroll’s Monthly Threat Intelligence Spotlight Report: https://www.kroll.com/en/insights/publications/cyber/threat-intelligence-reports/cti-spotlight-trends-report

Kroll’s Q3 2024 Threat Landscape Report: https://www.kroll.com/en/insights/publications/cyber/threat-intelligence-reports/q3-2023-threat-landscape-report-social-engineering

Playlist of Kroll's Weekly Cyber Threat Intelligence Briefings: Cyber Threat Intelligence Briefings

Kroll Cyber Blog: https://www.kroll.com/en/insights/publications/cyber

Kroll Cyber Threat Intelligence: https://www.kroll.com/en/services/cyber-risk/managed-security/threat-intelligence-services

Kroll Threat Intelligence Reports: https://www.kroll.com/en/insights/publications/cyber/threat-intelligence-reports

Kroll Responder MDR: https://www.kroll.com/en/services/cyber-risk/managed-security/kroll-responder

#krollcyber #threatintelligence #cyberthreats

Copyright © 2026 OpsMatters™. All rights reserved.