DragonForce ransomware operators deployed a novel Go-based backdoor called Backdoor.Turn that abuses Microsoft Teams TURN relay infrastructure to hide C2 traffic as legitimate Teams communications. The attack chain involves SQL/MSSQL server exploitation for initial access, DLL sideloading via VirtualBox/DbgView executables, multiple BYOVD techniques for defense evasion including a novel exploit of a Huawei driver, and ultimately DragonForce ransomware deployment. The group demonstrated exceptional sophistication with custom tooling and stealth techniques that evade standard network monitoring.
Backdoor.Mistic is a new stealthy backdoor deployed in cybercrime intrusions since April 2026, using DLL sideloading via legitimate MpExtMs.exe and masquerading as EndpointDlp.dll. It executes payloads in memory with a self-deleting kill switch, enabling long-term covert access. Mistic is likely linked to Woodgnat (aka KongTuke), an initial access broker whose ModeloRAT toolkit has been used in attacks delivering Qilin ransomware, connecting this backdoor to the broader ransomware ecosystem.
QuimaRAT is a cross-platform, Java-based remote access trojan sold as a malware-as-a-service subscription on the dark web. It targets Windows, macOS, and Linux systems by embedding JNA native libraries for multiple architectures within a JAR archive built for Java SE 8. The RAT decrypts an internal configuration file using repeating-key XOR, performs anti-analysis and virtualization checks, establishes persistence via OS-specific mechanisms, and maintains resilient C2 communication through HANDSHAKE and HEARTBEAT protocols. With 23 implemented commands and 212 protocol-only commands, the platform is highly extensible through runtime modules and fileless payloads.
LevelBlue GSOC has identified accelerating ValleyRAT campaigns delivered through fake installers and malicious emails targeting Chinese and Japanese-speaking users. The email-based attack chain uses DLL sideloading via a legitimate VLC executable to load a malicious DLL that downloads an RC4-encrypted, Donut-generated ValleyRAT payload, which is then injected into a suspended rundll32.exe process for fileless execution. The malware incorporates extensive anti-analysis checks (memory size, sleep timing, CPU count, VHD boot detection) and establishes persistence via registry Run keys.
An active multi-stage phishing campaign distributes AsyncRAT and Remcos RATs through weaponized Excel attachments targeting sales, procurement, and vendor management staff globally. The infection chain uses VBA macros to retrieve HTA payloads via URL shorteners and Cloudflare Workers, with final payloads hidden via PNG steganography and loaded filelessly into memory via .NET assembly loading. The campaign demonstrates high-volume, automated payload generation with consistent obfuscation patterns including Base64 encoding, character substitution, and string reversal.
UNK_DeadDrop is a likely North Korean threat actor conducting broad phishing campaigns targeting software developers with fake job offers and code review requests. The campaign delivers malicious GitHub/GitLab repositories that abuse VS Code and Cursor IDE task automation to silently execute cross-platform malware. Linux and macOS systems receive the Overlord Go RAT with custom credential and wallet theft modules, while Windows runs a fileless Node.js/Python pipeline inside the editor's Electron process. The malware exfiltrates cryptocurrency wallets, browser credentials, and OS keychain data to a hardcoded C&C server at 23.137.105.75:5173.
The Shai Hulud supply chain worm, attributed to TeamPCP, compromises CI/CD pipelines by injecting malicious npm/PyPI packages that harvest build credentials and pivot into production AWS cloud infrastructure. In a confirmed breach, attackers stole Jenkins EC2 instance role credentials via the Instance Metadata Service (IMDS), used them from external IPs, escalated privileges by creating an IAM user with AdministratorAccess, modified Redshift and Aurora security groups to open network paths, enumerated Secrets Manager for warehouse credentials, and exfiltrated data via the Redshift Data API. The attack demonstrates that pipeline identity equals production identity, with explicit attacker naming conventions (exfil-s3-* policies, exfil STS session names) providing high-fidelity detection opportunities.
