What Happened

Researchers at Push Security have uncovered a new social engineering campaign that exploits one of the most normalized behaviors in modern software development: copying an install command from a webpage and running it in your terminal without reading it.

The technique is called InstallFix — a deliberate evolution of ClickFix — and in its current form, it’s targeting developers searching for Claude Code, Anthropic’s fast-growing agentic CLI tool. Attackers built near-identical clones of the official Claude Code installation page — same layout, same branding, same documentation sidebar — and promoted them through Google-sponsored search results for queries like “Claude Code,” “Claude Code install,” and “Claude Code CLI.”

The only difference between the real page and the fake: the install command points to an attacker-controlled server, not Anthropic’s. One copy, one paste, one Enter key. That’s the entire attack surface.

The payload is Amatera, a subscription-based infostealer that first appeared in 2025 and is considered the successor to ACR Stealer. It’s sold as a service to criminal operators and targets both Windows and macOS.

Why Claude Code? Why Now?

This campaign isn’t random. Claude Code is, by several measures, the fastest-growing AI developer tool in enterprise environments right now. Push Security co-founder Jacques Louw put it directly: “I suspect this campaign is targeting Claude Code specifically, because it’s one of the tools — if not the tool — being adopted the fastest across the board.”

Attackers follow adoption curves. When a tool reaches the threshold where both experienced engineers and first-time “vibe-coders” are Googling how to install it, it becomes a high-value impersonation target. Claude Code crossed that threshold.

The attack also exploits a specific behavioral vulnerability that has quietly normalized over the last decade: the curl-to-bash install command. There was a time when pasting a command from a website into your terminal was considered reckless. That norm has eroded. Legitimate tools — Homebrew, Claude Code, dozens of others — ship with one-liner install commands designed to be copied and run. Attackers have simply recognized that developers now do this instinctively, without reading what they’re executing.

The Attack Chain

Stage 1 — Malvertising

The fake pages are distributed exclusively through Google Ads. Sponsored search results for Claude Code-related queries surface the cloned installation pages at the top of results — above the legitimate Anthropic documentation. The domains are hosted on infrastructure from Cloudflare Pages, Squarespace, and Tencent EdgeOne, all legitimate providers, making the hosting itself look credible.

Stage 2 — The Clone

The fake installation page is a pixel-perfect replica of the real thing. Layout, branding, documentation sidebar — all present. The only modification is the install command itself, which replaces the legitimate Anthropic endpoint with an attacker-controlled domain. Push Security confirmed the C2 domain claude[.]update-version[.]com was used to deliver the Amatera payload.

Stage 3 — Platform-Specific Execution

On macOS, the malicious one-liner pulls a second-stage script from an attacker-controlled domain using a base64-encoded payload — designed to look like noise rather than a readable command string.

On Windows, the command abuses mshta.exe — a legitimate Microsoft utility for executing HTML applications — to retrieve the malware and triggers conhost.exe to support execution of the final Amatera payload.

Stage 4 — Amatera: Full Credential Harvest

Amatera is not a blunt instrument. It targets specifically:

• Browser saved passwords, cookies, and session tokens

• Autofill data

• Cryptocurrency wallet contents and keys

• General system profiling data

The session token theft is the critical capability. With active session cookies, attackers can authenticate directly to cloud dashboards, AWS consoles, internal admin panels, CI/CD platforms, and SaaS tools — without ever needing a password. No phishing required. No MFA prompt triggered. The session is already authenticated.

Amatera communicates with its C2 using hardcoded IP addresses belonging to legitimate CDNs, making the traffic nearly impossible to block without also disrupting legitimate services. Its evasion techniques include direct NTSockets for C2 communication, dynamic API resolution with WoW64 Syscalls, and multi-stage infection chains with dynamic payload delivery.

Stage 5 — The Cover-Up

After infection, the fake page redirects the victim to the legitimate Claude Code site. A developer who followed the instructions and then sees the real Anthropic documentation loads normally has no reason to believe anything went wrong. The infection is silent. The redirect is seamless. The attacker moves on.

This Is Bigger Than One Page

Push Security identified this as a campaign architecture, not a single incident. Beyond the Claude Code clone, researchers found:

• Fake Homebrew installation pages delivering the Cuckoo infostealer using the same copy-paste install command mechanic

• Malicious npm packages impersonating Claude Code’s official package name, targeting developers who trust or mistype a package name

• Fake Claude artifacts posted directly to claude.ai’s own domain — user-generated content that inherits the domain’s trust — containing malicious terminal commands disguised as macOS utilities, promoted via Google Ads and viewed over 15,000 times before takedown

The pattern is structural. Four out of five ClickFix-style lures are now distributed via search engines, according to Push. Any popular tool with a copy-paste install command and a clonable documentation page is a target.

The Underlying Problem

The current web security model, as Push frames it, “boils down to ‘trust the domain.’” Developers have been trained to validate the URL and trust the content. InstallFix operates entirely within that trust boundary — the malicious page lives on a clean domain, uses legitimate CDN hosting, and serves content that is visually indistinguishable from the real thing.

The threat is compounded by the democratization of developer tooling. Claude Code, like many CLI tools, is now being installed by non-developers — product managers, analysts, operators — who have even less context for evaluating whether an install command looks suspicious. The attack surface is expanding as the tools expand their audience.

What To Do Now

For developers and engineers:

• Never trust Google sponsored results for CLI tool installation. Navigate directly to the official documentation domain — for Claude Code, that’s docs.anthropic.com. Treat any sponsored link for a developer tool as potentially malicious.

• Read the install command before running it. If the domain in the command isn’t the official one, stop. The legitimate Claude Code install command points to Anthropic infrastructure — not to update-version[.]com or any other third-party host.

• Audit your active sessions. If you’ve recently installed Claude Code or any CLI tool via a command copied from a search result, rotate your credentials, invalidate active sessions, and treat your browser credential store as potentially compromised.

For security teams:

• Hunt for mshta.exe spawning unexpected child processes — a reliable indicator of InstallFix execution on Windows endpoints.

• Monitor for outbound connections to claude[.]update-version[.]com and flag base64-encoded payloads being piped through curl on macOS endpoints.

• Treat npm package installs and curl-to-bash commands as execution events worth logging, especially in developer environments with cloud credential access.

What Happened

In December 2025, Zscaler ThreatLabz uncovered a new campaign by APT37 — the DPRK-backed espionage group also known as ScarCruft, Ruby Sleet, and Velvet Chollima. The campaign, named Ruby Jumper, introduces five previously undocumented malware tools designed to do one thing: move data and commands between internet-connected machines and systems that have never touched a network.

Air-gapped computers — the kind used in military installations, nuclear facilities, classified R&D labs, and critical infrastructure — are isolated at the hardware level. No Wi-Fi. No Ethernet. No Bluetooth. The only way in has always been physical. APT37 built an entire automated toolkit around that fact.

The result is a fully operational framework that turns any shared USB drive into a covert two-way command channel — invisible to network monitoring tools, invisible to cloud security stacks, and nearly invisible to the users carrying the drive between machines.

The Attack Chain

Stage 1 — Initial Access: The LNK File

The infection begins with a malicious Windows shortcut (.LNK) file, APT37’s signature entry vector. When opened, it silently launches PowerShell and a two-stage shellcode loader. Each stage decrypts the next using a single 1-byte XOR key, injecting code into a legitimate Windows system process to evade detection.

Stage 2 — RESTLEAF: The First Implant

RESTLEAF establishes the first foothold. It connects to Zoho WorkDrive — a legitimate cloud storage service — using hardcoded OAuth tokens to authenticate and pull further shellcode. This is the first documented instance of APT37 abusing Zoho’s platform. Because the traffic looks like routine SaaS usage, it blends seamlessly into enterprise environments. RESTLEAF creates timestamped “lion”-prefixed beacon files in a WorkDrive folder named “Second” to signal operator availability.

Stage 3 — SNAKEDROPPER: The Ruby Trojan

RESTLEAF loads SNAKEDROPPER, which silently installs a fully self-contained Ruby 3.3.0 runtime into %PROGRAMDATA%\usbspeed. The legitimate rubyw.exe binary is renamed to usbspeed.exe to masquerade as a USB utility. SNAKEDROPPER then:

• Hijacks Ruby’s auto-loaded operating_system.rb so malicious logic runs every time the interpreter starts

• Establishes a scheduled task named rubyupdatecheck that fires every five minutes for persistence

• Drops additional Ruby-named binaries that actually contain shellcode payloads

Stage 4 — THUMBSBD: The Air Gap Bridge

This is the operational centerpiece of Ruby Jumper. THUMBSBD acts as a covert relay, using removable media as a bi-directional command channel between the infected internet-connected machine and any air-gapped system.

When a USB drive is inserted into the infected internet-facing machine, THUMBSBD copies staged command files into a hidden $RECYCLE.BIN directory on the drive — a location invisible under default Windows Explorer settings. When that same drive is plugged into an air-gapped machine (also running THUMBSBD), the implant:

1. Reads files from the hidden $RECYCLE.BIN

2. Decrypts them using XOR key 0x83

3. Executes the operator’s commands: file exfiltration, system reconnaissance, arbitrary execution

4. Stages results back into $RECYCLE.BIN on the drive

When the USB is returned to the internet-connected machine, THUMBSBD exfiltrates the results to the cloud C2. The USB drive has become a fully automated, human-unaware command-and-control relay.

