Threat Watch Feed
🚩 – IOCs Added
The red flag indicates that Indicators of Compromise (IOCs) have been added to SRA’s Threat Feed used by CyberSOC clients. Articles may not be flagged if IOCs are not available at the time or are not applicable to the article.
🚩 Advanced Typosquatting Campaigns Utilize Strategic HTTP Redirects And Geo-Targeting To Evade Detection And Facilitate Phishing Attacks
CrowdStrike Counter Adversary Operations reported that threat actors are deploying increasingly sophisticated typosquatting campaigns to bypass detection. Adversaries are exploiting weak domain registration verification processes to spoof WHOIS data and register look-alike domains for brand impersonation and credential harvesting. By replacing characters or adding common prefixes, attackers create domains that visually mimic legitimate organizations and use public corporate data to increase their appearance of authenticity. Threat actors employ three primary evasion techniques to obscure their malicious infrastructure. First, they use 301 or 302 HTTP redirects to forward web traffic to the legitimate organization’s site while retaining control of the domain’s Mail Exchanger (MX) records for phishing operations. Second, they utilize geo-targeted IP filtering to serve benign or “under construction” content to automated scanners and security researchers, displaying malicious pages only to intended targets. Third, they camouflage malicious domains using AI-generated “domain for sale” pages to maintain plausible deniability while conducting underlying email-based attacks.
Impact: These evasive techniques allow malicious infrastructure to bypass reputation-based email filtering and automated security scanners. By maintaining convincing facades, threat actors can conduct prolonged spear-phishing and credential harvesting operations. Because the domains appear benign to casual observers and often redirect to legitimate sites, users are more likely to trust the associated phishing emails, resulting in compromised employee accounts and damaged organizational reputation.
Recommendation: Implement proactive domain monitoring to detect and disrupt look-alike registrations before they are weaponized. Enforce multi-factor authentication to mitigate credential harvesting and educate employees on identifying subtle domain variations in inbound communications.
Splunk Releases February 2026 Security Content Update Providing New Detections for AI-Abusing Malware, npm Supply Chain Worms, and Critical Vulnerabilities
The Splunk Threat Research Team published its quarterly security content update on February 20, 2026, encompassing analytics developed between November 2025 and January 2026. The release provides defenders with new out-of-the-box detection searches, analytic stories, and SOAR playbooks accessible via the Enterprise Security Content Update and Splunk Security Essentials apps. The update heavily focuses on adversary abuse of artificial intelligence and emerging vulnerabilities. New analytic stories target “Shadow AI” deployments, as well as malware utilizing legitimate LLM APIs for command-and-control, such as SesameOp abusing the OpenAI Assistants API and PromptFlux leveraging the Gemini API. The release also includes detections for npm supply chain compromises like the Shai-Hulud worm, malicious use of the NetSupport Remote Manager Tool, and critical vulnerabilities including Kerberos Coercion (CVE-2025-33073) and React2Shell (CVE-2025-55182).
Impact: The weaponization of legitimate AI services for command-and-control operations allows threat actors to blend malicious traffic with expected web activity, creating severe visibility gaps. Unauthorized local AI frameworks introduce additional risks of data exfiltration and intellectual property leakage that bypass standard enterprise data loss prevention controls. Concurrently, supply chain worms threaten the integrity of development pipelines by automatically harvesting secrets and planting backdoors across code repositories.
Recommendation: Organizations should review the concepts detailed by the Splunk Threat Research Team and consider integrating the underlying detection logic into their respective security platforms. Monitor environments for unauthorized Shadow AI frameworks and unusual outbound connections to LLM APIs from non-standard processes. Hunt for the misuse of legitimate software, such as the NetSupport client executing from unusual directories like Downloads or ProgramData. Furthermore, organizations should apply available patches for CVE-2025-33073 and CVE-2025-55182.