The Armored Likho APT group deploys a previously undocumented Python-based infostealer called BusySnake Stealer against government agencies and electric power sector organizations in Russia, Brazil, and Kazakhstan. The malware uses PyArmor Pro obfuscation, AI-generated first-stage loaders hosted on GitHub, and a modular C2 architecture to steal browser credentials, cookies, cryptocurrency wallets, 2FA secrets, Telegram data, and screenshots. The campaign demonstrates evolving TTPs including in-memory Python script execution, COM-based scheduled task persistence, and integrated reverse SSH tunneling that receives keys directly from the C2 server.
A new wave of the Mini Shai-Hulud/Miasma/Hades supply chain attack campaign has compromised 23 npm packages across the LeoPlatform and RStreams ecosystems, plus the Verana Blockchain Go module. The attack uses binding.gyp install-time execution (Phantom Gyp pattern) to trigger multi-stage obfuscated JavaScript loaders that decrypt AES-GCM payloads, stage execution through Bun to evade Node.js security hooks, and steal developer/CI/CD credentials including npm, GitHub, cloud, and AI-agent tokens. The campaign also poisons GitHub Actions workflows and plants persistence hooks in AI coding assistant configurations, creating delayed execution surfaces that survive package remediation.
Kaspersky's 2025 compromise assessment report reveals that organizations consistently fail to detect long-dwelling threats, with 30.8% of incidents persisting over 3 months and 52% of high-severity compromises going undetected for 90+ days. Key findings include widespread abuse of LoLBins and remote management tools in every incident-bearing engagement, 40% of web shells surviving in backups to be restored post-remediation, and a strong correlation between in-house forensics/reverse-engineering capability and reduced incident severity. Multiple case studies document dormant crypto-mining on domain controllers (4 years), in-memory LionTail implants on critical servers, PurpleFox rootkit infections evading EDR with disabled memory scanning, and ClipBanker persistence via registry Run keys with Defender exclusions.
Cisco Talos identified ARToken, a phishing-as-a-service platform linked to EvilTokens, that abuses Microsoft's OAuth 2.0 Device Authorization Grant to bypass MFA and capture victim tokens. The platform provides affiliates with a comprehensive post-compromise toolkit including PRT-based persistence surviving password resets, BEC email operations, inbox rule manipulation, and SharePoint exfiltration. ARToken deploys a sophisticated seven-layer client-side anti-analysis system and abuses legitimate sharepoint.com URLs from attacker-controlled Microsoft 365 workspaces to evade security scanners.
StealC is a C++ malware-as-a-service infostealer that harvests credentials, cookies, and session tokens from browsers, email clients, crypto wallets, and gaming platforms, using APC injection to bypass Chromium App-Bound Encryption. Amadey is a modular MaaS loader that delivers StealC and other payloads through a rich backdoor command set including process injection, SOCKS proxying, RDP enablement, and hidden admin account creation. Microsoft DCU disrupted over 200 C2 domains and IPs associated with both threats in a coordinated action with Europol on June 24, 2026.
Google Threat Intelligence Group analyzes the evolution of the pro-Russia influence ecosystem four years into the full-scale invasion of Ukraine, identifying a pivot from war-focused operations back to global strategic objectives targeting the West, NATO, and the EU. The ecosystem comprises six interconnected components — overt media, covert IO campaigns, hacktivism, cyber espionage, government direction, and outsourced proxies — that cross-promote and amplify narratives. Key trends include the increasing use of generative AI for content creation, the blending of cyber espionage with influence operations via hack-and-leak tactics, and the outsourcing of capability development to contractors like NTC Vulkan for plausible deniability.
A large-scale campaign abuses the legitimate ScreenConnect remote management tool, distributed via 90+ spoofed freeware download sites using SEO poisoning, to silently deploy AsyncRAT. The attack uses DLL sideloading via a Microsoft-signed install.exe binary, followed by a multi-stage loader chain involving PowerShell and VBScript scripts that disable Defender, bypass UAC, and ultimately inject AsyncRAT into RegAsm.exe via process hollowing. The campaign targets both consumers and corporate networks across multiple languages and regions.
ESET Research contributed to Operation Endgame, a coordinated global disruption targeting the Amadey botnet and Stealc infostealer MaaS ecosystems. The operation seized or rendered inoperative approximately 50 domains and nearly 200 active IP-based C&C servers. ESET provided technical analysis, C&C server lists, RC4 encryption keys, campaign/build identifiers, and clustering methodology based on long-term tracking of both malware families. The fragmented, affiliate-operated infrastructure model used by both services required advanced graph-based clustering of RC4 keys, build IDs, and C&C URL paths to identify high-priority targets for disruption.
