Cavern Manticore, an Iran-MOIS-linked APT group, deploys a modular .NET C2 framework targeting Israeli government and IT organizations. The framework uses three compilation formats (Mixed-Mode C++/CLI, NativeAOT, .NET Framework) as an anti-analysis layer, with DLL sideloading via WinDirStat.exe for initial execution. Post-exploitation modules provide DPAPI decryption, LDAP brute-forcing, SQL browsing, network reconnaissance, and SOCKS5 tunneling, with C2 traffic XOR-encrypted over HTTPS/WebSocket channels.
AI is not fundamentally changing adversary capabilities but is compressing attack timelines, lowering operational costs, and scaling existing tactics. Breakout times have dropped to an average of 29 minutes, with AI-enabled operations increasing 89% year-on-year. The most significant emerging threats are runtime-LLM malware (PROMPTSTEAL/LAMEHUG, QUIETVAULT) that query language models during execution, and agentic AI operations (GTG-1002) where AI agents conduct multi-stage intrusions with minimal human steering. Defenders face a dual pressure: faster attacks and an expanding attack surface from AI supply-chain dependencies.
Insikt Group identified new infrastructure used by the TAG-182 threat cluster to disseminate MarkiRAT surveillance malware targeting Farsi-speaking users, particularly Iranians, via fake VPN and media player applications distributed through social media. TAG-182 demonstrates tradecraft overlaps with Ferocious Kitten, including identical BITS job command strings and similar domain naming conventions. The operation supports Iranian government surveillance objectives, with infrastructure spanning multiple hosting providers and dozens of lookalike domains impersonating legitimate services.
AI Attacked and Abused While Perimeter Authentication Collapses
The month's defining shift was the emergence of AI as a two-sided battlefield: organizations deployed AI tools faster than they secured them, while attackers weaponized the same technology against defenders. Critical flaws in LangGraph allowed SQL injection chained to remote code execution, M365 Copilot could be turned into a one-click data exfiltration weapon via SearchLeak, and Langflow was exploited to deploy cryptominers. Meanwhile, the ongoing Shai-Hulud campaign injected prompts to blind AI malware scanners, macOS.Gaslight turned prompt injection against human analysts, and Russia's APT28 began experimenting with LLM-integrated malware. At the same time, perimeter authentication collapsed at scale: FortiBleed exposed credentials for over 73,000 FortiGate firewalls, CVE-2026-50751 let attackers bypass Check Point VPN authentication entirely, and ShinyHunters exploited an Oracle PeopleSoft zero-day across over 100 organizations.
Supply chain attackers followed developers to their new AI tools, compromising the ecosystems where code is written and built. The Shai-Hulud/Miasma worm expanded from npm into PyPI and injected persistent backdoors into AI coding assistant configurations, while North Korea's Sapphire Sleet compromised over 140 Mastra npm packages to steal cryptocurrency wallets, and the ongoing GlassWorm campaign pivoted to WebAssembly malware in VS Code extensions using the Solana blockchain as command-and-control. Social engineering also industrialized: the ErrTraffic framework turned ClickFix deception into a Malware-as-a-Service operation with blockchain dead drops, and EvilTokens hid phishing flows inside browser-side encryption to defeat network scanners while hijacking Microsoft device-code authentication.
Organizations should treat AI deployments as untrusted perimeter assets—restrict their network access, audit third-party skills and extensions, and assume prompt-injection attacks will target both automated scanners and human analysts. Every internet-facing VPN, firewall, and edge appliance should be patched immediately, with credentials rotated and phishing-resistant MFA enforced, because perimeter authentication failures now cascade directly into internal network compromise.
Insikt Group's analysis of the global state digital surveillance landscape identifies 31 countries as high or very high risk, driven by the proliferation of commercial spyware, network interception technologies, and AI-powered data aggregation. The report outlines five primary surveillance vectors—network, endpoint, platform, public space, and data aggregation—and highlights the increasing threat to foreign nationals and business travelers, necessitating strict device management and travel security protocols.
The NCSC CEO reported that approximately 75% of the 200+ cyber incidents affecting UK critical national infrastructure over the past year were linked to hostile state actors such as Russia, China, and Iran. The NCSC warns that unpatched legacy systems pose a severe risk, particularly as AI-enabled cyber capabilities are projected to accelerate the exploitation of known vulnerabilities at scale by 2028.
Perimeter Auth Collapse and AI-Driven Deception Shift the Battlefield
The security perimeter cracked open this week as critical authentication bypasses in Check Point VPNs, Ivanti Sentry, and Palo Alto GlobalProtect gave attackers a free pass into corporate networks, with Qilin ransomware already exploiting one to launch real attacks.
At the same time, AI became the year's most versatile weapon: criminals used ChatGPT and Claude brands as phishing lures, researchers proved AI email assistants will hand over corporate secrets to impersonators, and the Shai-Hulud campaign began injecting fake prompts to blind AI-powered security scanners.
