Sekoia's Threat Detection & Research team details the two-decade evolution of APT28's tradecraft, highlighting a strategic shift from monolithic implants to disposable, single-purpose tools and compromised edge-router infrastructure. Recent operations demonstrate a return to custom cloud-resident backdoors and novel experimentation with LLM-driven infostealers.
This threat intelligence bulletin highlights a surge in data breaches driven by social engineering, alongside the increasing weaponization of AI tools for phishing, malware development, and supply chain attacks. Active exploitation of vulnerabilities in PAN-OS GlobalProtect and Ghost CMS has been observed, while a critical unpatched RCE in Gogs remains a significant risk. Additionally, targeted campaigns like Grandoreiro and JINX-0164 continue to threaten the financial and cryptocurrency sectors using platform-specific malware and DLL side-loading.
WithSecure identified GREYVIBE, a Russia-nexus threat group targeting Ukrainian entities using spear-phishing, ClickFix, and fraudulent websites. The group systematically leverages Generative AI to develop custom malware (PhantomRelay, LegionRelay, FallSpy) and obfuscators, blending state-aligned intelligence gathering with cybercrime ecosystem overlaps.
CrowdStrike, in collaboration with Google and Shadowserver, successfully dismantled the Glassworm botnet, a highly resilient threat targeting software developers. The threat actors utilized trojanized IDE extensions and malicious package dependencies to deploy GlasswormRAT, leveraging a complex C2 infrastructure spanning the Solana blockchain, BitTorrent DHT, and Google Calendar to maintain persistent access to developer environments.
In May 2026, ANY.RUN observed a surge in sophisticated phishing and malware campaigns utilizing fileless execution, browser-based credential theft, and legitimate workflow abuse. Key threats included Agent Tesla credential harvesting, ClickFix fileless malware, BlobPhish in-memory page generation, and phishing-to-RMM chains bypassing traditional MFA via real-time OTP interception.
Unit 42 identified an active cyberespionage campaign by the Iran-nexus APT group Screening Serpens, targeting entities in the U.S., Israel, and the Middle East. The threat actor deployed two new RAT families, MiniUpdate and MiniJunk V2, utilizing advanced AppDomainManager hijacking and DLL sideloading to evade native .NET security mechanisms like ETW. The attacks rely on highly tailored social engineering lures, such as fake job portals and video conferencing updates, to initiate the infection chain and establish persistent command and control.
A supply chain attack compromising the widely-used npm package 'art-template' was discovered delivering the Coruna exploit kit to iOS devices. The injected JavaScript acts as a sophisticated watering hole framework, utilizing extensive anti-bot fingerprinting and WebAssembly memory probes to deliver version-specific WebKit RCE exploits targeting Safari on iOS 11.0 through 17.2.
The Gentlemen ransomware operates as a Ransomware-as-a-Service (RaaS) model, utilizing affiliates who employ extensive defense evasion techniques. Recent incidents reveal attackers leveraging compromised RDP accounts, disabling Microsoft Defender via PowerShell, and establishing persistence through Scheduled Tasks that beacon to SOCKS proxy C2 servers.
A financially motivated eCrime campaign is leveraging SEO poisoning to impersonate AI coding assistants like Gemini CLI and Claude Code, tricking developers into executing a fileless PowerShell infostealer. The malware executes entirely in memory, disables Windows telemetry (ETW and AMSI), and harvests sensitive enterprise credentials, session tokens, and files before exfiltrating them to attacker-controlled infrastructure.
A long-running typosquat of a popular Go decimal library was weaponized to include a DNS-based backdoor. The malicious package, github.com/shopsprint/decimal, uses an init() function to poll a dynamic DNS subdomain via TXT records, executing the returned strings as arbitrary commands on the host system.
TamperedChef (also known as EvilAI) is a widespread threat campaign distributing trojanized productivity applications via malvertising. The threat actors heavily abuse legitimate code-signing certificates and employ delayed execution techniques to evade detection, ultimately deploying information stealers, RATs, or adware onto victim endpoints after a dormancy period.
Trend Micro MDR analyzed Banana RAT, a sophisticated banking trojan operated by SHADOW-WATER-063 targeting Brazilian financial institutions. The malware utilizes a server-side polymorphic build pipeline to deliver unique, AES-encrypted PowerShell payloads that execute filelessly in memory. Once active, it enables operator-driven fraud through remote input control, keylogging, deceptive banking overlays, and a specialized Pix QR code interception subsystem.
A recent phishing campaign impersonates Zoom meeting invitations to trick users into downloading a malicious VBS script disguised as a software update. This script silently installs ConnectWise ScreenConnect, a legitimate RMM tool, granting attackers persistent remote access to the compromised system for potential follow-on attacks such as credential theft, lateral movement, or ransomware deployment.
