BYOVD (Bring Your Own Vulnerable Driver) attacks have become a standard component of ransomware operations, allowing attackers to exploit signed kernel drivers for kernel-level access and subsequently disable AV/EDR products. The technique involves dropping a legitimate but vulnerable signed driver, loading it via a Windows service, and sending crafted IOCTL commands to terminate, blind, or strip privileges from security software. Microsoft's kernel hardening features and Vulnerable Driver Blocklist provide insufficient protection, as data-only kernel attacks bypass hardening and the blocklist has significant update lag. Behavioral monitoring of anomalous driver IOCTL interactions is the most effective defensive approach, as it is driver-agnostic and does not depend on prior driver identification.
Threat actors are weaponizing AI-themed lure documents to deliver a complex multi-stage infection chain culminating in AsyncRAT and a custom .NET RAT called clay_Client. The attack uses hidden LNK files inside compressed archives to initiate a chain of PowerShell scripts that extract, decrypt, and execute payloads from disguised PDF containers using AES-CBC, XOR, and GZip decompression. AutoHotkey scripts perform process hollowing into legitimate .NET Framework executables, while defense evasion includes adding Microsoft Defender exclusions and restoring disabled VBS execution. The final RAT provides full remote control with screen capture, input simulation, fileless assembly loading, and process injection capabilities.
This threat intelligence report highlights recent data breaches involving third-party vendors, emerging AI threat vectors such as prompt injection and WebSocket abuse, and active exploitation of critical vulnerabilities in Fortinet, Cisco, and Splunk products. Additionally, seasonal phishing campaigns targeting travelers and Amazon Prime members are surging alongside a cross-platform Rust-based crypto clipboard hijacker.
ESET researchers analyzed the Gentlemen ransomware-as-a-service (RaaS) operation, highlighting their unique approach of providing an in-house developed EDR killer framework, GentleKiller, directly to affiliates. The framework leverages Bring Your Own Vulnerable Driver (BYOVD) techniques to terminate over 400 security processes and is augmented by third-party tools like HexKiller and HavocKiller, all standardized with a shared defense-evasion layer.
Threat actors are increasingly targeting cloud logging services like AWS CloudTrail and Google Cloud Logging to evade detection and maintain persistence. By manipulating log routing, deleting storage destinations, or impairing encryption keys, attackers can blind security operations and operate undetected. Furthermore, attackers can redirect log flows to attacker-controlled infrastructure to gain continuous visibility into the victim's cloud environment.
The financially motivated threat cluster UNC3753 is conducting a fast-paced data theft and extortion campaign against US legal and professional services. The group leverages vishing and IT helpdesk impersonation to trick targets into installing legitimate RMM and screen-sharing tools, enabling rapid data exfiltration from corporate repositories and VDI environments. Notably, the campaign also involves suspected physical intrusions where actors use USB media to steal data directly from endpoints.
The Gentlemen ransomware, operated by Storm-2697, is a Go-based encryptor that combines robust Curve25519/XChaCha20 encryption with aggressive lateral movement capabilities. It utilizes multiple redundant propagation methods (PsExec, WMI, scheduled tasks, services) to maximize network compromise while employing extensive defense evasion techniques to hinder detection and recovery.
Software Supply Chain and AI Exploitation Dominate Threat Landscape
The software supply chain has become the primary battlefield for attackers because compromising a single developer tool can cascade into thousands of enterprise networks. Campaigns like Mini Shai-Hulud and TrapDoor are stealing credentials and injecting backdoors across major code registries, while the Laravel Lang Compromise and the Coruna Exploit Kit show how malicious code can automatically execute to steal secrets or exploit end users. As a result, organizations must treat developer environments as high-value targets, because a single compromised package or malicious VS Code extension can lead to catastrophic breaches like the GitHub internal repository theft by TeamPCP.
In parallel, artificial intelligence is simultaneously accelerating attacks and creating dangerous new attack surfaces. Threat actors are using AI to automate influence campaigns like Patriot Bait and crack passwords, while also impersonating AI tools like Gemini CLI and Claude Code to deliver infostealers. Furthermore, attackers are directly targeting exposed AI infrastructure, such as Ollama AI endpoints, and manipulating AI coding assistants via hidden prompt injections in campaigns like TrapDoor, which means AI systems are both the weapon and the target.
These trends together suggest that traditional perimeter defenses are failing against supply chain and AI-driven threats. Managers should immediately enforce strict vetting of open-source packages, restrict developer access to unverified extensions, and ensure AI infrastructure is not exposed to the public internet.