Stage 5 — VIRUSTASK: The Spreader

VIRUSTASK ensures the infection doesn’t stop at one air-gapped machine. When removable media is inserted, it:

• Checks for at least 2GB of free space before proceeding

• Creates a hidden folder named $RECYCLE.BIN.USER at the drive root (mimics Windows Recycle Bin, invisible by default)

• Hides all legitimate user files and replaces them with identically named LNK shortcuts

• When an unsuspecting user on a new machine opens what they believe is their own file, they launch the Ruby runtime — infecting the new host

Stage 6 — FOOTWINE + BLUELIGHT: Full Surveillance

Once access is established, THUMBSBD delivers FOOTWINE — a Windows backdoor disguised as an Android APK (foot.apk). FOOTWINE provides full surveillance capability:

• Keylogging

• Screenshot capture

• Audio and video recording (microphone + camera)

• File and registry manipulation

• Remote shell access

• Encrypted C2 over a custom XOR-based TCP protocol

The older BLUELIGHT backdoor — a long-standing APT37 tool — also deploys here, using Google Drive, OneDrive, pCloud, and Backblaze as C2 channels. Its use confirmed Zscaler’s attribution to APT37.

Why This Is Different

Air gap attacks are not new. Stuxnet did it in 2010. What makes Ruby Jumper operationally significant is the automation and scale.

Most air gap attacks require a human insider to physically carry a compromised device. Ruby Jumper removes the human element from the relay. Any shared USB drive — carried by a well-intentioned IT staffer, a contractor, or an engineer transferring files for patching — becomes an automated C2 relay without the carrier ever knowing. The malware self-propagates to new air-gapped hosts through VIRUSTASK, meaning a single infected drive can compromise an entire secure enclave over time.

The choice of cloud services as C2 — Zoho, Google Drive, OneDrive — is equally deliberate. These are services that organizations actively whitelist. Blocking them would break business operations. APT37 is exploiting the operational dependency organizations have on legitimate SaaS platforms.

Who Is APT37?

APT37 (ScarCruft / Ruby Sleet / Velvet Chollima) is a DPRK state-sponsored cyber espionage group active since at least 2012. Historically focused on South Korean government entities, defense organizations, and individuals of interest to Pyongyang, the group has expanded its targeting to include critical infrastructure operators, research institutions, and international policy organizations.

Ruby Jumper represents a significant capability investment — the development of five entirely new malware tools, each engineered for a specific role in a complex multi-stage chain. This is not opportunistic crime. This is a deliberate, patient, state-funded operation targeting organizations that believed their air gap made them unreachable.

Indicators of Compromise

Certainly! Here is the list in a standard Markdown list format, with the indicators formatted as code blocks for easy individual copying:

Host Indicators

• Indicator: 709d70239f1e9441e8e21fcacfdc5d08

  • Filename: (None)

  • Description: Windows shortcut

• Indicator: ad556f4eb48e7dba6da14444dcce3170

  • Filename: viewer.dat

  • Description: Binary (Shellcode+RESTLEAF)

• Indicator: 098d697f29b94c11b52c51bfe8f9c47d

  • Filename: (None)

  • Description: Binary (Shellcode+SNAKEDROPPER)

• Indicator: 4214818d7cde26ebeb4f35bc2fc29ada

  • Filename: ascii.rb

  • Description: Binary (Shellcode+ThmubsBD)

• Indicator: 5c6ff601ccc75e76c2fc998o8d8cc9a9

  • Filename: bundler_index_client.rb

  • Description: Binary (Shellcode+VIRUSTASK)

• Indicator: 476bce9b9a387c5f39461d781e7e22b9

  • Filename: foot.apk

  • Description: Binary (Shellcode+FOOTWINE)

• Indicator: 585322a931a49f4e1d78fb0b3f3c6212

  • Filename: footaaa.apk

  • Description: Binary (Shellcode+BLUELIGHT)

What To Do Now

For air-gapped / high-security environments:

• Implement hardware-level USB port controls — restrict which devices can connect and to which systems

• Enforce a clean USB policy: drives that touch internet-connected systems must never enter air-gapped environments without a sanitization workflow

• Monitor for the rubyupdatecheck scheduled task and audit all newly created scheduled tasks

• Hunt for %PROGRAMDATA%\usbspeed and hidden $RECYCLE.BIN.USER directories on endpoints and removable media

For all enterprise environments:

• Audit cloud storage access from endpoints — Zoho WorkDrive, Google Drive, OneDrive, pCloud, Backblaze are all being abused as C2

• Inspect LNK files in email attachments and downloaded content — APT37 consistently uses malicious shortcut files as the first entry point

• Monitor for usbspeed.exe, unusual Ruby runtime processes, and operating_system.rb modifications

• Block or alert on HKCU\SOFTWARE\Microsoft\TnGtp registry key creation
  

Source: Zscaler ThreatLabz

There is a category of threat that keeps national security officials awake at night — not the nation-state hacker probing systems from a Moscow apartment, but the cleared insider who walks through the front door every morning, past the badge reader, into the vault. Peter Williams was that threat.

A 39-year-old Australian national and former senior employee at L3Harris — one of the United States’ premier defense technology contractors — Williams has been sentenced to 87 months in federal prison for selling eight zero-day exploits to Operation Zero, a Russian exploit broker, over a three-year period between 2022 and 2025. The price: up to $4 million in cryptocurrency, spent on properties, luxury watches, clothing, and jewelry.

The tools he sold were not his to sell. They were developed exclusively for the U.S. government and select allies. And according to the DOJ sentencing memorandum, they were capable of being “used against any manner of victim, civilian or military around the world” — enabling everything from ransomware to “state directed spying and offensive cyber operations against military targets.”

He didn’t steal a spreadsheet. He sold the cyber equivalent of a loaded gun pointed at millions of devices — and handed it to Russia.

Who Is Operation Zero?

Operation Zero — now officially sanctioned by both the U.S. State Department and Treasury’s OFAC — is not a shadowy dark-web forum. It is a structured, commercially operating exploit brokerage based in Russia, run by Sergey Sergeyevich Zelenyuk, who also created a parallel entity called Special Technology Services LLC (STS) registered in the UAE — almost certainly to circumvent sanctions on Russian banking.

The numbers on Operation Zero’s published bounty board tell you everything about who their customers are:

• $4 million for Telegram exploits

• $20 million for full-chain Android or iPhone remote code execution

These are not bug bounty prices. These are nation-state prices. Zelenyuk has openly stated Operation Zero sells exclusively to non-NATO countries — a business model that is, in plain terms, the commercialization of offensive cyber capability for foreign intelligence services.

The Treasury has now sanctioned Zelenyuk, Operation Zero, STS, and four associated individuals and entities — including Oleg Kucherov, suspected of TrickBot gang membership, and Azizjon Mamashoyev, who ran a parallel exploit brokerage called Advance Security Solutions offering bounties for U.S.-built software vulnerabilities.

At least one of the tools Williams sold has already been transferred to an unauthorized user.

The Scale of What Was Lost

L3Harris has quantified its losses at $35 million. That is the financial damage — the cost of rebuilding, revoking, and replacing eight compromised exploit tools that were supposed to be among the U.S. government’s most closely held offensive capabilities.

The true cost cannot be measured in dollars. Zero-day exploits developed for national defense represent years of research, sophisticated vulnerability discovery, and controlled operational security. Once sold, they cannot be unsold. Once in Russian hands, they can be:

• Repurposed for espionage operations against U.S. allies

• Analyzed to understand how U.S. offensive capabilities work and how to defend against them

• Resold to additional state actors — Operation Zero’s business model is brokerage, not exclusivity

Williams didn’t just betray his employer. He inverted his entire professional purpose. These tools existed to protect — and he converted them into weapons for sale.

The Sanctions Web

The U.S. State Department’s designation of Operation Zero under the Protecting American Intellectual Property Act (PAIPA) and Treasury’s OFAC sanctions represent a coordinated whole-of-government response that goes beyond the criminal prosecution. The message is structural: not just “we jailed the seller,” but “we are dismantling the buyer.”

The sanctions freeze assets, block transactions, and expose anyone doing business with Operation Zero to secondary sanctions risk. The UAE-based STS entity being included in the designation signals that the U.S. is willing to pursue the sanctions evasion infrastructure, not just the primary actors.

Source: U.S. Department of Justice - https://www.courtlistener.com/docket/71644575/united-states-v-williams/

The insider threat that cybersecurity teams train for just became real — and the target was one of the most guarded pieces of technology in consumer electronics: Google’s Tensor processor, the custom silicon inside every Pixel phone.

The U.S. Department of Justice has indicted three people — two sisters who worked at Google and the husband of one of them — for an alleged scheme to systematically steal trade secrets from Google and at least two other major tech companies, and transfer them to unauthorized locations, including Iran.

The defendants: Samaneh Ghandali, 41, a former Google engineer; her husband Mohammadjavad Khosravi, 40; and her sister Soroor Ghandali, 32, also a former Google engineer. All three are Iranian nationals who were living in San Jose. All three were arrested on Thursday and appeared in federal district court the same day.