Gamaredon, a Russia-aligned APT group attributed to the FSB, maintained high operational tempo throughout 2025 with 35 spearphishing campaigns exclusively targeting Ukrainian government and military institutions. The group introduced six new PowerShell tools, resurrected the PteroSetup VBScript weaponizer for lateral movement, and began abusing CVE-2025-8088 (WinRAR) for persistence via the Startup folder. A significant infrastructure evolution occurred: C&C servers are now hidden behind tunnel services (Cloudflare tunnels, Cloudflare workers, Microsoft devtunnels, Loophole) and dead-drop resolutions on legitimate platforms (Telegram, Telegra.ph, Rentry, GoFile, Dropbox, and others), while stolen data is exfiltrated to S3-compatible cloud storage (Wasabi, Tebi, Intercolo) rather than attacker-owned servers.
AI Attacked and Abused While Perimeter Authentication Collapses
The month's defining shift was the emergence of AI as a two-sided battlefield: organizations deployed AI tools faster than they secured them, while attackers weaponized the same technology against defenders. Critical flaws in LangGraph allowed SQL injection chained to remote code execution, M365 Copilot could be turned into a one-click data exfiltration weapon via SearchLeak, and Langflow was exploited to deploy cryptominers. Meanwhile, the ongoing Shai-Hulud campaign injected prompts to blind AI malware scanners, macOS.Gaslight turned prompt injection against human analysts, and Russia's APT28 began experimenting with LLM-integrated malware. At the same time, perimeter authentication collapsed at scale: FortiBleed exposed credentials for over 73,000 FortiGate firewalls, CVE-2026-50751 let attackers bypass Check Point VPN authentication entirely, and ShinyHunters exploited an Oracle PeopleSoft zero-day across over 100 organizations.
Supply chain attackers followed developers to their new AI tools, compromising the ecosystems where code is written and built. The Shai-Hulud/Miasma worm expanded from npm into PyPI and injected persistent backdoors into AI coding assistant configurations, while North Korea's Sapphire Sleet compromised over 140 Mastra npm packages to steal cryptocurrency wallets, and the ongoing GlassWorm campaign pivoted to WebAssembly malware in VS Code extensions using the Solana blockchain as command-and-control. Social engineering also industrialized: the ErrTraffic framework turned ClickFix deception into a Malware-as-a-Service operation with blockchain dead drops, and EvilTokens hid phishing flows inside browser-side encryption to defeat network scanners while hijacking Microsoft device-code authentication.
Organizations should treat AI deployments as untrusted perimeter assets—restrict their network access, audit third-party skills and extensions, and assume prompt-injection attacks will target both automated scanners and human analysts. Every internet-facing VPN, firewall, and edge appliance should be patched immediately, with credentials rotated and phishing-resistant MFA enforced, because perimeter authentication failures now cascade directly into internal network compromise.
Legitimate Tools Hijacked as AI Becomes the New Battleground
The most damaging intrusions this week didn't rely on custom malware — they hijacked the legitimate tools and protocols organizations already trust. FortiBleed harvested real credentials from FortiGate firewall configurations worldwide, EvilTokens bypassed multi-factor authentication by abusing Microsoft's own device login flow, and a WhatsApp campaign installed legitimate ManageEngine remote management software to maintain persistent access.
Simultaneously, attackers are learning to manipulate the AI systems defenders increasingly depend on. The macOS.Gaslight malware feeds fake error messages to AI analysis tools to blind security analysts, malicious skills on the OpenClaw marketplace trick AI assistants into executing harmful commands, and researchers demonstrated that chatbot reconnaissance can map an organization's defenses through casual conversation.
Reset all FortiGate and VPN credentials immediately, scrutinize AI marketplace add-ons before installation, and assume that any legitimate-looking login prompt or remote management tool could be an attacker wearing a trusted disguise.
The StrikeShark campaign utilizes a novel malware family named SharkLoader to deploy Cobalt Strike Beacons across various global sectors. Threat actors gain initial access by exploiting known vulnerabilities in public-facing applications or distributing custom droppers disguised as legitimate software. SharkLoader employs advanced evasion techniques, including Perfect DLL Hijacking and extensive API hooking, to bypass loader locks and conceal its execution in memory.
