Beyond the Perimeter: How Adversaries Weaponize Extensions, APIs, and Firewalls

SISA Weekly Threat Watch – our weekly feature brings to you a quick snapshot of all the major security vulnerabilities that posed a threat to organizations worldwide. These recurring actionable threat advisories will also provide information and recommendations that will help security teams take appropriate actions to defend against the latest and critical threats.

1. Developer Supply Chains Under Fire

Attackers weaponise extensions, packages, and recruiter lures to pivot from dev workstations into build and cloud estates.

GlassWorm – Self-propagating VS Code extension worm (Solana + Google Calendar C2)
Malicious updates to popular VS Code extensions auto-infect ~35.8k installs, scraping developer creds/wallets and spreading via authentic publisher channels. Uses on-chain memos and Calendar events for resilient tasking.

npm typosquat cluster – Cross-OS multi-stage stealer
Ten look-alike npm packages (e.g., typescriptjs, react-router-dom.js) run postinstall, show fake CAPTCHAs, then fetch a large stealer to exfiltrate browser/keyring creds.

BlueNoroff “GhostHire” (part of GhostCall/GhostHire) – Malicious dependencies via interview projects
Telegram/LinkedIn “assessments” ship projects with poisoned modules; multi-OS droppers harvest secrets and pivot to cloud/CI.

2. SaaS & LLMs as Covert C2

Legitimate cloud APIs and anonymity networks become the command channel.

SesameOp – OpenAI Assistants API abused for C2
A backdoor that polls a mainstream AI API to receive and return encrypted tasking, blending C2 traffic into otherwise trusted, allowed egress.

PROMPTFLUX – VBScript malware that asks Gemini to rewrite itself
Experimental malware attempts LLM-driven metamorphism for evasion; logs “Thinking Robot” outputs and seeds Startup folders/removable drives.

SkyCloak – Tor/obfs4 hidden-service backdoor (SSH/RDP over onion)
Phishing drops PowerShell that installs renamed OpenSSH plus a custom Tor service; restricts access to pre-deployed keys and forwards RDP/SMB covertly.

3. Below-the-OS Persistence: Firmware & Network Control Plane

Adversaries target layers traditional EDR barely sees — UEFI and switch OS processes — to persist and evade.

Operation Zero Disco – Cisco SNMP RCE to In-Memory Rootkits
Exploitation of a Cisco SNMP flaw leads to fileless hooks inside IOSd, a stealth “universal” password containing “disco,” hidden config changes, and log tampering across Catalyst gear; legacy Telnet bugs were probed alongside.

Framework Secure Boot Bypass – Signed UEFI Shell Exposure
Signed UEFI shells shipped with an mm memory edit command that can disable Secure Boot, enabling durable bootkits (e.g., BlackLotus) and reinstall-proof persistence.

4. Client-Side Espionage – Zero-Days & Signed Loaders

Clean-looking clicks become persistent implants.

Operation ForumTroll – Chrome 0-day → LeetAgent spyware
CVE-2025-2783 spear-phish chains to a commercial spyware loader, stealing documents and executing commands via HTTPS C2.

SideWinder – PDF→ClickOnce + signed binary DLL sideloading (
Region-lured PDFs trigger ClickOnce to drop a signed “viewer” that sideloads a malicious DLL into a .NET loader/stealer chain.

5. Edge & Appliance Exposure at Scale

Network gear and vendor clouds remain prime entry and intel sources.

Cisco ASA/FTD + UCCX/ISE – RCE/auth-bypass + reload DoS wave
Firewalls hit by CVE-2025-20333/-20362 (previously zero-day) and a new reload variant; UCCX/ISE expose root/DoS paths.

SonicWall cloud breach – Config backups accessed via API
State actor downloaded a subset of customer firewall backup configs from a segregated cloud environment; no product/source-code compromise reported.

6. Enterprise Control Planes – Updates, Virtualisation & Evasion

Abusing what defenders trust most: patching paths and hypervisors.

WSUS RCE (CVE-2025-59287) – Unsafe deserialization in GetCookie()
Unauthenticated SYSTEM-level RCE actively exploited to run PowerShell/cmd via IIS worker on WSUS hosts.

Hyper-V Guest Cloaking – Curly COMrades
Adversary enables Hyper-V on endpoints and runs tiny Alpine VMs hosting reverse shells/proxies to evade host EDR and persist quietly.

7. Big-Game Ransomware & Recovery Sabotage

Affiliates combine credential abuse, BYOVD, and backup takedown.

Qilin (Agenda) – BYOVD + cross-platform ops, backup targeting
Leaked admin creds → RDP/VPN → RMM abuse, AMSI bypass, Veeam compromise, Linux payloads launched from Windows; logs wiped, VSS deleted.

8. Finance & Payments – Sector Briefing

Monthly Financial Threat Intelligence – Payment data manipulation & AI-assisted fraud
CL0P vs Oracle EBS, Scattered Spider SSPR abuse, mobile bankers with HVNC/overlays, NFC relay fraud – net effect: data theft and payment manipulation.

Proactive Steps for the Week

• Patch & verify: Prioritise ASA/FTD, UCCX, ISE, Chrome, and WSUS (CVE-2025-59287); confirm reboots and version baselines.
• Lock down dev endpoints: Temporarily freeze extension/package auto-updates; review installed VS Code extensions and npm lockfiles for listed indicators.
• Rotate secrets at risk: Reissue developer tokens (GitHub/GitLab, npm), cloud/CI keys, and any credentials possibly exposed via infected extensions/packages.
• Tighten egress: Move AI/LLM endpoints (OpenAI, Gemini) to an allow-list with business justification; add detections for unexpected LLM/API traffic from endpoints.
• ClickOnce & sideloading controls: Disable ClickOnce where not required; enforce Safe DLL Search Mode/WDAC and alert on signed-binary + non-standard DLL loads.
• Tor/obfs4 control: Block Tor (incl. obfs4 bridges) at egress; alert on new SSH/RDP/SMB exposure over hidden services.
• Hyper-V monitoring: Alert on enabling Hyper-V, new virtual switches, and creation of VMs/VHDs on user endpoints; investigate unknown guest IPs.
• Firewall & backup hygiene: For SonicWall users, run vendor analysis tools; rotate admin/VPN creds and regenerate VPN certs/PSKs; validate immutable/offline backups.
• Phishing isolation: Open inbound PDF/Office attachments in cloud isolation; detonate forum/event invitation links before delivery to high-risk users.
• Hunting queries:
  • Browser → child cmd.exe/powershell.exe
  • w3wp.exe spawning shells on WSUS servers
  • Scheduled tasks invoking sshd.exe/Tor from user paths (logicpro\*)
  • Regular HTTPS posts to AI APIs from non-approved hosts
  • VS Code contacting Solana RPCs/Calendar APIs
• Ransomware readiness: Enforce MFA on VPN/RDP/backup consoles, review RMM inventories, and run restore drills from immutable snapshots.
• Comms kit: Brief execs/devs on recruiter lures, extension risk, and “update SDK to join call” scams; share the week’s IOC bundle with SOC/NOC teams.