The Anatomy of the Scheme

This wasn’t a sophisticated cyberattack from the outside. It was patient, methodical betrayal from the inside — and the operational security the defendants used makes it more alarming, not less.

The exfiltration method: Both sisters used their legitimate employee access at Google to pull hundreds of files — including trade secrets related to processor security, cryptography, and chip architecture — and transferred them to a third-party communications platform. The channels they used were named after each defendant’s first name.

The cover-up: When Google’s internal security systems flagged Samaneh Ghandali’s activity in August 2023 and revoked her access, she signed a sworn affidavit claiming she had never shared Google’s confidential information with anyone outside the company. She had.

The analogue workaround: After digital channels were closed off, the defendants pivoted. Rather than electronically transferring files — which would leave a clear forensic trail — they manually photographed computer screens containing trade secret documents with their phones. The night before the couple traveled to Iran in December 2023, Samaneh allegedly photographed approximately 24 screens of her husband’s work computer, which contained trade secrets from his employer. Those photographs were later accessed from a device associated with her — in Iran.

The cleanup attempt: The defendants searched online for how to delete communications and how long cellular providers retain messages. They then destroyed exfiltrated files from their electronic devices.

Why This Case Matters Beyond the Headlines

The Ghandali case doesn’t exist in isolation. Less than a month ago, former Google engineer Linwei Ding was convicted for stealing thousands of Google’s confidential AI documents to build a startup in China. Now this.

Two separate insider theft cases. Two different nation-state destinations. Both targeting Google’s most strategically sensitive technologies.

The pattern forces a hard question: If Google — with its world-class security team, internal monitoring systems, and vast resources — can have trade secrets photographed off a screen and walked to Iran, what does that mean for everyone else?

The answer is uncomfortable. Google’s systems did detect Samaneh Ghandali’s digital exfiltration. What they couldn’t fully prevent was the human workaround — the pivot to photographing screens, the signed false affidavit, the physical transport. No DLP system catches a phone camera aimed at a monitor.

The Charges and What’s at Stake

Each defendant faces up to 10 years per count of trade secret theft and up to 20 years for the obstruction of justice charge, plus a $250,000 fine per count.

The trade secrets at the center of this case — Tensor processor security architecture and cryptographic implementations — are not abstract intellectual property. They are the technical foundation of how Google secures its hardware at the silicon level. In the wrong hands, that knowledge could inform attacks on Pixel devices at scale, or accelerate a foreign nation’s semiconductor development program.

CodeAIntel Insight: The analog pivot is the most chilling detail in this indictment. These defendants got caught digitally — and responded by picking up a phone and photographing screens. That is a threat vector that lives entirely outside the reach of most enterprise DLP, CASB, and endpoint monitoring tools. The lesson for security leaders: insider threat programs can’t stop at the network edge. Physical data exfiltration — cameras, printed documents, verbal disclosure — requires a different detection model entirely. The fact that a signed false affidavit almost worked as a cover story suggests the human element of your insider threat program matters as much as the technical one. Who is reviewing those exit certifications? Who is cross-referencing them against behavioral anomalies?

Sources:

https://www.courtlistener.com/docket/72303995/united-states-v-ghandali-etal/

The Hacker News

PayPal has disclosed a data breach that is, in many ways, more alarming than a headline-grabbing hack. There was no sophisticated adversary. No nation-state exploit. No dark web auction. Just a software bug in a loan application that quietly exposed the sensitive personal information of small business customers for nearly six months before anyone noticed.

The affected product is PayPal Working Capital (PPWC) — a financing tool designed to give small businesses fast access to cash. The window of exposure: July 1 to December 13, 2025. PayPal discovered the issue on December 12th and reversed the faulty code change the following day. The data left in the wind: names, email addresses, phone numbers, business addresses, Social Security numbers, and dates of birth.

For the people affected, that is essentially the full identity theft starter pack.

The Anatomy of the Exposure

This wasn’t a smash-and-grab. It was a door left quietly ajar.

• The Root Cause: An error introduced through a code change made the PII of a “small number” of PPWC customers visible to unauthorized parties.

• The Duration: 165 days. Five and a half months of exposure before PayPal’s own systems flagged it.

• The Damage: PayPal confirmed unauthorized transactions occurred on a subset of affected accounts as a direct result of the incident and has issued refunds to those customers.

• The Response: The faulty code was rolled back within 24 hours of discovery. Affected users are being offered two years of free three-bureau credit monitoring and identity restoration services through Equifax, with enrollment required by June 30, 2026.

PayPal stated it has not delayed notification due to a law enforcement investigation — which is notable, suggesting no criminal referral is currently in play.

This Is Not PayPal’s First Rodeo

Context matters here. This breach doesn’t exist in a vacuum.

In December 2022, PayPal suffered a large-scale credential stuffing attack exposing roughly 35,000 accounts — including Social Security numbers and tax identification data. That incident eventually cost the company a $2 million settlement with the New York State Department of Financial Services in January 2025 for failing to comply with cybersecurity regulations. The DFS found that PayPal lacked proper CAPTCHA protections, rate limiting, and mandatory multi-factor authentication at the time.

Now, less than a year after that settlement was announced, PayPal is back in breach territory — this time not from an external attacker exploiting weak controls, but from an internal code change that bypassed its own data protection framework.

The pattern is hard to ignore: PayPal keeps putting sensitive data at risk through process failures, not just external threats.

What Small Business Owners Need to Do Now

If you use or have used PayPal Working Capital, treat this as a confirmed identity risk:

• Enroll immediately in the Equifax credit monitoring offer PayPal is providing. Do not wait.

• Place a fraud alert or credit freeze with all three bureaus (Equifax, Experian, TransUnion) if you want to go further.

• Monitor your business and personal accounts for unauthorized transactions — PayPal has already confirmed some accounts were fraudulently accessed.

• Watch for follow-on phishing. Attackers who obtained this data now have everything they need to craft highly convincing impersonation attempts. PayPal will never ask for your password, one-time codes, or authentication credentials via phone, text, or email.

• File with the FTC at IdentityTheft.gov if you believe your Social Security number has been misused.

CodeAIntel Insight: The 165-day exposure window is the real story here. Modern breach detection should catch anomalous data access in hours or days — not months. The fact that a code-level error in a loan application could silently expose Social Security numbers for five and a half months points to a deeper problem: insufficient data-access monitoring at the application layer. For enterprises, the lesson is not “don’t write buggy code” — that’s a given. The lesson is: if sensitive PII is being touched by any application, you need runtime visibility into who is accessing it, when, and whether that access pattern looks normal. PayPal didn’t have that. Do you?

Sources:

https://www.bleepingcomputer.com/news/security/paypal-discloses-data-breach-exposing-users-personal-information/

https://www.documentcloud.org/documents/27345193-paypal-february-2026-breach-notification/

In a sweeping, multi-national crackdown dubbed Operation Red Card 2.0, law enforcement agencies across 16 African countries, coordinated by INTERPOL, have dealt a massive blow to organized cybercriminal syndicates. The numbers are staggering: 651 suspects arrested, over $4.3 million in illicit funds recovered, and an estimated $45 million in financial losses linked to the disrupted operations.

This wasn’t just a raid on a single basement hacker group; it was a coordinated strike against the infrastructure of digital fraud.

The Anatomy of the Bust

Running from December 8, 2025, to January 30, 2026, Operation Red Card 2.0 targeted the specialized groups running the most lucrative scams on the continent:

• The Telecom Breach (Nigeria): Police dismantled an investment fraud ring and arrested six members of a highly sophisticated gang. Their crime? Using stolen employee credentials to successfully breach a major telecom provider, demonstrating a dangerous escalation from consumer scams to enterprise-level intrusion.

• The Investment Lures (Kenya): Investigators apprehended 27 suspects operating vast fraud networks. These groups weaponized social media and messaging platforms to funnel victims into complex, fake investment schemes.

• Predatory Mobile Apps (Côte d’Ivoire): 58 suspects were arrested in a crackdown on predatory mobile loan applications—apps designed to trap victims with hidden fees, abusive debt-collection practices, and data extortion.

In total, authorities seized 2,341 devices and took down 1,442 malicious websites, domains, and command-and-control servers.

The Evolution of the Threat

The success of Operation Red Card 2.0 (following the arrest of 306 suspects in the first iteration last year) highlights a critical shift in the cybercrime landscape.

We are no longer just dealing with email scammers. These are organized syndicates running compartmentalized operations:

1. Recruitment: Actively recruiting young people to run phishing and identity theft rings (as seen in the Nigerian busts).

2. Infrastructure: Maintaining thousands of fake social media profiles and malicious domains to manufacture credibility.

3. Enterprise Targeting: The use of stolen credentials to breach a telecom provider proves these groups are hunting for access to core infrastructure, likely to enable SIM-swapping at scale or mass data exfiltration.

   

CodeAintel Insight: The takedown of 1,442 malicious domains is a massive operational disruption, but it is temporary. The real victory here is the intelligence gathered from the 2,341 seized devices. The analytics extracted from those phones and laptops will likely fuel ‘Operation Red Card 3.0’. For enterprises, the telecom breach is the loudest warning: if your employees’ credentials are compromised, your perimeter is already gone.