Developer Supply Chains Under Siege as Edge Device Exploits Surge
The dominant narrative this week is the coordinated weaponization of the software supply chain, as threat actors like TeamPCP and Mini Shai-Hulud aggressively target developer tools to steal cloud credentials. Because these attackers compromise trusted build systems like GitHub Actions, a single malicious package—such as the compromised TanStack libraries—can cascade into massive downstream breaches, allowing criminals to hold development environments hostage and even deploy destructive dead-man switches if their access is cut off.
In parallel, attackers are bypassing traditional network defenses by exploiting internet-facing edge devices and logging in with stolen credentials. Threat clusters are actively exploiting critical flaws in Cisco Catalyst SD-WAN and Microsoft Exchange, while ransomware groups like The Gentlemen and state-sponsored actors like Secret Blizzard use these footholds to live off the land, hijacking legitimate IT tools to stay hidden for months.
These trends together suggest that perimeter-focused defenses and basic patching are no longer sufficient. Organizations must immediately isolate their CI/CD pipelines from cloud credentials, enforce phishing-resistant multi-factor authentication on all internet-facing systems, and assume that trusted vendor tools may already be compromised.
The TeamPCP threat actor deployed the Mini Shai-Hulud worm in a sophisticated supply chain attack targeting the npm ecosystem via a GitHub Actions CI cache-poisoning technique. The malware steals credentials, establishes persistence via developer tools like VS Code and Claude Code, and features a destructive dead man switch that wipes the victim's home directory if access tokens are revoked.
Kazuar is a sophisticated, modular P2P botnet attributed to the Russian state-sponsored actor Secret Blizzard. It utilizes a tripartite architecture (Kernel, Bridge, Worker) and a leader election mechanism to minimize external C2 traffic, relying on Mailslots, Window Messaging, and Named Pipes for internal communication and HTTP, WSS, or EWS for external C2.
SentinelLABS discovered PCPJack, a cloud-focused worm designed to harvest credentials at scale while actively evicting artifacts of a rival threat actor, TeamPCP. The framework targets exposed cloud services like Docker, Kubernetes, and Redis for propagation and lateral movement, notably omitting cryptomining payloads in favor of credential theft and Sliver C2 deployment.
Kimsuky (APT43) has updated its arsenal with new PebbleDash and AppleSeed malware variants, including the Rust-based HelloDoor and httpMalice backdoors. The group is increasingly utilizing legitimate services like VSCode Remote Tunnels, Cloudflare Quick Tunnels, and DWAgent for covert C2 and post-exploitation access, primarily targeting South Korean entities and global defense sectors.
A recent leak of internal communications and backend data from 'The Gentlemen' RaaS operation has revealed the group's highly structured operational model and mature toolset. The threat actors actively exploit edge appliances and NTLM relay vulnerabilities for initial access, followed by extensive use of red-team tools and custom EDR evasion techniques to deploy their cross-platform ransomware.
Trend Micro identified two distinct threat campaigns, SHADOW-AETHER-040 and SHADOW-AETHER-064, leveraging agentic AI to orchestrate attacks against Latin American government and financial institutions. The attackers utilized AI models like Anthropic's Claude to dynamically generate scripts, analyze configurations, and establish SOCKS5 tunnels for lateral movement, demonstrating a shift towards AI-assisted, signature-evasive intrusion operations.
A supply chain attack utilizing five malicious NuGet packages typosquatting Chinese .NET libraries has been discovered distributing a cross-platform infostealer. The malware leverages .NET Reactor and JIT hooking via module initializers to execute automatically upon assembly load, targeting credentials and cryptocurrency wallets across developer workstations and CI/CD pipelines.
Cisco Talos identified UAT-8302, a China-nexus APT, targeting global government entities using a diverse toolkit of custom and shared malware. The threat actor leverages DLL side-loading to deploy implants like NetDraft, CloudSorcerer v3, and VSHELL, while utilizing open-source tools for extensive network reconnaissance, credential harvesting, and lateral movement.
Quasar Linux (QLNX) is an advanced, previously undocumented Linux Remote Access Trojan (RAT) designed to compromise developer workstations and facilitate supply chain attacks. It employs sophisticated evasion techniques, including fileless execution, process name spoofing, and dynamically compiled LD_PRELOAD and eBPF rootkits, alongside a PAM backdoor to harvest critical cloud and repository credentials.
A threat actor utilized compromised VPN credentials to access a partner network, pivoting via a customized Impacket smbexec.py to enable RDP and establish an interactive session. The attacker then installed the open-source monitoring tool Komari directly from GitHub, leveraging its native WebSocket capabilities as a persistent, SYSTEM-level command-and-control (C2) backdoor disguised as the Windows Update Service.
