Shadow IT Risks, Updates, and Channel Daze!

IT channel and business news with a focus on regulatory compliance.

Author

Blacksmith Team
July 23, 2025

In partnership with

🤝 Off-Channel Communications: Messaging Apps, Shadow IT, and Policy Failures

The rise of unauthorized messaging and collaboration tools — also called off-channel communications or Shadow IT — is now a front-line compliance and security risk. MSPs need to address these threats both for their own operations and for their clients, as regulatory expectations and enforcement mount.

Find out why 1M+ professionals read Superhuman AI daily.

In 2 years you will be working for AI

Or an AI will be working for you

Here's how you can future-proof yourself:

  1. Join the Superhuman AI newsletter – read by 1M+ people at top companies

  2. Master AI tools, tutorials, and news in just 3 minutes a day

  3. Become 10X more productive using AI

Join 1,000,000+ pros at companies like Google, Meta, and Amazon that are using AI to get ahead.

Check out the episode recordings!

🔍 Channel Daze is Almost Here! (Along with 16k of Prizes for MSPs!)

Starting August 4th, we’re bringing you 10 straight weekdays of giveaways. That’s two
prizes a day, from 34 awesome sponsors who just want to say thanks. It’s easy, it’s free –
and all you have to do is enter for a chance to win!

⚠️ Threat Updates

🔴 Espionage Campaign Targets Viasat, North American Telecoms with Sophisticated APT Intrusions (7/17/25)

The China-backed “Salt Typhoon” APT group has breached satellite provider Viasat and multiple Canadian telecom companies by exploiting unpatched Cisco vulnerabilities. The campaign focuses on wiretapping, metadata theft, and persistent surveillance, with initial access going undetected for months. These operations underscore a growing trend of state-sponsored supply chain compromise targeting telecom infrastructure across North America. Organizations in telecom and satellite operations should escalate logging, threat hunting, and patch diligence, especially for Cisco network gear. » More Info

🔴 BladedFeline APT Evolves, Targets Middle Eastern Government Email Systems for Covert Surveillance (7/17/25)

The Iran-aligned BladedFeline group continues a sophisticated espionage campaign against Iraqi and Kurdish government officials—and is now expanding operations to Central Asian telecoms. Their evolving toolkit includes advanced backdoors leveraging Microsoft Exchange and IIS vulnerabilities to maintain long-term, stealthy access and exfiltrate intelligence-critical communications. These intrusions highlight the persistent, multi-year dwell times possible for well-resourced advanced threat actors operating with geopolitical motives. Security teams are advised to review long-term logs, enforce network segmentation, and monitor Exchange/web server anomaly patterns. » More Info

🗨️ Parting Words

"The ‘S’ in IOT stands for ‘Security.’"

– Source Unknown

Are you a vCISO or MSP looking to operationalize security programs? Let’s discuss how Blacksmith Infosec proves that compliance is an opportunity, not a struggle that has to be packaged in FUD!