Source: https://www.interpol.int/News-and-Events/News/2026/Major-operation-in-Africa-targeting-online-scams-nets-651-arrests-recovers-USD-4.3-million

Figure Technology Solutions, a fintech giant leveraging the Provenance blockchain for lending and securities, has just become the latest trophy for the notorious ShinyHunters extortion group. While the company boasts about “unlocking $22 billion in home equity” with cutting-edge tech, their perimeter was breached by the oldest trick in the book: Social Engineering.

The result? 967,200 accounts exposed.

The “Low-Tech” Hack

According to reports confirmed by BleepingComputer and Have I Been Pwned, the breach wasn’t a result of a cracked private key or a smart contract failure. It was a human failure.

An employee was tricked—likely through a targeted voice phishing (vishing) or spear-phishing campaign—into handing over the keys to the kingdom. This mirrors ShinyHunters’ recent modus operandi, where they impersonate IT support to trick staff into entering credentials and MFA codes on fake portals.

Once inside, the attackers didn’t need to break encryption; they just needed to “authorized” access to download the files.

The Loot: A Phisher’s Goldmine

The data, which dates back to January 2026, is a complete starter kit for identity theft. The 2.5GB leak includes:

• Full Names

• Physical Addresses

• Phone Numbers

• Dates of Birth

• 900,000+ Unique Email Addresses

While Figure claims only a “limited number of files” were taken, the nature of this data means the victims are now prime targets for secondary attacks. If you were a customer, expect your phone to start ringing with very convincing scammers who know exactly who you are.

The SSO Weakness

This breach is part of a larger, disturbing trend targeting Single Sign-On (SSO) infrastructure. Attackers like ShinyHunters have realized that breaking into Okta or Microsoft 365 accounts via an employee is significantly easier than finding a zero-day vulnerability in the software stack.

The Lesson: You can build your castle on the blockchain, but if the gatekeeper opens the door for a stranger in a nice suit, you are still getting robbed.

• Verify the Caller: IT support will never ask for your MFA code.

• Hardware Keys: It is time to move beyond SMS and App-based MFA to FIDO2 hardware keys (YubiKeys) that are phishing-resistant.

• Assume Breach: If you are a Figure user, lock your credit reports now.
  

CodeAintel Insight: The Figure breach proves that in 2026, the most dangerous vulnerability in the fintech ecosystem isn’t in the code—it’s in the cubicle. We are seeing a shift where “hacking” is becoming synonymous with “asking nicely.”

Your biometric data isn’t the only thing the Oura ring can connect to anymore—now, it might be the gateway for an infostealer.

A sophisticated new SmartLoader campaign has been uncovered, targeting the emerging world of AI agents. By poisoning the trust-based infrastructure of Model Context Protocol (MCP) servers, threat actors have found a way to turn developer-focused health-tech tools into delivery vehicles for the StealC infostealer.

This isn’t just a malware drop; it’s a long-con in supply chain poisoning.

Manufactured Credibility: The Four-Stage Heist

Unlike low-effort phishing, the SmartLoader operators invested months into building a “reputation” on GitHub. According to Straiker’s STAR Labs, the attack exploited the trust heuristics developers use when evaluating new AI tools.

The Blueprint of Deception:

1. Identity Farming: The attackers created at least five fake GitHub personas (including YuzeHao2023 and punkpeye) to fork the legitimate Oura MCP server repository.

2. The Payload Shell: A new account, SiddhiBagul, was established to host the “poisoned” version of the server containing the malicious SmartLoader code.

3. Contributor Laundering: The fake personas were added as “contributors” to the rogue repository, creating a false sense of community activity and legitimacy.

4. Marketplace Poisoning: The trojanized server was then submitted to MCP Market, a legitimate registry. Users searching for ways to connect their AI assistants to their Oura Health data found the rogue server listed alongside benign options.

   

The Payload: StealC Infostealer

Once a developer or high-value target downloads the ZIP archive and launches the server, an obfuscated Lua script executes. This drops the SmartLoader malware, which in turn deploys StealC.

StealC is a highly efficient infostealer designed to vacuum up:

• Browser Credentials: Saved passwords and cookies.

• Crypto Wallets: Direct targeting of browser-based and desktop wallet files.

• Developer Assets: The true “prize” in this campaign—API keys, cloud credentials, and access to production environments.

The AI Attack Surface

The SmartLoader campaign marks a pivotal shift in threat actor strategy. They are moving away from users looking for pirated software and moving toward developers and AI enthusiasts.

• The Trust Gap: Legitimate registries like MCP Market often lack the rigorous automated vetting found in more mature ecosystems (like the App Store), allowing “patient” threat actors to slip through.

• Targeting the Architect: Developers hold the keys to the kingdom. By infecting a developer’s machine, an attacker gains a foothold into entire corporate infrastructures and production pipelines.

• AI Tooling as a Blind Spot: Organizations are rushing to integrate AI agents (like Claude or GPT-4) with local data via MCP. This rush creates a “security vacuum” where tools are installed without formal review.

CodeAintel Insight: The Oura MCP attack proves that “credibility” can be manufactured with a few fake accounts and enough time. In the age of AI agents, your security is only as strong as the most obscure server in your registry. Verify the origin, inventory your MCPs, and never trust a contributor list at face value.

A new mobile spyware platform, dubbed ZeroDayRAT, has emerged on Telegram, offering a suite of surveillance tools that were once the exclusive domain of elite nation-state signal intelligence (SIGINT) units. For a fee, any buyer can now gain full, real-time access to a target’s digital and physical life through a self-hosted browser panel.

It’s not just a data stealer. It’s a total takeover of the person behind the screen.

The “Everywhere” Exploit: Android 5 to iOS 26

The technical reach of ZeroDayRAT is staggeringly broad. While many RATs (Remote Access Trojans) struggle with version updates, ZeroDayRAT is built for longevity:

• Android: Supports version 5 all the way through the upcoming Android 16.

• iOS: Supports versions up to iOS 26, leveraging enterprise provisioning profiles to bypass the App Store’s “Walled Garden.”

Distributed via social engineering and malicious “updates” on Telegram and fake marketplaces, the malware generates a custom binary for each target. Once installed, the attacker doesn’t just see files—they see a live dashboard of the victim’s existence.

The Real-Time Panopticon

ZeroDayRAT transforms a smartphone into a 24/7 surveillance beacon. The command-and-control (C2) panel provides:

• Live Eyes and Ears: Remote activation of camera streaming and microphone feeds.

• GPS Stalking: Real-time location plotting on Google Maps with a full historical breadcrumb trail.

• Keystroke Logging: Every password, message, and search query is recorded before it’s even sent.

• Identity Mapping: The “Accounts Tab” enumerates every registered service—WhatsApp, Google, Facebook, Amazon, and banking apps—linking the device to the victim’s entire digital footprint.

Financial Warfare: Bypassing 2FA and Draining Wallets

ZeroDayRAT isn’t content with just watching; it’s designed to loot. The toolkit includes a sophisticated Bank Stealer and Crypto-Wallet Hijacker.

1. OTP Interception: By monitoring SMS in real-time, the malware intercepts One-Time Passwords (OTPs), effectively neutralizing Two-Factor Authentication (2FA).

2. Clipboard Substitution: The malware scans for wallet apps like MetaMask and Binance. When a user copies a crypto address, the RAT replaces it with the attacker’s address in the clipboard.

3. Payment App Takeover: It targets mobile payment ecosystems like Apple Pay, Google Pay, PayPal, and regional giants like India’s PhonePe (UPI).

The emergence of ZeroDayRAT represents a dangerous shift in the threat landscape.

Why this matters:

• The Zero-Trust Necessity: If you are not verifying the origin of every “update” or “enterprise profile,” you are inviting an adversary into your pocket.

• Biometrics vs. Keystrokes: While biometrics (FaceID/TouchID) are secure, the RAT logs the interaction after the vault is open.

• The Telegram Shadow Market: The transition of these tools from private “zero-day” exploits to Telegram-accessible subscription models means the number of potential attackers has increased by an order of magnitude.

  
  Source: https://iverify.io/blog/breaking-down-zerodayrat---new-spyware-targeting-android-and-ios

When SpaceX and the Ukrainian government finally pulled the plug on unauthorized Starlink terminals used by Russian forces, the frontline went dark. Communications collapsed, drone feeds flickered out, and Russian units—desperate to restore the one Western technology they can’t live without—started looking for a workaround.

They found one. Or so they thought.

The “Activation” Trap

Ukrainian hacktivists from the 256th Cyber Assault Division, working alongside InformNapalm, didn’t just wait for the Russians to scramble; they built the net.

They launched a network of fake Telegram channels and “activation bots” promising a way to bypass the new Ukrainian “whitelist” registration system. For a modest fee, the bots promised to register illicit terminals under “safe” Ukrainian identities, keeping the dishes online.

The Russians took the bait. In less than seven days:

• 2,420 data packages were harvested, containing serial numbers and precise GPS coordinates of Russian Starlink terminals.

• $5,870 in “fees” was siphoned directly from Russian soldiers’ pockets into funds for the Ukrainian Defense Forces.

• 31 local collaborators (potential “drops”) were identified and handed over to law enforcement.

  

From “Online” to “Brick Mode”

The operation didn’t just harvest data—it weaponized it. The 256th Division confirmed they passed the technical identifiers to Ukrainian drone logistics advisor Serhiy Sternenko.