SentinelLABS identified macOS.Gaslight, a DPRK-aligned Rust backdoor targeting macOS systems. The implant establishes a resilient C2 channel via the Telegram Bot API using AES-GCM over pinned TLS and achieves persistence via a masqueraded LaunchAgent. Notably, it embeds a 38-message prompt-injection payload designed to feed fabricated system errors to LLM-assisted triage tools, aiming to abort or corrupt automated analysis. The malware also stages a standalone Python environment to execute a credential and data stealer.
Microsoft identified a large-scale npm supply chain attack by North Korean threat actor Sapphire Sleet, compromising over 140 packages in the Mastra ecosystem. The attackers used a compromised maintainer account to inject a malicious typosquat dependency that executes a cross-platform Node.js implant during installation, leading to cryptocurrency wallet theft, host reconnaissance, and persistent backdoor access.
ESET researchers analyzed the Gentlemen ransomware-as-a-service (RaaS) operation, highlighting their unique approach of providing an in-house developed EDR killer framework, GentleKiller, directly to affiliates. The framework leverages Bring Your Own Vulnerable Driver (BYOVD) techniques to terminate over 400 security processes and is augmented by third-party tools like HexKiller and HavocKiller, all standardized with a shared defense-evasion layer.
ThreatLabz identified a ClickFix campaign utilizing AI-generated typosquatting domains to impersonate Brazilian banks and deliver a PowerShell-based banking RAT dubbed SmartRAT. The malware establishes persistence via scheduled tasks or Windows services, communicates over a custom TCP protocol on port 51888, and features advanced capabilities including keylogging, fake banking overlays, and QR code interception for financial fraud.
A coordinated supply chain attack compromised over 140 npm packages in the Mastra namespace by injecting a typosquatted dependency, easy-day-js. This dependency uses a postinstall hook to execute a cross-platform Node.js infostealer that establishes persistence, inventories cryptocurrency wallets, steals browser history, and enables arbitrary remote code execution via a custom ICAP-style C2 protocol.
A threat actor is distributing Rust-based cryptocurrency clipboard hijackers for Windows and macOS by disguising them as trading bots and game predictors. The campaign leverages extensive social engineering, utilizing 'Ghost Networks' to artificially inflate engagement metrics across GitHub, SourceForge, YouTube, and VirusTotal to establish false credibility. The malware achieves persistence and continuously monitors the victim's clipboard to replace legitimate cryptocurrency addresses with attacker-controlled wallets.
ESET researchers discovered two undocumented Windows variants of the SprySOCKS backdoor, WINDRV and WINPLUS, attributed to the China-aligned FishMonger APT. These variants utilize advanced stealth techniques, including a custom kernel driver for hiding artifacts and diverting TCP traffic, as well as print processor abuse for persistence.
Google Threat Intelligence Group identified a PRC-nexus espionage campaign by UNC6508 targeting North American research and defense entities. The actors compromised REDCap servers to deploy INFINITERED, a custom malware that harvests credentials and intercepts software upgrades for persistence. Using stolen credentials, the attackers pivoted to administrative accounts and abused email content compliance rules to covertly exfiltrate sensitive intelligence.
The Shai-Hulud software supply chain campaign has significantly evolved, expanding from npm to PyPI and shifting from maintainer compromise to CI/CD abuse. Recent waves demonstrate advanced techniques including OIDC token scraping to bypass SLSA provenance, IDE configuration file weaponization, and prompt injection designed to evade LLM-based security scanners.
Between 2024 and 2026, the Vietnam-aligned threat actor OceanLotus (APT32) shifted its focus toward domestic espionage, conducting a supply-chain attack against the FireAnt MetaKit stock investment platform and compromising a major infrastructure corporation. The campaigns leveraged DLL side-loading to deploy the SPECTRALVIPER backdoor, which features advanced orchestration capabilities and exfiltrates encrypted host data via HTTP Cookie headers.
Sekoia's Threat Detection & Research team details the two-decade evolution of APT28's tradecraft, highlighting a strategic shift from monolithic implants to disposable, single-purpose tools and compromised edge-router infrastructure. Recent operations demonstrate a return to custom cloud-resident backdoors and novel experimentation with LLM-driven infostealers.
