AI is not fundamentally changing adversary capabilities but is compressing attack timelines, lowering operational costs, and scaling existing tactics. Breakout times have dropped to an average of 29 minutes, with AI-enabled operations increasing 89% year-on-year. The most significant emerging threats are runtime-LLM malware (PROMPTSTEAL/LAMEHUG, QUIETVAULT) that query language models during execution, and agentic AI operations (GTG-1002) where AI agents conduct multi-stage intrusions with minimal human steering. Defenders face a dual pressure: faster attacks and an expanding attack surface from AI supply-chain dependencies.
Google Threat Intelligence Group analyzed STOCKSTAY, a modular .NET backdoor developed and operated by Turla since late 2022, which uses a WebSocket-based C2 channel, RSA/AES encrypted communications, and IPC via WM_COPYDATA between its downloader, orchestrator, tunneler, and backdoor components. STOCKSTAY exhibits strong code, architectural, and obfuscation (K1MORPHER) overlaps with KAZUAR, suggesting a shared development team, and has been deployed via phishing (malicious RDP files, HTA lures) and, most recently, exploitation of CVE-2025-8088 in WinRAR to target Ukrainian military personnel. The actor leverages legitimate hosting platforms (Render, Glitch, GitHub) and compromised third-party/government infrastructure to obscure C2 infrastructure and complicate attribution.
Google Threat Intelligence Group analyzes the evolution of the pro-Russia influence ecosystem four years into the full-scale invasion of Ukraine, identifying a pivot from war-focused operations back to global strategic objectives targeting the West, NATO, and the EU. The ecosystem comprises six interconnected components — overt media, covert IO campaigns, hacktivism, cyber espionage, government direction, and outsourced proxies — that cross-promote and amplify narratives. Key trends include the increasing use of generative AI for content creation, the blending of cyber espionage with influence operations via hack-and-leak tactics, and the outsourcing of capability development to contractors like NTC Vulkan for plausible deniability.
Gamaredon, a Russia-aligned APT group attributed to the FSB, maintained high operational tempo throughout 2025 with 35 spearphishing campaigns exclusively targeting Ukrainian government and military institutions. The group introduced six new PowerShell tools, resurrected the PteroSetup VBScript weaponizer for lateral movement, and began abusing CVE-2025-8088 (WinRAR) for persistence via the Startup folder. A significant infrastructure evolution occurred: C&C servers are now hidden behind tunnel services (Cloudflare tunnels, Cloudflare workers, Microsoft devtunnels, Loophole) and dead-drop resolutions on legitimate platforms (Telegram, Telegra.ph, Rentry, GoFile, Dropbox, and others), while stolen data is exfiltrated to S3-compatible cloud storage (Wasabi, Tebi, Intercolo) rather than attacker-owned servers.
AI Attacked and Abused While Perimeter Authentication Collapses
The month's defining shift was the emergence of AI as a two-sided battlefield: organizations deployed AI tools faster than they secured them, while attackers weaponized the same technology against defenders. Critical flaws in LangGraph allowed SQL injection chained to remote code execution, M365 Copilot could be turned into a one-click data exfiltration weapon via SearchLeak, and Langflow was exploited to deploy cryptominers. Meanwhile, the ongoing Shai-Hulud campaign injected prompts to blind AI malware scanners, macOS.Gaslight turned prompt injection against human analysts, and Russia's APT28 began experimenting with LLM-integrated malware. At the same time, perimeter authentication collapsed at scale: FortiBleed exposed credentials for over 73,000 FortiGate firewalls, CVE-2026-50751 let attackers bypass Check Point VPN authentication entirely, and ShinyHunters exploited an Oracle PeopleSoft zero-day across over 100 organizations.
Supply chain attackers followed developers to their new AI tools, compromising the ecosystems where code is written and built. The Shai-Hulud/Miasma worm expanded from npm into PyPI and injected persistent backdoors into AI coding assistant configurations, while North Korea's Sapphire Sleet compromised over 140 Mastra npm packages to steal cryptocurrency wallets, and the ongoing GlassWorm campaign pivoted to WebAssembly malware in VS Code extensions using the Solana blockchain as command-and-control. Social engineering also industrialized: the ErrTraffic framework turned ClickFix deception into a Malware-as-a-Service operation with blockchain dead drops, and EvilTokens hid phishing flows inside browser-side encryption to defeat network scanners while hijacking Microsoft device-code authentication.