The goal? “Brick Mode.” By identifying the exact digital signatures of the terminals being used by the enemy, Ukraine and SpaceX can remotely disable the hardware permanently. But before the “kill switch” is flipped, those GPS coordinates are being used for something much more immediate: kinetic strikes. In the world of electronic warfare, if you can see the terminal, you can see the command post.

The Fatal Breach: Why OPSEC is Must

In the intelligence community, there is a saying: “The easiest way to get into a locked building is to have the owner open the door.” This operation succeeded because Russian frontline units prioritized immediate tactical convenience over long-term Operational Security (OPSEC).

By engaging with unverified third-party bots to register military hardware, Russian forces violated the most fundamental rules of digital warfare:

1. Trusting the “Grey Market”: In a conflict zone, there is no such thing as a “friendly” unauthorized service. By seeking a workaround for SpaceX’s restrictions, the users handed their hardware’s unique identifiers directly to the adversary.

2. GPS as a Weapon: A Starlink terminal is a beacon. By attempting to “spoof” location data through an unsecure bot, the operators inadvertently confirmed their exact positions. In the age of precision artillery, Location Data = Targeting Data.

3. The “Convenience Trap”: The desire to maintain a high-bandwidth connection for drone feeds created a psychological blind spot. The 256th Division exploited the “user experience” of a soldier—making the fake bot look and feel like a standard service—to bypass their survival instincts.

CodeAintel Warning: OPSEC isn’t just about hiding secrets; it’s about managing the digital footprint of your hardware. When a soldier treats a military comms device like a personal smartphone, they aren’t just compromised—they are categorized and neutralized.

Technical Brief: The Link Between Identity and Location

For a Starlink terminal to function, it must maintain a constant handshake with the satellite constellation. This process creates a “Digital ID” that is nearly impossible to fake once it is flagged:

• Terminal ID (Hardware SN): Each dish has a unique serial number burnt into its hardware.

• GNSS Integration: Every terminal contains a GPS/GNSS module to orient its phased-array antenna.

• The Handshake: SpaceX sees which Serial Number is requesting data from which GPS Coordinate.

By submitting their SN to the fake Ukrainian bot, the Russian operators essentially signed their own death warrants, allowing the SBU to cross-reference that ID with active satellite pings.

For the last year, the security community has asked, “When will adversaries build their own frontier models?” The answer, according to a new report from Google Threat Intelligence Group (GTIG), is that they don’t have to.

Instead, they are stealing them.

In a detailed analysis of late-2025 threat activity, Google revealed a surge in “Distillation Attacks.” State-sponsored actors and private entities are systematically probing mature models like Gemini to extract their reasoning patterns, effectively cloning the “mind” of a high-end AI into smaller, unconstrained local models.

This marks a critical pivot. The threat is no longer just “bad actors using ChatGPT.” It is bad actors exporting the capability of ChatGPT to run offline, without safety filters.

The Theft of Reasoning

Model extraction, or distillation, is the defining trend of this report.

Adversaries know that training a frontier model costs billions. But querying a model to map its decision-making process costs pennies. By recording thousands of input-output pairs, attackers can train a “student” model that mimics the “teacher’s” capabilities.

This is intellectual property theft weaponized for cyber operations.

It allows adversaries to bypass the API restrictions and safety guardrails that companies like Google and OpenAI spend millions building. Once the reasoning capability is distilled, it can be repurposed for malware development or vulnerability research in an environment where no one is watching.

From Chatbots to “Agentic” Threats

The report also highlights a move toward Agentic AI—systems designed to act, not just talk.

GTIG observed groups like APT31 and UNC795 (PRC-based) moving beyond simple queries. They are building workflows where AI personas act as “expert” cybersecurity consultants.

• UNC795 was seen attempting to build an AI-integrated code auditing tool, effectively automating the search for zero-day vulnerabilities.

• APT31 used expert personas to generate targeted testing plans for SQL injection and Remote Code Execution (RCE).

This is the operational reality of 2026. The adversary is not just asking the AI to write a phishing email; they are asking it to audit the target’s architecture and suggest the most efficient kill chain.

The “ClickFix” Trap: Weaponizing Trust

Perhaps the most insidious tactic detailed is the “ClickFix” social engineering technique.

Attackers are generating helpful, technical troubleshooting conversations and hosting them on legitimate, shared AI links (e.g., gemini.google.com/share/...).

The victim receives a link to a trusted Google domain. They see a conversation where an AI solves a complex error. The “solution” involves pasting a command into their terminal. Because the context is a helpful AI interaction on a trusted platform, the victim complies.

It is a supply chain attack on user trust. The malware payload is hidden in plain sight, validated by the hallucinated authority of the AI itself.

The Integration Phase

We have moved past the “experimentation” phase of adversarial AI.

Google’s report confirms that for groups primarily from the DPRK, Iran, and the PRC, AI is now an integrated component of the toolkit. It is used for translation, for code debugging, for reconnaissance, and for social engineering.

The underground economy is following suit. Services like “Xanthorox” claim to offer custom offensive models, though many are simply wrappers for jailbroken commercial APIs. The demand is there, and the market is responding.

The New Asymmetry

Defenders have long relied on the fact that high-end AI is centralized, monitored, and expensive. If adversaries can successfully distill that intelligence into portable, unmonitored models, that advantage evaporates.

We are entering an era where high-fidelity machine reasoning is a commodity available to the highest bidder, or the most patient thief.

Source: https://cloud.google.com/blog/topics/threat-intelligence/distillation-experimentation-integration-ai-adversarial-use

There’s a subtle but important shift happening in offensive tradecraft.

The recent UNC1069 campaign linked to North Korean operators targeting crypto and fintech ecosystems is not interesting because it uses deepfakes.

It’s interesting because it operationalizes trust as an attack surface.

And that’s a structural shift.

The Setup: Familiar Faces, Familiar Flows

The attack chain begins where most modern compromises now start, not with vulnerability scanning, but with access to an existing human network.

A compromised Telegram account.
A legitimate Calendly invite.
A Zoom meeting link that looks right.

Nothing in that sequence triggers classical defensive heuristics.

There’s no malicious PDF.
No obvious phishing lure.
No payload delivered in the first interaction.

Instead, the adversary inserts themselves into a workflow that already exists.

That’s the key.

The Meeting Is the Payload

Here’s where the tradecraft evolves.

Victims join what appears to be a legitimate Zoom session. In some cases, the “participant” is either:

• A recycled recording of a real industry figure

• Or an AI-assisted deepfake rendering

The nuance here matters less than the operational consequence:

Visual presence is no longer a trust signal.

For years, we’ve trained users to distrust links.
Now they have to distrust live humans.

That’s a psychological escalation.

The Pivot: Engineered Friction

The infection vector isn’t brute force, it’s friction.

Audio issues.
“Can you download this troubleshooting package?”
Screen-share prompts.
Urgency layered with credibility.

This is persuasion engineering, not opportunistic phishing.

UNC1069 isn’t trying to trick the user.
They’re guiding them through a controlled decision path.

That distinction matters.

Why This Campaign Signals Something Bigger

This isn’t about crypto. It isn’t even about North Korea specifically.

It’s about the industrialization of persona manipulation.

Three strategic shifts are visible here:

1. AI as Interface Manipulation

We’ve focused heavily on AI generating content.

But the real leverage is AI generating presence.

Presence changes risk models. It lowers skepticism. It accelerates compliance.

That’s not incremental improvement, it’s asymmetry.

2. Identity Verification Is Officially Broken

Video is compromised.
Voice is compromised.
Message history can be compromised.

Which means the old mental model of “I saw them, so it’s real” is obsolete.

Most security stacks were not designed for adversaries who can manufacture social context on demand.

3. UX Is Now an Attack Surface

Calendar invitations.
Video conference platforms.
Collaboration tools.

The modern enterprise runs on workflow UX.

And that UX layer is now directly exploitable through AI-enhanced impersonation.

This blurs the line between social engineering and platform abuse.

The Strategic Objective

North Korean operations have historically prioritized revenue generation through cyber operations, especially in crypto ecosystems.

But what stands out here isn’t the financial targeting.

It’s the maturity of execution.

This campaign shows:

• Coordinated persona compromise

• Multi-stage malware deployment

• Psychological sequencing

• AI-assisted identity rendering

That’s operational discipline.

Not experimentation.

What Defenders Are Missing

Most organizations are still defending against:

• Malicious attachments

• Suspicious domains

• Known malware signatures

But UNC1069’s real weapon isn’t a file.

It’s a believable interaction.

If your detection model begins after the file download, you’re already late.

The real detection layer needs to focus on:

• Anomalous meeting context

• Behavioral deviations in executive workflows

• Cross-platform identity inconsistencies

• Unexpected tool invocation inside live collaboration sessions

That’s uncomfortable territory because it pushes security into human behavior monitoring.

The Bigger Pattern

We’re watching the collapse of passive trust signals.

Email headers failed.
Caller ID failed.
Now video presence is failing.

Each time a signal collapses, attackers gain temporary asymmetry until defenders adapt.

The difference now?

AI accelerates that collapse.

Final Assessment

UNC1069’s campaign isn’t just another crypto theft operation.