A ClickFix social engineering campaign tricks users into executing a malicious command via a fake CAPTCHA on fraudulent background removal websites. This command uses the legacy finger.exe utility to download CastleLoader, an advanced Python-based loader that employs reflective PE loading and API evasion (such as ReplaceTextW hooking) to deploy NetSupport RAT and a custom .NET stealer (CastleStealer) for credential and data exfiltration.
A suspected TeamPCP-linked supply chain attack compromised multiple SAP CAP and Cloud MTA npm packages by injecting malicious preinstall scripts. The attack leverages a downloaded Bun runtime to execute an obfuscated payload that harvests extensive credentials from developer machines and CI/CD pipelines, exfiltrating data via attacker-controlled GitHub repositories and establishing persistence through VSCode and Claude AI configurations.
A new phishing campaign targets Brazilian users with fake judicial summons to deliver agenteV2, a Nuitka-compiled interactive banking trojan. The malware establishes a persistent WebSocket backdoor for live screen streaming and remote shell access, enabling attackers to conduct real-time, operator-assisted financial fraud.
The Bitwarden CLI npm package was compromised in a supply chain attack linked to the ongoing Checkmarx campaign. The malicious payload, injected via GitHub Actions, harvests extensive cloud and developer credentials, exfiltrating them through unauthorized GitHub repositories and a dedicated C2 server while employing a Russian locale kill switch and shell profile persistence.
A sophisticated supply chain attack compromised official Checkmarx KICS Docker images and VS Code extensions, injecting malware designed to harvest and exfiltrate cloud, developer, and CI/CD credentials. The threat actor, believed to be TeamPCP, utilized the Bun runtime to execute the payload, subsequently abusing stolen GitHub and NPM tokens to propagate the infection through malicious GitHub Actions workflows and poisoned NPM packages.
An international coalition of cyber agencies has issued a joint advisory warning that China-linked threat actors are leveraging covert networks of compromised edge devices to disguise their attacks. The advisory highlights the growing problem of 'IOC extinction' and urges organizations to shift towards dynamic threat filtering and behavioral baselining of edge device traffic to maintain effective defense.
ESET researchers uncovered GopherWhisper, a previously undocumented China-aligned APT group targeting a Mongolian governmental entity. The group utilizes a diverse arsenal of custom, primarily Go-based malware that leverages legitimate services like Slack, Discord, and Microsoft Outlook for command and control, blending malicious traffic with normal enterprise communications.
CISA and NCSC identified FIRESTARTER, a persistent Linux ELF backdoor deployed by APT actors on Cisco Firepower and Secure Firewall devices. The malware hooks into the LINA engine, survives firmware updates and soft reboots, and facilitates the deployment of secondary payloads like LINE VIPER to establish unauthorized VPN sessions.
China-nexus cyber actors have strategically shifted to utilizing large-scale covert networks of compromised SOHO and IoT devices to obfuscate their operations. These dynamic botnets, such as Raptor Train and KV Botnet, facilitate deniable access and complicate traditional static IOC-based defense, requiring organizations to adopt behavioral baselining and dynamic threat intelligence.
Void Dokkaebi (Famous Chollima) is conducting a self-propagating supply chain campaign targeting software developers via fake job interviews. By tricking victims into cloning malicious repositories, the attackers deploy the DEV#POPPER RAT and weaponize the victim's own code contributions to infect downstream developers and organizational repositories.
Threat actors are actively exploiting CVE-2025-29635, a command injection vulnerability in end-of-life D-Link DIR-823X routers, to deploy a Mirai botnet variant. The campaign utilizes malicious HTTP POST requests to download and execute shell scripts that fetch the final Mirai payload, while also targeting vulnerabilities in TP-Link and ZTE devices.
A software supply chain compromise impacted the Axios npm package, injecting a malicious dependency ([email protected]) into versions 1.14.1 and 0.30.4. This dependency downloads multi-stage payloads, including a Remote Access Trojan (RAT), which communicates with a known malicious C2 domain.
The Q1 2026 vulnerability landscape shows a continued rise in overall CVEs and KEVs, with a significant focus on software supply chain compromises and networking gear. A notable emerging threat is the abuse of the n8n AI workflow automation platform to bypass traditional security filters, alongside the discovery of the PowMix botnet targeting Czech workers and ongoing exploitation of legacy vulnerabilities.
A sophisticated phishing campaign is abusing Google Cloud Storage to host fake Google Drive login pages, harvesting credentials before delivering the Remcos RAT. The attack employs a complex, multi-stage execution chain using JavaScript, VBScript, and PowerShell to perform process hollowing on the legitimate RegSvcs.exe binary, allowing the malware to operate stealthily in memory.