Patch edge VPN appliances immediately, treat AI agents as high-risk insiders, and hunt for device-code authentication events that bypass normal credential checks.
Sanctions Evasion Networks (SENs) supporting Iranian and Russian shadow fleets are operating a complex ecosystem of inauthentic websites to bypass maritime compliance. These networks impersonate legitimate maritime authorities and utilize automated document generation tools to produce fraudulent ship and seafarer certificates, complicating detection by regulatory and enforcement bodies.
The cyber risk landscape for 2026 is heavily influenced by regional conflicts, with PRC actors pre-positioning in critical infrastructure edge devices for strategic leverage. Russian actors are escalating hybrid warfare and OT/ICS disruption across Europe, while Iranian groups have decentralized to conduct wiper attacks and target cloud infrastructure. Concurrently, eCrime actors are exploiting these geopolitical tensions to deploy ransomware and infostealers, increasingly targeting hypervisors and industrial operations.
The 2026 FIFA World Cup presents a complex cyber-physical threat landscape, with cybercriminals already deploying thousands of fraudulent domains for credential harvesting and scams. State-sponsored groups like BlueDelta and Iranian-linked hacktivists are anticipated to leverage the event's global profile for targeted espionage, ransomware extortion, and politically motivated disruptive operations against sponsors, host cities, and attendees.
Trojanized Build Pipelines and Blind-Spot Appliances Redefine the Perimeter
Attackers are bypassing traditional network defenses by compromising the tools developers use to build software and the AI assistants they rely on to write code. Campaigns like Mini Shai-Hulud and Miasma - The Spreading Blight flooded package registries with malicious code that steals cloud credentials and CI/CD tokens, while researchers proved that public AI agent skill marketplaces are completely ineffective at catching malicious add-ons.
Nation-state actors and cybercriminals are simultaneously shifting their focus to blind spots in corporate networks and trusted platforms. The VerdantBamboo group exploited firewalls to bypass conditional access, while UNC3753 used IT impersonation to trick law firm employees into installing remote access tools, and Kali365 expanded its phishing infrastructure to steal multi-factor authentication tokens.
Defenders must shift their focus from perimeter email filtering to securing the software build pipeline and monitoring edge appliances for anomalous traffic. Hunt for unexpected connections to cloud storage APIs and review developer environments for compromised packages or AI skills.
Iran's Ministry of Intelligence (MOIS) has expanded its 'Handala' operational brand to encompass physical threats and influence operations alongside its established cyber hacktivism. By coordinating personas like Handala Hack Team, HPRF, and VIPEmployment, MOIS leverages global brand recognition to solicit proxies via Telegram for espionage, sabotage, and physical attacks against US and Israeli interests. This multidomain approach combines cyber intrusions with real-world intimidation tactics.
Session Hijacking and Developer Tool Poisoning Collapse Authentication Trust
This week, attackers proved that multi-factor authentication is no longer a reliable gatekeeper. Campaigns like Tycoon 2FA and Chinese-language PhaaS platforms intercept one-time passwords in real time and steal session tokens to maintain persistent access, while infostealers like EKZ Infostealer harvest browser cookies to bypass authentication entirely. Even when victims reset passwords and revoke sessions, attackers retain access through hidden device registrations — meaning standard incident response playbooks are now incomplete.
Developers remain the preferred entry point for supply chain compromise. The Glassworm botnet was disrupted after hiding malware in VSCode extensions and npm packages, while the Megalodon campaign poisoned GitHub Actions workflows across 5,500 repositories. A malicious Sicoob.Sdk NuGet package stole banking certificates from Brazilian developers, and North Korea's Lazarus group compromised the widely used axios npm library — a single attack touching millions of downstream applications.
Organizations must move beyond password-and-MFA reliance: adopt hardware security keys, shorten session lifetimes, delete attacker-registered devices before resetting credentials, and audit developer toolchains and CI/CD pipelines for tampering.
ESET's Q4 2025–Q1 2026 APT Activity Report highlights global espionage and destructive campaigns by state-aligned actors. Notable incidents include a major supply chain compromise of the 'axios' npm library by Lazarus, destructive wiper attacks on Polish critical infrastructure by Sandworm, and the deployment of new edge-device implants like PhiliKit against Ivanti VPNs by China-aligned groups.
The 2026 FIFA World Cup presents a massive, multi-jurisdictional attack surface threatened by state-nexus disruptive operations and financially motivated cybercrime. Key risks include Iran-aligned actors targeting municipal OT infrastructure, pro-Russian hacktivists launching high-volume DDoS attacks against tournament services, and cybercriminals deploying ransomware against the hospitality supply chain.
Unit 42 identified an active cyberespionage campaign by the Iran-nexus APT group Screening Serpens, targeting entities in the U.S., Israel, and the Middle East. The threat actor deployed two new RAT families, MiniUpdate and MiniJunk V2, utilizing advanced AppDomainManager hijacking and DLL sideloading to evade native .NET security mechanisms like ETW. The attacks rely on highly tailored social engineering lures, such as fake job portals and video conferencing updates, to initiate the infection chain and establish persistent command and control.
