17 Critical Alerts Covering APT AI Adoption, Pre-Auth Zero-Days, and Supply Chain Worms

SISA Weekly Threat Watch – our weekly feature brings to you a quick snapshot of all the major security vulnerabilities that posed a threat to organizations worldwide. These recurring actionable threat advisories will also provide information and recommendations that will help security teams take appropriate actions to defend against the latest and critical threats.

1. Advanced Persistent Threats (APTs) and Espionage Operations

Nation-state actors are refining their tradecraft, moving away from easily detectable malware binaries toward “Living off the Land” (LotL) techniques, AI-assisted development, and the abuse of legitimate cloud infrastructure.

• MuddyWater (Operation Olalampo) — Iranian state-linked actors are targeting the MENA region using a new Rust-based backdoor (CHAR). Notably, researchers found evidence of generative AI involvement in the malware’s development, allowing the group to rapidly iterate and scale their custom tooling. They are also abusing Telegram bots and AnyDesk for C2 and persistence.

• APT28 (Operation MacroMaze) — Russian state-sponsored actors are using extremely low-complexity tooling (VBScript, batch files, and HTML payloads rendered off-screen in Microsoft Edge) to target Western Europe. They bypass traditional C2 infrastructure by abusing legitimate webhook services (webhook[.]site) to deliver commands and exfiltrate data, blending malicious activity into normal HTTPS traffic.

• UnsolicitedBooker, PseudoSticky, & Cloud Atlas — A cluster of espionage campaigns targeting telecom and enterprise sectors in Central Asia and Russia. These actors are utilizing custom C++ backdoors (LuciDoor, MarsSnake) and deliberately impersonating other hacking collectives (PseudoSticky mimicking Sticky Werewolf) to obscure attribution.

• UAC-0050 (Mercenary Akula) — A Russia-aligned mercenary group targeted a European financial institution supporting Ukraine. They used spoofed judicial domains and nested, password-protected archives to deploy Remote Manipulator System (RMS), a legitimate remote admin tool, to gain persistent access for potential financial theft.

2. AI Systems: The New Attack Surface and Adversary Toolkit

The perimeter remains highly vulnerable as attackers rapidly weaponize critical pre-authentication flaws in remote access, file transfer, and network management solutions.

• BeyondTrust Pre-Auth RCE (CVE-2026-1731) — Threat actors are actively exploiting a CVSS 9.9 command injection flaw in Remote Support (RS) and Privileged Remote Access (PRA) appliances. Attackers have gained root-level access, deployed web shells (VShell, Spark RAT), and exfiltrated entire PostgreSQL databases. CISA has added this to the KEV catalog due to confirmed ransomware involvement.

• Cisco Catalyst SD-WAN Auth Bypass (CVE-2026-20127) — A critical (CVSS 10.0) authentication bypass allows unauthenticated attackers to gain administrative privileges on vSmart and vManage controllers. Actively exploited since 2023, attackers use this to manipulate the SD-WAN fabric, escalate to root, and tamper with logs. CISA issued an Emergency Directive mandating immediate patching.

• SolarWinds Serv-U Critical Flaws (CVE-2025-40538) — Four critical vulnerabilities, including Broken Access Control and Type Confusion, allow attackers with existing admin privileges to create unauthorized system admin accounts and execute arbitrary commands with root/system permissions.

• Trend Micro Apex One RCE (CVE-2025-71210 & CVE-2025-71211) — Two critical path traversal vulnerabilities in the Apex One Management Console allow unauthenticated remote code execution. Given the platform’s history of zero-day exploitation, exposed consoles are at extreme risk.

3. Supply Chain Attacks and Developer Compromise

The software supply chain continues to be a primary vector for credential theft, lateral movement, and the deployment of cross-platform malware.

• SANDWORM_MODE npm Worm — A massive campaign involving 19 malicious npm packages designed to operate as a worm. It targets developer environments to steal secrets, API tokens, and cryptocurrency keys. Crucially, it includes an MCPInject module that deploys malicious Model Context Protocol (MCP) servers to compromise AI coding assistants (Claude Code, Cursor) and harvest LLM API keys.