ROADtools is an open-source Python framework designed for Entra ID exploration that has been co-opted by nation-state threat actors like APT29 and APT33. Attackers leverage its modules to conduct extensive directory reconnaissance, register rogue devices for persistence, and manipulate OAuth tokens to bypass interactive authentication controls such as MFA. Detection relies on identifying anomalous Microsoft Graph API queries, unusual user-agent strings, and default device registration artifacts.
The Gentlemen ransomware operates as a Ransomware-as-a-Service (RaaS) model, utilizing affiliates who employ extensive defense evasion techniques. Recent incidents reveal attackers leveraging compromised RDP accounts, disabling Microsoft Defender via PowerShell, and establishing persistence through Scheduled Tasks that beacon to SOCKS proxy C2 servers.
A financially motivated eCrime campaign is leveraging SEO poisoning to impersonate AI coding assistants like Gemini CLI and Claude Code, tricking developers into executing a fileless PowerShell infostealer. The malware executes entirely in memory, disables Windows telemetry (ETW and AMSI), and harvests sensitive enterprise credentials, session tokens, and files before exfiltrating them to attacker-controlled infrastructure.
The Ransomware-as-a-Service (RaaS) ecosystem relies heavily on affiliates who dictate the actual intrusion tradecraft, meaning a single ransomware brand can be associated with vastly different attack chains. Affiliates frequently abuse legitimate Remote Monitoring and Management (RMM) tools, exposed RDP, and vulnerable edge appliances for initial access, followed by the use of LOLBins and open-source utilities for persistence and data exfiltration.
Varonis Threat Labs discovered 'GhostTree,' an evasion technique leveraging NTFS junctions to create recursive directory loops. By pointing multiple child junctions back to a parent directory, attackers can generate an exponentially large number of file paths, causing EDR and AV recursive scanners to hang and allowing malware to remain undetected.
Threat actors are increasingly employing defense evasion techniques to actively disable or blind endpoint security controls like AV and EDR. Common methods include manipulating Windows Firewall rules to block telemetry, uninstalling agents via rogue RMMs, and leveraging Bring Your Own Vulnerable Driver (BYOVD) attacks to terminate protected security processes from the kernel.
FrostyNeighbor, a Belarus-aligned threat actor, has updated its toolset to target Ukrainian governmental organizations with a multi-stage compromise chain. The attack utilizes spearphishing with malicious PDFs that redirect to a RAR archive containing a JavaScript dropper, which ultimately deploys a Cobalt Strike beacon via the PicassoLoader malware following strict server-side and manual victim validation.
TeamPCP (SHADOW-WATER-058) executed a sophisticated supply chain campaign compromising developer toolchains across multiple ecosystems, including Docker Hub, PyPI, and GitHub Actions. The attacks leveraged CI/CD trust, such as unsanitized PR comments and stolen publisher tokens, to distribute credential-harvesting payloads via Python .pth files and the Bun runtime, targeting over 80 credential types and abusing live AWS APIs.
A supply chain attack utilizing five malicious NuGet packages typosquatting Chinese .NET libraries has been discovered distributing a cross-platform infostealer. The malware leverages .NET Reactor and JIT hooking via module initializers to execute automatically upon assembly load, targeting credentials and cryptocurrency wallets across developer workstations and CI/CD pipelines.
Elastic Security Labs identified TCLBANKER, a new Brazilian banking trojan distributed via DLL sideloading that features robust anti-analysis mechanisms and environment-gated payload decryption. The malware deploys a full-featured banking trojan with a WPF-based social engineering overlay framework, alongside worm modules that self-propagate by hijacking WhatsApp Web sessions and Microsoft Outlook accounts.
Threat actors are exploiting the OpenClaw AI agent framework by publishing a deceptive 'DeepSeek-Claw' skill that distributes malware. The campaign utilizes malicious installation instructions to deploy Remcos RAT on Windows via DLL sideloading and GhostLoader on macOS/Linux via obfuscated Node.js scripts, enabling persistent access and data exfiltration.
North Korea-aligned APT ScarCruft executed a multi-platform supply-chain attack compromising the sqgame platform to target ethnic Koreans in China's Yanbian region. The campaign distributed the BirdCall backdoor via trojanized Android applications and malicious Windows updates (which initially dropped RokRAT), enabling extensive espionage capabilities including data exfiltration, audio recording, and screen capture.
Quasar Linux (QLNX) is an advanced, previously undocumented Linux Remote Access Trojan (RAT) designed to compromise developer workstations and facilitate supply chain attacks. It employs sophisticated evasion techniques, including fileless execution, process name spoofing, and dynamically compiled LD_PRELOAD and eBPF rootkits, alongside a PAM backdoor to harvest critical cloud and repository credentials.
A software supply chain campaign attributed to the GitHub account 'BufferZoneCorp' published malicious Ruby gems and Go modules designed to steal developer secrets and compromise CI/CD environments. The packages impersonate legitimate developer tools to execute install-time and runtime payloads that harvest credentials, tamper with GitHub Actions workflows, manipulate Go dependency resolution, and establish SSH persistence.