Iranian threat actor Nimbus Manticore (UNC1549) conducted a series of campaigns in early 2026 utilizing AppDomain Hijacking, SEO poisoning, and task hijacking to deploy the new MiniFast backdoor. The group demonstrated rapid toolset evolution, likely aided by AI-assisted development, targeting the aviation and software sectors across the US, Europe, and the Middle East.
ROADtools is an open-source Python framework designed for Entra ID exploration that has been co-opted by nation-state threat actors like APT29 and APT33. Attackers leverage its modules to conduct extensive directory reconnaissance, register rogue devices for persistence, and manipulate OAuth tokens to bypass interactive authentication controls such as MFA. Detection relies on identifying anomalous Microsoft Graph API queries, unusual user-agent strings, and default device registration artifacts.
Recorded Future analyzes the cyber and geopolitical risks associated with the US strategic pivot toward the Western Hemisphere. The shift, characterized by increased military intervention against transnational criminal organizations, presents three potential scenarios that elevate risks of state-sponsored espionage, industrialized cybercrime, and the proliferation of commercial spyware and surveillance infrastructure.
Insikt Group analyzed the evolving Iran conflict using the PESTLE-M framework to generate multiple future scenarios, ranging from a fragile ceasefire to regional war or nuclear crisis. The report highlights the persistent threat of economic disruption, maritime coercion, and intensified cyber operations targeting critical infrastructure, urging organizations to build resilience across supply chains and cybersecurity postures.
Iranian-affiliated APT actors are actively targeting internet-exposed programmable logic controllers (PLCs), specifically Rockwell Automation devices, across multiple U.S. critical infrastructure sectors. The attackers utilize native configuration software and Dropbear SSH to manipulate project files and HMI displays, leading to operational disruptions and financial losses.
Morphisec Threat Labs analyzed a Linux variant of the Iranian-attributed Pay2Key ransomware. The malware requires root privileges to execute, utilizes a JSON configuration file, disables system defenses like SELinux and AppArmor, and employs ChaCha20 for full or partial file encryption while lacking built-in network C2 or exfiltration capabilities.
Following the outbreak of a geopolitical conflict in the Middle East in early 2026, Akamai observed a 245% surge in malicious cyber activity targeting global enterprises. The threat landscape is characterized by massive increases in automated reconnaissance, credential harvesting, and data-wiping attacks by state-sponsored and hacktivist groups like Handala, primarily targeting the financial, ecommerce, and healthcare sectors.
The ongoing geopolitical conflict involving Iran has triggered significant cyber and influence operations, with multiple nation-state and hacktivist groups leveraging the crisis for espionage, destructive attacks, and narrative manipulation. Organizations are advised to prepare for a surge in Iranian cyber activity as domestic internet blackouts lift, alongside heightened risks of physical threats and supply chain disruptions.
Iranian-linked threat actors consistently utilize a core set of cost-effective initial access techniques, including social engineering, rapid exploitation of known vulnerabilities, and credential abuse. These groups frequently leverage legitimate RMM tools and trusted cloud services to establish persistence and evade detection, highlighting the need for robust identity management, prompt patching, and perimeter security.
Handala Hack, an Iranian MOIS-affiliated threat actor also known as Void Manticore, conducts destructive wiping and hack-and-leak operations against US, Israeli, and Albanian targets. The group leverages compromised VPN credentials for initial access, uses NetBird for internal tunneling, and deploys multiple parallel wiping techniques—including custom MBR wipers, PowerShell scripts, and VeraCrypt—distributed via Active Directory Group Policy.
Iranian Ministry of Intelligence and Security (MOIS) affiliated threat actors, including Void Manticore and MuddyWater, are increasingly integrating cybercriminal tools, infrastructure, and affiliate models into their operations. This strategic shift, which includes the use of commercial infostealers like Rhadamanthys and RaaS platforms like Qilin, enhances their operational capabilities while complicating attribution efforts.
Iranian threat actors are actively exploiting vulnerabilities in Hikvision and Dahua IP cameras across the Middle East to support physical warfare operations. The compromised devices are utilized for battle damage assessment (BDA) and targeting correction during kinetic military operations, with exploitation spikes correlating closely with regional geopolitical events.
Following coordinated military strikes by the U.S. and Israel against Iran, there has been a significant surge in hacktivist activity. Pro-Iran groups are conducting website defacements, DDoS attacks, doxxing, and claiming unverified attacks on critical infrastructure, while pro-Israel groups are retaliating, elevating the cyber threat landscape for organizations in the U.S., Israel, and the Middle East.
The NCSC has issued an alert advising UK organizations, particularly those with ties to the Middle East, to bolster their cybersecurity posture amid ongoing regional conflicts. While direct threats to the UK remain low, there is a heightened risk of collateral damage from Iran-linked hacktivists utilizing DDoS, phishing, and ICS targeting.