As the second month of the year comes to close, cybersecurity news from February 2025 reflects how familiar patterns from 2024 are creating new trends when it comes to infosec (information security). This month’s Recap by SWK Technologies will cover new developments affecting AI security, more crypto scammer hacks, and the potential long-term impact of multiple lawsuits against Elon Musk and his team at the newly created DOGE (Department of Government Efficiency) for accessing the personal data of federal employees.
Hackers Sell Data Supposedly Leaked from ChatGPT & Other AI
Between January and February 2025, multiple user accounts posted on the popular hacker messaging board, BreachForums, offering to sell data they had extracted from different AI platforms – namely ChatGPT and one of its many alternatives, OmniGPT. In the latter case, the threat actor claimed to have chat and credential information from around 30,000 users, but in the former the hacker included over 20,000 million stolen access codes that could be used to log into OpenAI accounts. The good news is that investigations have turned up no evidence that any backdoor components were actually breached, but the bad news is that some researchers suspect that there may be legitimate credentials in the data dump that were obtained via a specific malware vector.
Cybersecurity firm KELA posted an explanation on their website about a particular type of malicious software referred to as “infostealers,” which hackers use to scrape valuable information over time from multiple sources and points of compromise. This malware powers an entire operational ecosystem of cybercrime, where the application developers sell access to hackers who then leverage it to infiltrate various systems and exfiltrate certain files they could exploit. Infostealer attacks have been around for a while, but there has been a clear pattern of growing proliferation in recent years, and this latest attack against ChatGPT indicates that it is not slowing down.
New Hacking Technique for Gemini from Google Found
A security researcher announced that he had discovered a potential exploit hackers could leverage against the Gemini AI chatbot by Google, and demonstrated its usage as proof of concept. This technique involves using a potential gap in the functionality of Large Language Models (LLMs) where they typically read all text entered into the chatbox as a “prompt,” which is essentially as a command by the user. This particular method, called a “delayed tool invocation,” can leverage this and the Google Workspace Extension to trick the artificial intelligence tool into extracting data from a user’s Google Drive file storage.
Similar potential exploits have been brought to Alphabet’s attention in the past, and they have implemented restrictions to the memory capabilities of Gemini to address these over time, but this current threat was dismissed in a statement as being “low probability” and “not a scalable, specific vector of abuse.” However, given the recent stories regarding the ChatGPT and OmniGPT hacks, it is clear that AI is increasingly becoming a target of hackers as they grow in popularity and usage. Users should be mindful of integrated systems and databases connecting to their LLM accounts, and enforce strict security controls over who has access to what.
SEC X / Twitter Account Hacked & Used for Fraudulent Bitcoin Post
An Alabama resident pleaded guilty to an identify theft conspiracy that hacked into the SEC’s (Securities and Exchange Commission) X (formerly known as Twitter) account and used it to falsely claim the agency had approved the trading of bitcoin EFTs (exchange-traded funds) in January 2024. Eric Council of Athens, Alabama was part of a group that used a “SIM swap” attack against a mobile device that had access to the SEC’s X profile after impersonating the owner at an AT&T store to receive a replacement SIM card on the same associated phone line. Council was able to generate password reset codes for the X account and passed these along to the co-conspirators who seemingly hired him for this venture and similar attacks, paying him approximately $50,000 for 6 months of SIM swapping.
The overall purpose of the hack is still hard to glean, especially given that the SEC ended up approving cryptocurrency ETF trading legitimately within a few days, but the rise in the price of bitcoin after the fraudulent post seems the most likely reason for lack of a clearer motive. There have been a growing number of various “crypto scams” either aimed at stealing digital currency (with over $90 million in losses reported by February 2025) or hijacking properties across different channels – mainly in social media, though – to promote or sell specific currencies. Various institutions and individuals have become victims of the latter case, such as Dean Norris of Breaking Bad fame, whose X account was similarly hacked to launch a “meme coin” in his name called $DEAN. The token managed to reach a market cap of over $8 million before Norris announced on Instagram that it was fake and he had been locked out of his X profile, all over the course of only a few days.
However, the SEC hack seems particularly brazen not only for who it targeted but also for how short-sighted its goals seemed. The searches found by investigators on Eric Council’s personal computer – which included several high-level queries like “how can I know for sure if I am being investigated by the FBI” – seem to indicate that he was not exactly an experienced cybercriminal, yet he was able to help breach a federal agency’s social media account and cause significant market manipulation with only a fake ID and a phone number. This may be a sign of a lower bar of entry into this type of cyber scam’s ecosystem, which would also mean these types of attacks may become more common and be used against a greater variety of targets.
Elon Musk & DOGE Sued Over Potential Data Breach
Elon Musk’s DOGE team are facing lawsuits from multiple groups, mainly unions representing affected federal employees and nonprofit groups concerned about the newly created department’s access to sensitive information in the course of ostensibly identifying wasteful spending from government agencies. What is critical about these suits is that the plaintiffs are portraying this as a major cyber breach owing to the unmitigated access by DOGE, many of whom have worked previously worked for Musk and reportedly lack any major certification or experience in their new roles. There has also been additional pushback from the judicial level as several state Attorneys General and the courts have blocked further access for DOGE to Treasury systems, which contain confidential data on federal payments and processing.
DOGE’s audits have dove into PII (personally identifiable information) of potentially millions of federal employees across over a dozen institutions, including the Office of Personnel Management (OPM), the Treasury Department, the Department of Labor, the Consumer Financial Protection Bureau (CFPB), the Department of the Navy, the Bureau of Prisons, the U.S. Army Corp of Engineers and the Department of Agriculture. Data accessed includes several sensitive details such as Social Security numbers, Medicare benefits, salaries and more, as well as many examples of classified information without the proper security clearance.
Politics aside, this situation may have unforeseen consequences for federal data security practices going forward, coming off the string of cyber incidents affecting government agencies in recent years. From the infamous SolarWinds hack to the SEC’s social media breach mentioned here, as well as a recent audit finding vulnerabilities in the U.S. Coast Guard’s cybersecurity protocols on top of the controversy with DOGE, the federal government may need to reevaluate inter-agency data access and controls from the top-down to adjust for the modern realities of the digital age.
Learn How to Strengthen Your Cybersecurity Strategy
The cybersecurity news cycle for February 2025 has highlighted how threats continue to evolve using old and new tactics, from sophisticated AI exploits to surprisingly simple social engineering attacks that can breach even federal-level systems. While navigating this complex landscape may seem daunting, SWK Technologies is ready to help you develop and execute an effective security strategy tailored to your needs.
Contact SWK here to learn more about strengthening your security posture and better prepare your business against modern cybersecurity challenges.