It’s a preview of what happens when generative AI becomes a scalable impersonation engine.

The meeting is the lure.
The persona is the exploit.
The workflow is the delivery channel.

And the attack doesn’t begin with malware.

It begins with confidence.

That’s the shift.

The rules of vulnerability discovery are changing faster than most security programs are prepared to absorb. In early February 2026, Claude Opus 4.6 identified more than 500 high-severity vulnerabilities across widely used open-source libraries, not through fuzzing at scale or signature matching, but through semantic reasoning over code itself.

This was not a red-team stunt or a marketing demo. The findings were validated, reported, and patched. What matters more than the raw number is what this event signals, vulnerability discovery is no longer constrained by human throughput.

From Manual Audits to Machine-Scale Reasoning

For decades, software security has relied on a familiar mix, static analysis, fuzzers, manual audits, and the intuition of experienced researchers. These approaches work, but they do not scale cleanly across the modern dependency graph.

Claude Opus 4.6 changes that equation.

The model analyzed real production codebases and surfaced memory safety issues, bounds violations, and logic flaws in mature projects that have been reviewed for years. These were not obscure edge cases buried in experimental repositories. They were defects in core libraries embedded across countless downstream systems.

What distinguishes this from previous AI-assisted tooling is not automation alone, but reasoning. The model inferred how code should behave, compared that expectation to implementation, and flagged deviations that humans had either missed or deprioritized.

This is not pattern matching. It is specification inference at scale.

The Illusion of Open-Source Maturity

One of the most uncomfortable takeaways from this event is how many high-severity issues persisted in widely trusted open-source components.

These libraries were not neglected. They were maintained, patched, and deployed at scale. Yet hundreds of serious flaws remained undiscovered until an AI model examined them holistically.

This reinforces a long-standing reality in supply chain security, widespread usage does not imply deep assurance. Popular code accumulates fixes, not guarantees. Over time, complexity increases faster than human review capacity.

AI does not get tired. It does not context-switch. It does not assume previous reviewers were correct.

The Defender’s Advantage, and the Adversary’s Opportunity

It is tempting to frame this development as a defensive breakthrough, and it is. But it is also an offensive accelerant.

Any capability that reduces the cost of discovering vulnerabilities will eventually reshape attacker economics. The same reasoning that allows defenders to surface latent flaws can be repurposed to identify exploit paths, chain weaknesses, and prioritize targets at unprecedented speed.

The question is no longer whether attackers will use AI for vulnerability discovery. That threshold has already been crossed.

The question is who operationalizes it first, and at what scale.

Why This Changes Vulnerability Management

Most vulnerability management programs are reactive by design. They wait for disclosures, score CVEs, and triage based on exploitability and asset exposure.

AI-driven discovery disrupts that model entirely.

When unknown vulnerabilities can be surfaced proactively and continuously, the distinction between “known” and “unknown” risk begins to collapse. Organizations that integrate AI-assisted code reasoning into development and review pipelines gain visibility into flaws before they are assigned CVEs or weaponized.

Those that do not will increasingly find themselves patching after the fact, reacting to disclosures generated by others, including adversaries.

The New Baseline, AI-Augmented Security Engineering

Claude Opus 4.6’s findings are not an anomaly. They are a preview.

Software security is entering a phase where machine reasoning becomes a baseline capability, not a novelty. Human expertise remains essential, but it will increasingly shift toward validation, prioritization, and architectural decision-making rather than raw discovery.

The organizations that adapt will treat AI as a force multiplier for assurance, embedding it into code review, dependency analysis, and secure design processes.

Those that do not will face a growing asymmetry, more vulnerabilities, discovered faster, by actors with fewer constraints.

The Real Shift

This moment is not about one model or one vendor. It is about a structural change in how software risk is exposed.

For years, defenders assumed that the hardest vulnerabilities to find were also the least likely to be exploited. AI is eroding that assumption. Latent flaws buried in mature codebases are no longer safe by obscurity or reviewer fatigue.

The implication is stark.

Security is no longer limited by how much code humans can read.

And once that limit disappears, everything downstream changes.

Source: https://red.anthropic.com/2026/zero-days/

In early January 2026, one of the largest automated investment platforms in the United States found itself exposed not by a software flaw or a zero-day exploit, but by a far more familiar weakness, trust. Betterment suffered a data breach that exposed sensitive customer information after attackers abused a trusted third-party platform, rapidly converting stolen access into a large-scale crypto scam.

This incident was not accidental, opportunistic, or novel. It was the deliberate work of Scattered Lapsus$ Hunters, a cybercriminal ecosystem that has refined identity abuse into a repeatable intrusion model. The breach highlights a growing reality for fintech and beyond, attackers no longer need to break systems when they can convincingly impersonate them.

A Quiet Breach With Loud Consequences

On January 9, attackers gained access to third-party software used by Betterment for customer communications through social engineering. Rather than targeting core financial systems, the operation focused on exploiting the implicit trust embedded in outsourced platforms, a tactic increasingly favored by modern threat actors.

Once access was secured, fraudulent messages were sent to Betterment customers, disguised as legitimate company notifications. The messages promoted a classic crypto giveaway scam, promising to triple cryptocurrency deposits sent to attacker-controlled wallets. Because the messages originated from a trusted communication channel, the scam carried a level of legitimacy that would have been difficult for many recipients to immediately question.

Betterment quickly disabled the compromised access and warned customers through official channels. The company stated that no passwords, Social Security numbers, or investment accounts were directly accessed. However, the damage had already been done.

The Data That Slipped Through the Cracks

The attackers exfiltrated personally identifiable information, including:

• Full names

• Email addresses

• Physical addresses

• Phone numbers

• Dates of birth

Subsequent analysis indicated that more than 1.4 million unique customer records were exposed. While this data does not enable immediate account takeover, its value lies elsewhere. Aggregated PII fuels identity fraud, targeted phishing, SIM swapping, and high-confidence impersonation campaigns.

This reflects a broader shift in attacker priorities. Instead of going after transactional control, adversaries increasingly harvest data that enables scalable deception. The financial impact may not be immediate, but the downstream risk persists long after breach notifications fade.

Anatomy of the Attack, Identity Over Exploitation

This intrusion did not rely on advanced malware, zero-days, or persistence mechanisms.

• No core banking systems were compromised

• No vulnerabilities were publicly disclosed

• Access was gained through deception, not exploitation

A third-party SaaS platform became the entry point, demonstrating how communication and marketing systems now function as trust delivery mechanisms, not peripheral tools. Once compromised, they allow attackers to speak with the full authority of the brand.

This model bypasses many traditional security controls. MFA, EDR, and network segmentation offer limited protection when an attacker successfully convinces a system, or a human, that they belong.

Attribution, Scattered Lapsus$ Hunters Behind the Breach

The Betterment breach was carried out by Scattered Lapsus$ Hunters, a federated cybercriminal brand that has emerged as one of the most disruptive forces in recent years.

Scattered Lapsus$ Hunters is not a single hierarchical group. It is a loosely connected ecosystem of operators that consolidated reputational and operational elements from Scattered Spider, ShinyHunters, and LAPSUS$. Rather than merging infrastructure, the cluster operates as a shared brand, amplifying visibility, credibility, and intimidation across campaigns.

This federated model allows multiple actors to collaborate, imitate, or operate independently while benefiting from a common identity. The result is a threat actor that behaves less like a gang and more like a franchise.

A Brand Built on Identity Abuse and Visibility

According to threat intelligence reporting, Scattered Lapsus$ Hunters prioritizes social engineering and trust exploitation over technical sophistication. Their operations consistently feature:

• Impersonation of internal IT staff, vendors, or partners

• Social engineering of employees and third parties

• Abuse of SaaS platforms and identity workflows

• Rapid data exfiltration followed by immediate monetization or extortion

• 

  
  

Unlike traditional ransomware groups, Scattered Lapsus$ Hunters favors speed and impact over stealth. Access is obtained, leveraged, and discarded quickly. Data is weaponized immediately, either for extortion, resale, or follow-on fraud.

The Betterment operation fits this pattern precisely. Stolen access was used within hours. Data was repurposed for scam delivery rather than long-term persistence. The objective was not infrastructure control, but trust hijacking at scale.

Strategic Implications for Fintech

The breach underscores several uncomfortable truths for financial platforms:

1. Third-party platforms expand the attack surface. Any system that communicates with customers inherits brand authority, and therefore risk.

2. PII is now a primary objective. Data that enables impersonation is more scalable than direct theft.

3. Attribution models are changing. Federated threat brands blur traditional group boundaries, complicating defense and response.

Regulatory scrutiny around third-party risk, data protection, and disclosure is likely to intensify as incidents like this continue.

The Vulnerability That Refused to Stay Dead

On January 26, 2026, Microsoft issued an urgent out,of,band update to address a high,severity security bypass in multiple Office releases. This wasn’t a garden,variety bug, it undermines the way Office makes trust decisions when handling untrusted inputs, creating an opening for attackers to slip malicious content past built,in mitigations.

The patch was pushed rapidly, and in some modern Office builds the fix was applied server,side, meaning users often only needed to restart the app to be protected.

But the flaw’s “death” was greatly exaggerated.