Attackers are increasingly targeting CI/CD pipelines to harvest secrets and pivot to production environments using techniques like workflow modification and privileged trigger exploitation. Elastic has released an open-source tool, cicd-abuse-detector, which leverages regex-based signal extraction and LLM analysis to detect suspicious pipeline changes during the pull request phase.
A widespread phishing campaign is leveraging the Kali365 Live Phishing-as-a-Service (PhaaS) platform to execute device code phishing and AiTM attacks. By tricking users into authorizing legitimate Microsoft device login requests, threat actors steal OAuth access and refresh tokens, bypassing traditional credential-based defenses and MFA to gain persistent access to Microsoft 365 environments.
Google Threat Intelligence Group identified UNC6692, a threat actor utilizing Microsoft Teams phishing and email bombing to deploy a custom modular malware suite. The attack chain leverages a malicious Chromium extension (SNOWBELT), a Python tunneler (SNOWGLAZE), and a Python bindshell (SNOWBASIN) to establish persistence, move laterally, and exfiltrate sensitive Active Directory data via legitimate cloud services.
ESET researchers uncovered GopherWhisper, a previously undocumented China-aligned APT group targeting a Mongolian governmental entity. The group utilizes a diverse arsenal of custom, primarily Go-based malware that leverages legitimate services like Slack, Discord, and Microsoft Outlook for command and control, blending malicious traffic with normal enterprise communications.
CISA and NCSC identified FIRESTARTER, a persistent Linux ELF backdoor deployed by APT actors on Cisco Firepower and Secure Firewall devices. The malware hooks into the LINA engine, survives firmware updates and soft reboots, and facilitates the deployment of secondary payloads like LINE VIPER to establish unauthorized VPN sessions.
Tropic Trooper is conducting a cyber espionage campaign targeting Chinese-speaking individuals in Asia using military-themed lures. The threat actors employ a trojanized SumatraPDF reader (TOSHIS loader) to deploy a custom AdaptixC2 Beacon that uses GitHub for command-and-control, ultimately establishing persistent remote access via VS Code tunnels.
Talos IR's Q1 2026 trends report highlights the resurgence of phishing as the primary initial access vector, heavily targeting public administration and healthcare. The quarter saw novel abuses of AI tools like Softr for credential harvesting, the emergence of the Crimson Collective extortion group leveraging valid accounts and TruffleHog, and Rhysida ransomware deploying the MeowBackConn backdoor.
Void Dokkaebi (Famous Chollima) is conducting a self-propagating supply chain campaign targeting software developers via fake job interviews. By tricking victims into cloning malicious repositories, the attackers deploy the DEV#POPPER RAT and weaponize the victim's own code contributions to infect downstream developers and organizational repositories.
Threat actors are actively deploying Nightmare-Eclipse proof-of-concept tools, including BlueHammer, RedSun, and UnDefend, in real-world intrusions to exploit Windows Defender race conditions for privilege escalation. The attacks, likely originating from compromised FortiGate VPN access, culminate in the deployment of BeigeBurrow, a Go-based reverse tunnel agent used for persistent command and control.
Lazarus Group is conducting a new ClickFix campaign targeting macOS users in high-value sectors via Telegram. The attackers trick victims into executing a terminal command that deploys 'Mach-O Man,' a multi-stage Go-based malware kit designed to steal credentials, browser data, and macOS Keychain secrets, exfiltrating the data via Telegram.
The Gentlemen is an emerging Ransomware-as-a-Service (RaaS) operation that provides affiliates with versatile, multi-platform lockers. Recent incident response telemetry reveals affiliates utilizing Cobalt Strike and SystemBC for post-exploitation and C2, culminating in highly automated, domain-wide ransomware deployment via Group Policy and built-in lateral movement mechanisms.
Threat actors are actively abusing the QEMU hardware emulator to create hidden virtual machines on compromised hosts, effectively shielding their attack toolkits from endpoint detection and response (EDR) solutions. Recent campaigns, including those linked to the PayoutsKing ransomware group, leverage this technique alongside vulnerability exploitation and legitimate remote access tools to establish persistence, harvest credentials, and exfiltrate data.
BlobPhish is an evasive credential-phishing campaign that generates fake authentication forms directly in the victim's browser memory using Blob objects. By avoiding traditional HTTP requests and disk writes, it bypasses standard network and file-based detection mechanisms to steal high-value financial and cloud service credentials.