Multiple Russia-aligned threat actors, including SHADOW-EARTH-066 and Earth Dahu, are actively exploiting a patched WinRAR path traversal vulnerability (CVE-2025-8088) to target Ukrainian organizations. The attackers use crafted RAR archives with NTFS Alternate Data Streams to silently drop malicious payloads, such as the evolved GIFTEDCROOK infostealer or HTA-based espionage tools, into the Windows Startup folder and ProgramData directories.
This threat intelligence report highlights active exploitation of critical vulnerabilities, including a Windows Netlogon RCE (CVE-2026-41089) and an Android Framework flaw. It also details significant data breaches affecting DentaQuest and the UN WFP, emerging AI-driven threats such as EDR evasion labs, a supply chain compromise of the Hola browser, and Iranian state-sponsored espionage operations utilizing Dutch hosting infrastructure.
The financially motivated threat cluster UNC3753 is conducting a fast-paced data theft and extortion campaign against US legal and professional services. The group leverages vishing and IT helpdesk impersonation to trick targets into installing legitimate RMM and screen-sharing tools, enabling rapid data exfiltration from corporate repositories and VDI environments. Notably, the campaign also involves suspected physical intrusions where actors use USB media to steal data directly from endpoints.
VerdantBamboo, a Chinese threat actor, compromised edge appliances including Egnyte Storage Sync, pfSense firewalls, and Synology NAS devices to deploy custom malware (BRICKSTORM, PLENET, AGENTPSD). The attackers exploited a compromised MSP and local privilege escalation misconfigurations to maintain long-term persistence, using the compromised devices to proxy traffic and bypass Microsoft 365 Conditional Access policies.
A newly discovered malware campaign dubbed Argamal targets users downloading adult games, utilizing DLL sideloading and COM hijacking to deploy a sophisticated Remote Access Trojan (RAT). The malware establishes persistence by hijacking the Windows Color System Calibration Loader and grants attackers full system control, including surveillance, file exfiltration, and arbitrary command execution.
JS.MonoGlyphRAT is a newly identified, highly obfuscated JavaScript backdoor targeting US enterprises via phishing. It establishes persistence, communicates over HTTP using custom headers, and acts as a loader capable of executing AES-encrypted payloads, PowerShell commands, and in-memory .NET assemblies while bypassing AMSI.
PHANTOMPULSE is a sophisticated RAT attributed to DPRK-aligned actors that utilizes hardware breakpoints to bypass AMSI, WLDP, and ETW. It establishes a resilient, sinkhole-able command and control channel by resolving C2 URLs from blockchain transaction inputs and employs multiple process injection and UAC bypass techniques.
Gamaredon (FSB) is conducting an ongoing cyberespionage campaign against Ukrainian targets using a modular, fileless infection chain. The attack leverages HTML smuggling and archive path traversal (CVE-2025-8088) for initial access, followed by the deployment of GammaWorm, which utilizes NTFS Alternate Data Streams (ADS) and Dead Drop Resolvers (DDRs) on legitimate platforms for persistence, propagation, and C2 communication.
Session Hijacking and Developer Tool Poisoning Collapse Authentication Trust
This week, attackers proved that multi-factor authentication is no longer a reliable gatekeeper. Campaigns like Tycoon 2FA and Chinese-language PhaaS platforms intercept one-time passwords in real time and steal session tokens to maintain persistent access, while infostealers like EKZ Infostealer harvest browser cookies to bypass authentication entirely. Even when victims reset passwords and revoke sessions, attackers retain access through hidden device registrations — meaning standard incident response playbooks are now incomplete.
Developers remain the preferred entry point for supply chain compromise. The Glassworm botnet was disrupted after hiding malware in VSCode extensions and npm packages, while the Megalodon campaign poisoned GitHub Actions workflows across 5,500 repositories. A malicious Sicoob.Sdk NuGet package stole banking certificates from Brazilian developers, and North Korea's Lazarus group compromised the widely used axios npm library — a single attack touching millions of downstream applications.