Organizations should treat AI deployments as untrusted perimeter assets—restrict their network access, audit third-party skills and extensions, and assume prompt-injection attacks will target both automated scanners and human analysts. Every internet-facing VPN, firewall, and edge appliance should be patched immediately, with credentials rotated and phishing-resistant MFA enforced, because perimeter authentication failures now cascade directly into internal network compromise.
A newly discovered Windows loader, OXLOADER, is being distributed via malicious Google Ads impersonating Node.js to deliver the CASTLESTEALER infostealer. The loader utilizes advanced evasion techniques, including control-flow flattening, anti-sandbox checks, and staging shellcode within the .reloc section of a copied system DLL, to maintain low detection rates across static engines.
This threat intelligence report highlights multiple critical vulnerabilities and active exploits, including a zero-day in Oracle PeopleSoft (CVE-2026-35273) exploited by ShinyHunters and an IKEv1 authentication bypass in Check Point VPNs (CVE-2026-50751) linked to Qilin ransomware. Additionally, the report details emerging AI-driven threats, a supply-chain compromise in the Arch User Repository deploying eBPF rootkits, and widespread patching efforts by Microsoft and Veeam.
Sekoia's Threat Detection & Research team details the two-decade evolution of APT28's tradecraft, highlighting a strategic shift from monolithic implants to disposable, single-purpose tools and compromised edge-router infrastructure. Recent operations demonstrate a return to custom cloud-resident backdoors and novel experimentation with LLM-driven infostealers.
Multiple Russia-aligned threat actors, including SHADOW-EARTH-066 and Earth Dahu, are actively exploiting a patched WinRAR path traversal vulnerability (CVE-2025-8088) to target Ukrainian organizations. The attackers use crafted RAR archives with NTFS Alternate Data Streams to silently drop malicious payloads, such as the evolved GIFTEDCROOK infostealer or HTA-based espionage tools, into the Windows Startup folder and ProgramData directories.
Trojanized Build Pipelines and Blind-Spot Appliances Redefine the Perimeter
Attackers are bypassing traditional network defenses by compromising the tools developers use to build software and the AI assistants they rely on to write code. Campaigns like Mini Shai-Hulud and Miasma - The Spreading Blight flooded package registries with malicious code that steals cloud credentials and CI/CD tokens, while researchers proved that public AI agent skill marketplaces are completely ineffective at catching malicious add-ons.
Nation-state actors and cybercriminals are simultaneously shifting their focus to blind spots in corporate networks and trusted platforms. The VerdantBamboo group exploited firewalls to bypass conditional access, while UNC3753 used IT impersonation to trick law firm employees into installing remote access tools, and Kali365 expanded its phishing infrastructure to steal multi-factor authentication tokens.
Defenders must shift their focus from perimeter email filtering to securing the software build pipeline and monitoring edge appliances for anomalous traffic. Hunt for unexpected connections to cloud storage APIs and review developer environments for compromised packages or AI skills.
Gamaredon, an FSB-linked threat actor, has deployed a highly evasive, fileless stealer dubbed GammaSteel targeting Ukrainian entities. The malware leverages Windows DPAPI to encrypt and stage payloads within the registry, actively monitoring local, network, and USB drives for sensitive documents to exfiltrate via legitimate cloud services and dynamic C2 infrastructure.
Gamaredon, a Russia-nexus threat actor, utilizes a multi-stage VBScript loader framework named GammaLoad to establish persistent access and deploy subsequent payloads like GammaSteel. The infection chain leverages Dead Drop Resolvers on legitimate platforms, stores C2 configurations in the Windows Registry, and uses Alternate Data Streams (ADS) combined with Scheduled Tasks for stealthy execution.
ESET researchers presented evidence of a 2025 espionage alliance between Russian state-aligned actors Gamaredon and Turla targeting Ukraine. Gamaredon utilized its lightweight custom tooling, including PteroGraphin and PteroOdd, to deploy Turla's Kazuar backdoor and maintain persistence for Turla's advanced espionage operations.
This threat intelligence bulletin highlights a surge in data breaches driven by social engineering, alongside the increasing weaponization of AI tools for phishing, malware development, and supply chain attacks. Active exploitation of vulnerabilities in PAN-OS GlobalProtect and Ghost CMS has been observed, while a critical unpatched RCE in Gogs remains a significant risk. Additionally, targeted campaigns like Grandoreiro and JINX-0164 continue to threaten the financial and cryptocurrency sectors using platform-specific malware and DLL side-loading.