A sophisticated phishing campaign is abusing Google Cloud Storage to host fake Google Drive login pages, harvesting credentials before delivering the Remcos RAT. The attack employs a complex, multi-stage execution chain using JavaScript, VBScript, and PowerShell to perform process hollowing on the legitimate RegSvcs.exe binary, allowing the malware to operate stealthily in memory.
Storm-2755 is a financially motivated threat actor targeting Canadian organizations with 'payroll pirate' attacks. By leveraging SEO poisoning and Adversary-in-the-Middle (AiTM) techniques, the actor steals session tokens to bypass legacy MFA, maintains persistence using the Axios HTTP client, and alters direct deposit information to steal employee salaries.
A high-severity social engineering campaign is actively targeting open source developers on Slack by impersonating Linux Foundation leaders. The multi-stage attack uses a fake AI tool lure to harvest credentials and trick victims into installing a malicious root certificate, leading to traffic interception and malware execution on macOS and Windows systems.
Following an accidental source code leak of Anthropic's Claude Code via npm, threat actors rapidly deployed fake GitHub repositories to distribute a Rust-compiled dropper. This dropper, part of a broader rotating-lure campaign, deploys Vidar stealer and GhostSocks proxy while utilizing extensive anti-analysis checks and PowerShell to disable Windows Defender.
A critical supply chain attack compromised the official Axios npm package, deploying malicious versions v1.14.1 and v0.30.4. The packages contained a fake runtime dependency that automatically executed post-install, downloading platform-specific Remote Access Trojans (RATs) to Windows, MacOS, and Linux systems to facilitate credential exfiltration and remote access.
Suspected DPRK state actors compromised the highly popular Axios npm package by taking over a maintainer's account and publishing malicious versions that deployed a cross-platform RAT via a phantom dependency. Concurrently, a threat group named TeamPCP conducted a cascading supply chain attack affecting Trivy, LiteLLM, and Telnyx to harvest CI/CD credentials. These incidents underscore the critical need for automated package monitoring, rapid credential rotation, and delayed dependency updates.
This article details behavioral detection engineering strategies for Linux rootkits, emphasizing the failure of static signatures against trivial binary modifications. It provides actionable detection logic for userland and kernel-space rootkits, including emerging threats leveraging eBPF and io_uring, alongside common persistence and defense evasion techniques.
On March 31, 2026, the popular Axios npm package was compromised in a supply chain attack attributed to North Korean threat actor Sapphire Sleet. Malicious versions 1.14.1 and 0.30.4 included a fake dependency that silently executed a post-install script to download and install OS-specific Remote Access Trojans (RATs) on Windows, macOS, and Linux systems.
The Russia-aligned APT group Pawn Storm has launched a sophisticated campaign deploying the PRISMEX malware suite against Ukrainian and NATO defense supply chains. The attack chain leverages two critical vulnerabilities, CVE-2026-21509 and CVE-2026-21513, to achieve zero-click execution, utilizing advanced steganography and COM hijacking to evade detection while communicating via legitimate cloud services.
A supply chain attack campaign utilizing five typosquatted npm packages targets Solana and Ethereum developers. The packages silently intercept private keys during routine cryptographic operations and exfiltrate them to a Telegram bot, leveraging transitive dependencies and obfuscation to evade detection.
North Korean threat group NICKEL ALLEY is targeting technology professionals and Web3 developers through fake job interviews and malicious code repositories. The group employs social engineering, the ClickFix tactic, and malicious VS Code tasks to deliver remote access trojans like PyLangGhost RAT and BeaverTail, primarily aiming for cryptocurrency theft and potential supply chain compromise.
Ransomware affiliates increasingly rely on EDR killers—ranging from BYOVD exploits and abused anti-rootkits to driverless tools—to disrupt security solutions prior to deploying encryptors. This approach allows encryptors to remain simple while the EDR killers handle complex defense evasion, complicating attribution and defense strategies.
The GetProcessHandleFromHwnd API contains historical design flaws allowing attackers to bypass User Interface Privilege Isolation (UIPI) and hijack Protected Processes. By forcing a protected process like WerFaultSecure.exe to create a window, attackers can obtain a privileged handle to inject shellcode, a vulnerability that remains exploitable on Windows 10 and pre-24H2 Windows 11 systems.
In 2025, ransomware operators increasingly relied on vulnerability exploitation for initial access and heavily targeted virtualization infrastructure like ESXi. While overall ransomware profitability appears to be declining, threat actors have adapted by increasing data theft extortion, targeting smaller organizations, and utilizing cross-platform ransomware families like REDBIKE, AGENDA, and INC.
Storm-2561 is conducting a credential theft campaign leveraging SEO poisoning to distribute fake enterprise VPN clients. The attack utilizes digitally signed payloads and DLL side-loading to deploy the Hyrax infostealer, which harvests VPN credentials and configuration data before redirecting victims to legitimate software to evade detection.