Iranian-affiliated APT actors are actively targeting internet-exposed programmable logic controllers (PLCs), specifically Rockwell Automation devices, across multiple U.S. critical infrastructure sectors. The attackers utilize native configuration software and Dropbear SSH to manipulate project files and HMI displays, leading to operational disruptions and financial losses.
Elastic Security Labs identified a cyberattack targeting a South Asian financial institution using two custom malware strains: BRUSHWORM and BRUSHLOGGER. BRUSHWORM functions as a backdoor and USB worm capable of extensive file theft and air-gap bridging, while BRUSHLOGGER captures system-wide keystrokes via DLL side-loading.
Unit 42 identified a coordinated cyberespionage campaign targeting a Southeast Asian government entity, involving three distinct China-aligned threat clusters. The attackers utilized a variety of tools including USB worms, custom loaders, and multiple remote access Trojans (PUBLOAD, Masol, Gorem, FluffyGh0st) to establish persistent access, evade detection via DLL sideloading, and exfiltrate sensitive data.
Threat actors are actively abusing legitimate Cloudflare services, specifically Workers and Tunnels, to conduct adversary-in-the-middle (AiTM) phishing and distribute malware. By leveraging Cloudflare's trusted infrastructure and free tiers, attackers successfully bypass traditional security controls to deliver remote access trojans like Xeno RAT and XWorm RAT via obfuscated WebDAV connections.
The CrowdStrike 2026 Global Threat Report highlights a shift toward highly evasive, malware-free attacks leveraging valid credentials, AI tools, and supply chain compromises. Adversaries are operating with unprecedented speed, with average breakout times dropping to 29 minutes, while increasingly targeting AI infrastructure, cloud environments, and network edge devices.
Boggy Serpens (MuddyWater) is conducting ongoing cyberespionage campaigns targeting critical infrastructure and diplomatic entities globally. The group leverages hijacked accounts for trusted relationship compromises, delivering advanced, AI-assisted malware toolkits including Rust-based backdoors and custom C2 protocols to maintain long-term persistence and evade detection.
The Warlock ransomware group (Water Manaul) has enhanced its attack chain by exploiting Microsoft SharePoint servers for initial access and deploying a sophisticated post-exploitation toolkit. The group leverages BYOVD techniques via the NSecKrnl.sys driver to disable security tools, establishes redundant C&C channels using legitimate tools like Velociraptor and Cloudflare Tunnels, and automates ransomware deployment domain-wide using Group Policy Objects (GPO).
A novel phishing campaign is abusing the legitimate LiveChat SaaS platform to impersonate brands like PayPal and Amazon. By engaging victims in real-time chat interfaces using automated bots or human operators, attackers successfully harvest sensitive information, including account credentials, multi-factor authentication (MFA) codes, personally identifiable information (PII), and credit card details.
AI Rush Opens New Attack Paths as Trusted Cloud Services Fuel Phishing
The rush to adopt artificial intelligence is giving attackers two new advantages: convincing lures to trick users and poorly secured infrastructure to exploit. This week, multiple campaigns used fake websites for the Claude AI assistant to infect victims with password-stealing malware, while researchers revealed that commercial robots and AI connection protocols contain critical flaws that let hackers hijack them. Because organizations are deploying AI tools faster than they can secure them, attackers are finding easy entry points into corporate networks.
In parallel, phishing campaigns are increasingly hijacking trusted cloud services like Amazon's email platform and Vercel's AI-powered website builder to send messages that bypass security filters entirely. A massive campaign targeting US employees used fake HR reviews to steal login sessions even when multi-factor authentication was enabled, and the breach of the Canvas learning platform exposed data on 275 million people that can now be used for highly convincing follow-up scams. These trends together suggest that traditional defenses are losing effectiveness because attackers are hiding inside the systems we already trust.
Organizations should immediately patch the actively exploited Palo Alto Networks and Ivanti vulnerabilities flagged by CISA this week, require phishing-resistant authentication methods, and treat every AI tool and robot connected to their network as a high-risk device that needs strict monitoring.
AI Weaponization and Developer Supply Chain Attacks Redefine the Perimeter
Attackers are aggressively targeting the software development process because compromising a single developer tool can unlock thousands of corporate networks. In parallel, artificial intelligence is collapsing the cost of attacks, allowing criminals to build convincing deepfakes and automated phishing campaigns in minutes. As a result, traditional security like multi-factor authentication is increasingly bypassed using tricks that steal active login sessions rather than passwords. These trends together suggest that relying on perimeter defenses and basic hygiene is no longer enough, as attackers hide inside trusted cloud services and legitimate software updates. This matters because organizations are losing visibility into where their sensitive data actually lives, especially as AI tools create hidden pathways into company systems. Defenders must shift their focus to monitoring user behavior after login and securing the automated systems that build their software. Watch for unusual activity in your developer tools and implement stricter checks on third-party software.