• RoguePilot (GitHub Codespaces Passive Prompt Injection) — A vulnerability allowed attackers to achieve full repository takeover by embedding hidden HTML comments in a GitHub Issue. When a developer launched a Codespace via Copilot from that issue, the AI silently executed the injected instructions, exfiltrated the GITHUB_TOKEN via a JSON $schema fetch, and compromised the repo.

• Malicious NuGet & npm (“ambar-src”) Campaigns — Four NuGet packages targeted ASP.NET developers to deploy the NCryptYo dropper, establishing a localhost proxy to exfiltrate Identity data and inject persistent backdoors into production apps. Separately, the npm package “ambar-src” abused the preinstall hook to deploy OS-specific malware (Windows shellcode, Linux reverse SSH, macOS Apfell C2 agent).

• Fake Next.js Repos Target Developers — Attackers are hosting fake job assessment repositories on GitHub and Bitbucket. When developers run npm run dev or simply open the project in VS Code (triggering automated tasks), malicious JavaScript is executed in-memory to profile the system and steal secrets, communicating with infrastructure hosted on Vercel and Polygon blockchain NFTs.

• Malicious Go Package Impersonates Crypto Lib — A rogue Go package on GitHub (github[.]com/xinfeisoft/crypto) impersonated the legitimate golang.org/x/crypto library. It modified the ReadPassword() function to secretly intercept and exfiltrate credentials entered via terminal prompts, subsequently deploying a Linux backdoor (Rekoobe).

4. Ransomware and Cryptojacking Innovations

Financial motivation drives attackers to integrate sophisticated evasion techniques, including BYOVD and AI, into their payloads.

• Lazarus Group Deploys Medusa Ransomware — For the first time, North Korean state-sponsored actors (Lazarus/Andariel) have been observed using the Medusa ransomware-as-a-service platform to target U.S. healthcare organizations. They combine custom tools (Comebacker, Blindingcan) with commodity utilities to extort funds for broader espionage operations.

• XMRig Campaign with Logic Bomb & BYOVD — A sophisticated cryptojacking campaign uses pirated software lures to deploy XMRig. It utilizes a BYOVD technique (WinRing0x64.sys) for privilege escalation to optimize mining performance and includes a logic bomb that triggers a self-destruct cleanup routine on a specific date. Parallel research showed attackers using LLMs to rapidly generate the initial React2Shell exploit framework for this campaign.

• Arkanix Stealer (MaaS) — A rapidly evolving infostealer that transitioned from Python to C++. Its “Premium” version integrates ChromElevator, a post-exploitation tool that uses Reflective Process Hollowing and Direct Syscalls to bypass Google Chrome’s App-Bound Encryption (ABE) and steal protected data.

Proactive Steps for the Week 

• Patch Emergency: Prioritize updates for BeyondTrust (v25.3.2+), Cisco SD-WAN (migrate to fixed releases like 20.12.6.1), SolarWinds Serv-U (v15.5.4+), and Trend Micro Apex One (Build 14136).

• Secure AI Workflows: Treat repository configurations (.claude/settings.json, .mcp.json) as executable code. Disable automatic schema downloads (json.schemaDownload.enable) in VS Code to mitigate prompt injection exfiltration risks (RoguePilot).

• Audit Developer Dependencies: Immediately scan for and remove known malicious npm (ambar-src, claud-code, etc.), NuGet (NCryptYo, DOMOAuth2_), and Go (xinfeisoft/crypto) packages. Enforce strict dependency pinning and signature verification.

• Harden Browser Environments: Monitor for suspicious child processes spawning from Microsoft Edge or Chrome, especially those running off-screen or in headless mode (MacroMaze). Deploy EDR capable of detecting process hollowing techniques targeting chrome.exe (Arkanix).

• Block Webhook Abuse: Inspect and potentially restrict outbound HTTP/HTTPS requests to known webhook hosting services (webhook[.]site) originating from Office applications or non-standard browsers to disrupt C2 channels.