Weaponizing the Patch Window

Within just three days, seasoned operators linked to Russia’s GRU,associated APT28 (a.k.a. Fancy Bear) had already weaponized the bug in a multi,stage espionage campaign observed in the wild.

CERT,UA, Ukraine’s Computer Emergency Response Team, first reported malicious DOC emails exploiting the flaw arriving in government networks mere days after Microsoft’s alert. Some lures spoofed EU COREPER consultations while others masqueraded as messages from official meteorological services.

This wasn’t opportunistic spam, it was timed precision targeting:

• The exploit chain begins with carefully crafted Office documents.

• A WebDAV,based fetch mechanism triggers a malicious DLL via classic COM/OLE hijacking.

• Shellcode, hidden inside innocuous images, unpacks and runs a COVENANT,based loader.

• From there, persistent backdoors and additional espionage tools can be deployed.

In campaign forensics, this constellation of techniques , WebDAV, COM hijack, image,embedded shellcode, and a COVENANT framework , mirrors methods APT28 has used before.

More Than “Just Another Exploit”

What makes this episode notable isn’t simply that attackers exploited a patched bug, it’s how fast and how seamlessly. In past eras, patch deployment alone might have bought defenders weeks of head,start. Here, defenders were already playing catch,up before the ink on Microsoft’s advisory dried.

This dynamic underscores a broader shift in nation,state cyber operations:

• Speed over stealth: Exploiting known patches painlessly expands attacker reach while keeping operational risk low.

• Infrastructure recycling: The evidently reused loader components from prior campaigns show how adversaries optimize toolchains rather than reinvent them.

• Hybrid lure engineering: Phishing documents themed to real geopolitical events aren’t random, they increase credibility and click,rates.

This is state espionage at its most refined: agile, opportunistic, and procedurally normalized.

APT28: Back in the Cyberespionage Fast Lane

APT28 has been a fixture in Russia’s cyber arsenal for nearly two decades, with documented operations spanning from DNC breaches to European defense,sector intrusions. Their consistent ability to pivot between sophisticated intrusion sets and rapid exploit adoption makes them a bellwether for adversary behavior.

Now, with a newly minted exploit chain under their belt , retooled within days of disclosure , APT28 is demonstrating that “patched” is no longer reliable shorthand for “safe.”

What Defenders Must Do Now

Patch quickly, but verify thoroughly. Applying Microsoft’s updates is necessary but not sufficient. Many environments still lag behind or fail to restart affected applications, leaving gaps in protection.

Harden Office workflows:

• Disable legacy protocols where possible.

• Alert on abnormal WebDAV fetch behavior.

• Restrict Office document macros and isolated content execution.

Monitor for C2 and beaconing traffic. The use of cloud services tied to COVENANT infrastructure, if present, should be flagged and evaluated.

Assume exploitation windows are shrinking. This incident is more than a patch story, it’s a warning: the time between disclosure and exploitation is now measured in days, not weeks or months.

The Last Word

This wasn’t just another Office bug, it was a tactical foothold seized by one of the world’s most persistent espionage groups. In the evolving threat landscape, the real vulnerability isn’t just in the code, it’s in the assumption that patching buys safety.

In the age of rapid exploit chaining and agile nation,state actors, defenders must treat every vulnerability as already weaponized and every patch as the starting signal for the next attack.

In the days leading up to the UN General Assembly, the Secret Service’s Advanced Threat Interdiction Unit executed a coordinated takedown :

• 300+ SIM servers seized
  

• 100,000 SIM cards pulled from circulation
  

• Safehouses raided across New York, New Jersey, Connecticut

The network wasn’t tucked away in dark-web forums. It was staged inside apartments, offices, and storage units within a 35-mile radius of Manhattan. Right where heads of state were converging:

What the Network Was For

At minimum, it was already used to push anonymous threats against U.S. officials. But the architecture suggests more than harassment:

• Telecom disruption. SIM farms at this scale can flood towers, overload signaling channels, or degrade service across a region.

• Anonymized C2. Rotating SIM cards in hundreds of servers = perfect cover for command-and-control, blending into the noise of carrier traffic.

• Spoofed identities. From SMS phishing to fake caller IDs, the infrastructure could impersonate anyone, anywhere.

This was less about “SIM fraud” and more about bending the backbone of communications.

Nation-State Shadows

The Hacker News cites investigators linking the traffic to known state operators and persons of interest to law enforcement . The Secret Service avoided naming a country, but the inference is clear: hostile intelligence services were active in the loop.

Think about it:

• Renting dozens of properties across tri-state costs money.

• Procuring, shipping, and syncing 300 SIM servers costs even more.

• Stashing 100,000 SIMs requires logistics networks, shell companies, laundering.

This wasn’t a hobbyist farm. It was a funded project, staged near one of the highest-value diplomatic events on the planet.

The Bigger Play

Ask the harder questions:

• Were these SIM safehouses meant to blind or jam networks during a UN crisis?

• Were they serving as covert comms nodes for agents in-country?

• Or were they a masking layer, allowing hostile actors to deliver threats and misinformation while hiding behind U.S. phone numbers?

Whatever the intent, the optics are the same: pre-positioning telecom weapons inside the host city of the UN is escalation.

Why It Matters

• Telecom is soft underbelly. We secure endpoints, patch servers, scan emails, but the SIM layer remains an afterthought. This case shows it’s an exploitable battlefield.

• Hybrid ops, cheap tools. A SIM farm is deniable, disposable, and globally scalable. Pair it with state sponsorship, it turns into infrastructure terrorism.

• Signal to adversaries. The takedown isn’t just enforcement, it’s deterrence. The U.S. just drew a line: deploy infrastructure near critical diplomatic events, expect it to be burned.

The Last Word

300 servers, 100,000 SIMs, empty safehouses — all hidden in plain sight. The Secret Service dismantled this one, but it won’t be the last.

The blueprint is simple: weaponize telecom, cloak operations in fraud infrastructure, and wait for the right moment to flip the switch.

We’ve entered a new phase where the real threat isn’t malware in your inbox, it’s the phantom network humming quietly in a storage unit down the block.

Two arrests in the UK, teenagers accused in the Transport for London hack, should change how we describe modern cybercrime. This isn’t a story about glorified script kiddies, it’s about a business model: fast, modular, global, and run by people who learned to scale damage before they turned 20.

What happened, at a glance

• UK law enforcement arrested two young men linked to the August 2024 attack on Transport for London (TfL). One suspect, already on the radar, now faces fresh allegations tying him to dozens of other intrusions.

• U.S. prosecutors have also filed charges alleging involvement in wide ranging intrusions across hundreds of victims and $100M+ in criminal proceeds.

• TfL initially downplayed impact, later disclosures admitted names, contact info and addresses were accessed, a public service breach that hits trust more than ticketing.

This is not noise, it’s a pattern.

Why the arrests matter

We’ve been telling a familiar story for a decade: criminals are organized, attacks are professional, and nation state tradecraft is being repurposed for profit. These arrests flip the script in two ways:

1. Youth as capability vector. Teenagers aren’t just being radicalized by forums, they’re building, operating, and monetizing criminal infrastructure. Tools, access, and money move fast, age no longer limits impact.

2. Transnational markets are maturing. The alleged scope, cross border breaches, laundering, and payoffs, reads like a corporate operation. Wallets, comms, clean up teams. This is not ad hoc vandalism, it’s a service economy.

   

Read the signals, not the headlines

A few cautious points that matter for defenders:

• Scope vs. role. Arrests of individuals don’t always equal disruption of the whole network. Were these actors operators, facilitators, or hired muscle? Expect more indictments, the infrastructure trails money.

• Data vs. disruption. Public transit hacks are reputational poison. Even if core systems weren’t destroyed, access to passenger PII and operational telemetry is enough to sow chaos and blackmail.

• Legal complexity. Cross border prosecutions, evidence chains, and extraditions are messy. The DOJ’s involvement signals seriousness, and that investigators found forensic breadcrumbs tying activity to U.S. victims.

The tactical picture (what they likely did)

We don’t have a full playbook from the indictments yet, but patterns repeat:

• Phishing and credential stuffing are default first steps, low cost, high yield.

• Ransomware and double extortion are now services: encrypt, and threaten to leak PII.

• Money funnels: crypto mixers, layered transfers, and cashouts through complicit vendors.

• Specialized roles: initial access brokers, extortion managers, money laundering facilitators. Teens can play any of these roles, and often do several at once.

Systemic consequences (not just for TfL)

• Public infrastructure is soft prey. Transit systems, hospitals, utilities, high social impact, weak incentives to fully modernize security. Attackers know this balance.

• The youth problem won’t be solved by arrests alone. The on ramp is information: marketplaces, leak forums, and permissive comms channels. Arrests remove actors, not the platform economy that trains them.

• Insurance and regulation will harden. Expect supply side shock: insurers tighten policies, governments demand stricter baseline controls for critical services. That’s necessary, and insufficient without enforcement.

  

  
  

The last word

This isn’t a morality tale about kids who made bad choices, it’s a systems failure: marketplaces that teach, profit structures that reward scale, and public services that still treat cybersecurity as a checkbox.

Arrests are necessary, but they are not a cure. If we want fewer headlines like this one, we must treat cybercrime as a full spectrum societal problem, technical, legal, financial, and social, and act like it.