Organizations must move beyond password-and-MFA reliance: adopt hardware security keys, shorten session lifetimes, delete attacker-registered devices before resetting credentials, and audit developer toolchains and CI/CD pipelines for tampering.
The Gentlemen ransomware, operated by Storm-2697, is a Go-based encryptor that combines robust Curve25519/XChaCha20 encryption with aggressive lateral movement capabilities. It utilizes multiple redundant propagation methods (PsExec, WMI, scheduled tasks, services) to maximize network compromise while employing extensive defense evasion techniques to hinder detection and recovery.
Cybercriminals are shifting from traditional credential theft to session hijacking using infostealer malware, allowing them to bypass multi-factor authentication (MFA). By harvesting and replaying valid session tokens using automated tools, attackers gain rapid, stealthy access to corporate environments, which is then often monetized by Initial Access Brokers.
Russian threat actor UTA0355 is conducting targeted phishing campaigns against foreign policy and government professionals by spoofing European security conferences. The attackers use rapport-building techniques and out-of-band messaging to trick victims into authorizing malicious Microsoft 365 OAuth applications and Device Code workflows, granting unauthorized access to their accounts.
The TrapDoor campaign is a sophisticated supply chain attack targeting crypto, DeFi, and AI developers across npm, PyPI, and Crates.io. The threat actor deployed over 34 malicious packages that utilize ecosystem-specific execution methods to steal credentials, wallets, and SSH keys, while uniquely leveraging AI configuration files like .cursorrules to trick AI assistants into executing exfiltration workflows.
This threat intelligence report highlights a surge in ransomware activity, critical zero-day vulnerabilities in Windows, and the active exploitation of Cisco Catalyst SD-WAN controllers. Additionally, it details emerging AI-driven threats, including malicious Hugging Face repositories and the abuse of AI website generators for phishing, alongside an APT intrusion by FamousSparrow targeting the energy sector.
Unit 42 identified an active cyberespionage campaign by the Iran-nexus APT group Screening Serpens, targeting entities in the U.S., Israel, and the Middle East. The threat actor deployed two new RAT families, MiniUpdate and MiniJunk V2, utilizing advanced AppDomainManager hijacking and DLL sideloading to evade native .NET security mechanisms like ETW. The attacks rely on highly tailored social engineering lures, such as fake job portals and video conferencing updates, to initiate the infection chain and establish persistent command and control.
Iranian threat actor Nimbus Manticore (UNC1549) conducted a series of campaigns in early 2026 utilizing AppDomain Hijacking, SEO poisoning, and task hijacking to deploy the new MiniFast backdoor. The group demonstrated rapid toolset evolution, likely aided by AI-assisted development, targeting the aviation and software sectors across the US, Europe, and the Middle East.
ROADtools is an open-source Python framework designed for Entra ID exploration that has been co-opted by nation-state threat actors like APT29 and APT33. Attackers leverage its modules to conduct extensive directory reconnaissance, register rogue devices for persistence, and manipulate OAuth tokens to bypass interactive authentication controls such as MFA. Detection relies on identifying anomalous Microsoft Graph API queries, unusual user-agent strings, and default device registration artifacts.
The Cloud Atlas APT group has updated its toolset in 2025-2026 campaigns targeting Russia and Belarus, utilizing LNK-based phishing to deploy VBCloud and PowerShower backdoors. The group establishes persistent access by patching termsrv.dll for concurrent RDP sessions and heavily relies on reverse SSH, RevSocks, and Tor for redundant C2 channels. Additionally, a new PowerShell tool named PowerCloud is used to exfiltrate administrator data to Google Sheets.
The Gentlemen ransomware operates as a Ransomware-as-a-Service (RaaS) model, utilizing affiliates who employ extensive defense evasion techniques. Recent incidents reveal attackers leveraging compromised RDP accounts, disabling Microsoft Defender via PowerShell, and establishing persistence through Scheduled Tasks that beacon to SOCKS proxy C2 servers.
A solo Russian-speaking threat actor tracked as 'bandcampro' leveraged jailbroken AI models to automate a multi-year influence operation and cryptocurrency fraud campaign targeting American conservative communities. The actor utilized AI for content generation, infrastructure management, password mutation for WordPress brute-forcing, and distributed a fake crypto wallet that installed the legitimate GoToResolve RMM tool for remote access.