Major Incidents or Breaches

  • The “s1ngularity” NPM supply chain attack has compromised 2,180 GitHub accounts, resulting in the leakage of account tokens and repository secrets. The attack leveraged AI-powered malware to automate the compromise and exfiltration process.
  • VirusTotal has identified a phishing campaign leveraging SVG files to impersonate Colombia’s judicial system. The campaign delivers hidden malware through convincing portal interfaces embedded within the SVG files.

Notable Threat Actor Activity

  • A threat actor, potentially of Russian origin and tracked as “Noisy Bear,” has been linked to Operation BarrelFire, a phishing campaign targeting the energy sector in Kazakhstan. The activity involves tailored phishing lures and custom malware payloads.

Trends, Tools, or Tactics of Interest

  • Attackers are increasingly using SVG files to conceal malicious payloads and create deceptive phishing portals, as seen in the campaign targeting Colombia’s judicial system.
  • The “s1ngularity” attack demonstrates the use of AI-driven malware to automate and scale supply chain attacks, increasing the speed and effectiveness of credential and secret theft.
  • The US Immigration and Customs Enforcement (ICE) agency has reportedly adopted spyware technology, expanding its surveillance capabilities.