The Silent Breach

No brute force. No ransomware splash screen.

Instead, the attack slid under the radar, into the training data.

Russia’s propaganda apparatus, the Pravda network, didn’t bother chasing clicks. It wasn’t built for you. It was built for crawlers. Dozens of domains, thousands of articles, carefully tuned to look legitimate to a bot that can’t tell propaganda from policy paper.

And the result? You ask an AI assistant a geopolitical question, and it parrots back Moscow’s line. Not once. Not occasionally. One-third of the time.

From Troll Farms to Training Loops

The Kremlin’s evolution is brutal in its simplicity.

• Yesterday’s playbook: flood social feeds with trolls, bots, and rage bait.

• Today’s playbook: flood the open web with articles nobody reads but every AI consumes.

Why fight for human attention when machines now mediate the truth?

When researchers probed top models on Ukraine bioweapons, seven cited Pravda sites directly. That’s propaganda laundering at scale: disinformation seeded in fake sites, harvested by crawlers, then reborn in your chatbot’s confident tone.

Why It Cuts Deeper

We used to track influence by reach: how many retweets, how many views, how many shares. That metric is dead.

This isn’t about virality anymore. It’s about saturation. Pump enough garbage into the ecosystem, and the crawlers choke on it. Volume beats veracity.

Every poisoned answer doesn’t just mislead a human today, it contaminates the model tomorrow. The loop tightens. The lies compound. What started as propaganda becomes synthetic canon.

The Systemic Blind Spot

Here’s the kicker: the defenses are falling apart.

AI firms disband safety teams. Moderation budgets shrink. The arms race to ship new features leaves guardrails half-built. Meanwhile, state-backed operators are playing the long game, feeding data streams with a steady drip of distortion.

No zero-day required. No malware needed. Just content. Just patience.

It’s influence ops at machine speed, and we’re still fighting like it’s 2016.

The CodeAIntel Breakdown

• LLM Grooming is the new frontline. Hack the narrative before it hits the user.

• Scale > Skill. You don’t need sophistication when you can drown the indexes in noise.

• Guard down = gate open. Weakened moderation is the perfect condition for poisoning.

• Recursive risk. Poison today → contaminated answers tomorrow → corrupted training forever.

What Needs to Happen

1. Audit the intake. Know exactly where your models pull data from. Transparency in the pipeline beats blind trust.

2. Stress-test responses. Regularly probe your AI with sensitive prompts. If propaganda shows up, you’ve got a signal, not a surprise.

3. Elevate threat intel upstream. Track and flag content farms before they get ingested, not after.

4. Collaborate across the field. AI firms, researchers, and policymakers need shared visibility to keep poisoning attempts from spreading unchecked.

The Last Word

This isn’t misinformation you scroll past. This is misinformation embedded.

When Russia can whisper into the training data, your AI becomes the carrier, a Trojan horse that speaks with authority and sells you the lie.

The propaganda war isn’t outside anymore. It’s inside the machine. And if you’re not checking what your models ingest, you may already be running Moscow’s script.

• This repository contains data used for the Pravda Network dissemination investigation: https://github.com/CheckFirstHQ/pravda-network-dissemination-data

  Thanks for reading CodeAIntel! This post is public so feel free to share it.

  Share

The Show Ends in Rotherham

The curtain dropped in an unremarkable flat in Rotherham. Inside: laptops, hard drives, and one man who fancied himself both digital warrior and cyber-rockstar.

Al-Tahery Al-Mashriky, 26, wasn’t new to the stage. For years, he’d carved his name into the internet with defacements plastered across government domains, faith-based organizations, and even critical infrastructure. His favorite calling cards? Political slogans, ideological manifestos, banners screaming into the void. NCA investigators were able to link Al-Mashriky to the Yemen Cyber Army through social media and email accounts.

But when the National Crime Agency came knocking, they didn’t just find a graffiti artist in the digital alley. They found millions of stolen credentials—Facebook, Netflix, PayPal, entire swathes of everyday life siphoned off and stashed away like trophies.

The “hacktivist” label was theater. The credential thief was the truth.

Hacktivism as Stage Prop

Defacements are the oldest cyber trick in the book. They’re cheap, they’re loud, they get headlines. They also distract.

Al-Mashriky’s game wasn’t advanced exploitation—it was repetition. He didn’t need zero-days or bespoke implants. He preyed on the weak, the misconfigured, the forgotten. Each compromised site was another billboard for ideology, another performance to prove he mattered.

But behind the flashing banners, another show was running:

• Harvested credentials spilling out of his devices.

• Millions of logins sitting in neat little lists ready for resale or reuse.

• Access turned into currency, traded in the dark corners where digital chatter never stops.

This wasn’t hacktivism. This was fraud draped in politics.

The Ego Economy

Cybercrime has its own economy, and ego is the tax you can’t avoid.

Al-Mashriky didn’t just hack—he bragged. On forums and in groups, he claimed 3,000 websites in three months. Not for money, not even for ideology—but for recognition.

Every boast was an IOU to investigators. Every defacement a breadcrumb. Every credential dump another nail in his digital coffin.

And in the end, it wasn’t the millions of stolen logins that brought him down. It was the performance. The need to be seen. The compulsive posting of proof.

Why the Sentence Matters (and Why It Doesn’t)

On August 15, 2025, the UK court handed him 20 months in prison. For some, that sounds light. For others, it’s symbolic: a line in the sand that hacktivism isn’t harmless vandalism—it’s data theft, fraud, and operational disruption wrapped in a slogan.

But here’s the uncomfortable truth: while Al-Mashriky serves time, the tactics don’t. Defacement will remain a smokescreen. Credentials will remain currency. And the next ego-driven operator is already warming up backstage.

The CodeAIntel Breakdown

• Defacement is theater. It grabs headlines, it confuses responders, but it’s never the real play.

• The real payload is identity. Stolen logins fuel fraud, social engineering, and resale markets. That’s where the money—and the damage—lives.

• Ego is the investigator’s ally. Bragging rights on forums accelerate investigations faster than malware signatures ever will.

• Sentences are signals, not solutions. Punishment sets precedent, but the cycle persists until credentials stop being the weakest link.

What To Do (Before You’re the Next Stage)

1. Audit and isolate. Stop assuming your public-facing site is “too small” to matter. If it can be defaced, it can be used.

2. Credential hygiene isn’t optional. Weak or reused passwords are still the number-one breach vector. Kill them before they kill you.

3. Monitor your name in the underground. If your org pops up in a dump, you’re not the first to know—you’re the last.

4. Don’t chase graffiti. If your SOC is consumed by web banners, the real damage—the credential theft—has already passed you by.

Final Word

Al-Mashriky thought he was scripting ideology into cyberspace. In reality, he was a middle-tier credential broker with a flair for banners and a desperate need for clout. The NCA closed his act, but the stage is never empty.

Somewhere else, another defacer is polishing their slogans, another ego is counting breached sites, and another organization is about to mistake propaganda for the real payload.

At CodeAIntel, we don’t watch the slogans. We watch the trade. Because in cybercrime, the show is never on stage—it’s always in the backroom.

Soruce: https://www.nationalcrimeagency.gov.uk/news/serial-hacker-who-defaced-official-websites-is-sentenced

What Actually Happened

On July 9, French police picked up Stanislav Makshantsev, a 32-year-old Russian pro basketball player, in Provence.
They grabbed him on a U.S. extradition request.
Why?
He’s accused of helping the Hive ransomware gang wash their ransom cash.
At least $200,000 in victim payments tracked so far, but prosecutors say that’s just the tip.

The Real Charges

He didn’t run the ransomware, he didn’t code it, he didn’t pop the boxes.
He laundered the profits, according to U.S. charges.
Multiple bank accounts, crypto swaps, shell companies, all the usual tricks.
Hive was one of the nastiest crews around, hitting hospitals, schools, critical infrastructure until the FBI knocked them over in early 2023.
Without a launderer, none of that ransom money sticks.
Simple math.

The Double Life

Day job? Semi-pro hoops, Russian national youth team vet, local club contract in France.
Night gig? Allegedly moving dirty crypto, turning extorted Bitcoin into clean money.
He lived in France for years, nobody blinked.
No hoodies in a basement, just a sports jersey and a side hustle that paid more than any mid-tier court ever could.

Why It Actually Matters

Everyone thinks ransomware is just the code.
It’s not.
The real choke point is the cash out.
No mules, no accounts, no shell companies?
No payday.
Crews like Hive live and die by their launderers.
They don’t wear ski masks, they blend in.
Athletes, influencers, gig workers with clean credit — anyone who can slip big payments past nosey banks.

What’s Next

Makshantsev’s lawyers say it’s all political, but the U.S. wants him on a plane.
He’s stuck in French detention fighting the warrant.
Either way, he’s now the face of an old lesson: ransomware isn’t just code, it’s people.
Your real risk might be playing pick-up ball while moving millions for someone else’s extortion ring.

The CodeAIntel Take

People keep looking for threat actors in basements, but your real threat actor might be draining your account, then draining three-pointers the next day.
This is hybrid crime at its cheapest.
Take away the money guys and the whole ecosystem starves.
Watch the money, watch the mules, and stop assuming everyone with a clean record is really clean.
Stay loud, stay paranoid, keep your eyes on the cash.