Gamaredon (FSB) is conducting an ongoing cyberespionage campaign against Ukrainian targets using a modular, fileless infection chain. The attack leverages HTML smuggling and archive path traversal (CVE-2025-8088) for initial access, followed by the deployment of GammaWorm, which utilizes NTFS Alternate Data Streams (ADS) and Dead Drop Resolvers (DDRs) on legitimate platforms for persistence, propagation, and C2 communication.
ESET's Q4 2025–Q1 2026 APT Activity Report highlights global espionage and destructive campaigns by state-aligned actors. Notable incidents include a major supply chain compromise of the 'axios' npm library by Lazarus, destructive wiper attacks on Polish critical infrastructure by Sandworm, and the deployment of new edge-device implants like PhiliKit against Ivanti VPNs by China-aligned groups.
WithSecure identified GREYVIBE, a Russia-nexus threat group targeting Ukrainian entities using spear-phishing, ClickFix, and fraudulent websites. The group systematically leverages Generative AI to develop custom malware (PhantomRelay, LegionRelay, FallSpy) and obfuscators, blending state-aligned intelligence gathering with cybercrime ecosystem overlaps.
TamperedChef (also known as EvilAI) is a widespread threat campaign distributing trojanized productivity applications via malvertising. The threat actors heavily abuse legitimate code-signing certificates and employ delayed execution techniques to evade detection, ultimately deploying information stealers, RATs, or adware onto victim endpoints after a dormancy period.
Developer Supply Chains Under Siege as Edge Device Exploits Surge
The dominant narrative this week is the coordinated weaponization of the software supply chain, as threat actors like TeamPCP and Mini Shai-Hulud aggressively target developer tools to steal cloud credentials. Because these attackers compromise trusted build systems like GitHub Actions, a single malicious package—such as the compromised TanStack libraries—can cascade into massive downstream breaches, allowing criminals to hold development environments hostage and even deploy destructive dead-man switches if their access is cut off.
In parallel, attackers are bypassing traditional network defenses by exploiting internet-facing edge devices and logging in with stolen credentials. Threat clusters are actively exploiting critical flaws in Cisco Catalyst SD-WAN and Microsoft Exchange, while ransomware groups like The Gentlemen and state-sponsored actors like Secret Blizzard use these footholds to live off the land, hijacking legitimate IT tools to stay hidden for months.
These trends together suggest that perimeter-focused defenses and basic patching are no longer sufficient. Organizations must immediately isolate their CI/CD pipelines from cloud credentials, enforce phishing-resistant multi-factor authentication on all internet-facing systems, and assume that trusted vendor tools may already be compromised.
Kazuar is a sophisticated, modular P2P botnet attributed to the Russian state-sponsored actor Secret Blizzard. It utilizes a tripartite architecture (Kernel, Bridge, Worker) and a leader election mechanism to minimize external C2 traffic, relying on Mailslots, Window Messaging, and Named Pipes for internal communication and HTTP, WSS, or EWS for external C2.
FrostyNeighbor, a Belarus-aligned threat actor, has updated its toolset to target Ukrainian governmental organizations with a multi-stage compromise chain. The attack utilizes spearphishing with malicious PDFs that redirect to a RAR archive containing a JavaScript dropper, which ultimately deploys a Cobalt Strike beacon via the PicassoLoader malware following strict server-side and manual victim validation.
Google Threat Intelligence Group discovered DarkSword, a sophisticated iOS full-chain exploit leveraging six zero-day vulnerabilities to target iOS 18.4-18.7 devices. Adopted by multiple state-sponsored actors and commercial surveillance vendors, the pure-JavaScript exploit chain bypasses modern iOS mitigations to deploy data-mining payloads like GHOSTBLADE, GHOSTKNIFE, and GHOSTSABER.
The Sednit threat group (APT28) has deployed a modernized espionage toolkit targeting Ukrainian military personnel. The toolkit consists of custom implants SlimAgent and BeardShell, alongside a heavily modified version of the Covenant framework, utilizing legitimate cloud storage providers for resilient Command and Control (C&C).
Russian-aligned threat actor RomCom, assessed to be GRU Unit 29155, utilized the SocGholish malware delivery framework to target a U.S. company supporting Ukraine. The attack chain leveraged fake browser updates to establish initial access, followed by the rapid deployment of a custom Python backdoor (VIPERTUNNEL) and a targeted Mythic Agent loader.