🚩 SANDWORM_MODE: Shai-Hulud-Style npm Worm Hijacks CI Workflows and Targets AI Coding Assistants
The Socket Research Team disclosed a new Shai-Hulud-style supply chain worm campaign, dubbed SANDWORM_MODE. The threat actor published at least 19 malicious npm packages under the aliases official334 and javaorg. The campaign targets developers and CI environments through typosquatting popular utilities like supports-color and AI tools such as Claude Code and OpenClaw. Upon installation, the payload executes a multi-stage attack. Stage 1 immediately harvests and exfiltrates crypto wallet keys and environment secrets via an HTTPS “drain hotline.” Stage 2, which is gated by a 48-to-96-hour time delay (bypassed in CI environments), performs deep credential harvesting and initiates worm propagation. It automatically infects other repositories accessible to the victim by abusing stolen GitHub and npm tokens. The worm also injects rogue Model Context Protocol (MCP) servers into local AI coding assistant configurations (e.g., Cursor, Windsurf) to silently steal credentials during coding sessions, and establishes persistence via git hooks using the global init.templateDir setting.
Impact: This campaign automates lateral movement across the software supply chain. By compromising a single developer or CI pipeline, the worm can hijack the victim’s identity to push malicious code to other repositories and publish infected packages to the npm registry. The injection of malicious MCP servers into AI coding assistants allows attackers to covertly extract SSH keys, AWS credentials, and LLM API keys directly from the developer’s local environment. The payload also contains a dormant “dead switch” that, if enabled, can wipe the user’s home directory.
Recommendation: Organizations should verify if any of the 19 identified packages (e.g., suport-color, claud-code, scan-store) were installed and remove them. If exposure is suspected, teams shouls rotate all npm tokens, GitHub personal access tokens, and CI secrets. Administrators should audit .github/workflows/ for unauthorized pull_request_target additions, inspect global git configurations to remove unauthorized init.templateDir settings, and review local AI assistant configurations for unknown mcpServers entries. Finally, organizations should restrict CI workflows to enforce least privilege and adopt OIDC-based trusted publishing where possible.
🚩 An AI-Augmented, Financially Motivated Threat Actor Compromised Over 600 FortiGate Devices Globally by Exploiting Exposed Management Ports and Weak Credentials
Amazon Threat Intelligence reported that a Russian-speaking threat actor successfully compromised over 600 FortiGate devices across more than 55 countries. The campaign occurred between January 11 and February 18, 2026. The activity demonstrates how commercial generative AI services are enabling unsophisticated actors to scale cyberattacks and target global infrastructure without relying on advanced zero-day exploits. The threat actor gained initial access by systematically scanning for FortiGate management interfaces exposed on ports 443, 8443, 10443, and 4443, and then authenticating using weak or reused credentials lacking multi-factor authentication. Once inside, the actor used multiple commercial AI models to parse device configurations, develop custom Go and Python reconnaissance tools, and generate step-by-step attack plans. While the attacker successfully used open-source tools like Meterpreter and Nuclei for post-exploitation, their operations were notably shallow. When their AI-generated plans failed against hardened targets, the actor lacked the technical skill to manually pivot and simply moved on to softer targets.
Impact: Compromising the FortiGate appliances allowed the threat actor to extract complete device configurations containing SSL-VPN credentials, administrative passwords, network topologies, and IPsec VPN peer data. The attacker leveraged this information to penetrate internal networks, compromise Active Directory environments to harvest complete credential databases, and specifically target Veeam backup infrastructure. Targeting backup servers allows an attacker to destroy recovery capabilities, which is a strong indicator of pre-ransomware staging operations.
Recommendation: Organizations should remove internet exposure for all FortiGate management interfaces or restrict remote administration to known IP ranges via a bastion host. Administrators should change all default passwords, rotate SSL-VPN credentials, and enforce multi-factor authentication for all administrative and VPN access. Monitor networks for unauthorized DCSync operations, LLMNR/NBT-NS poisoning, and unusual scheduled tasks. Finally, organizations should isolate backup servers, patch backup software against credential extraction vulnerabilities, and implement immutable backups.
🚩 Critical BeyondTrust Remote Code Execution Vulnerability Actively Exploited to Deploy VShell and SparkRAT
On February 6, 2026, BeyondTrust disclosed a critical remote code execution vulnerability (CVE-2026-1731) affecting its Remote Support and Privileged Remote Access platforms. Palo Alto Networks Unit 42 reported active exploitation on February 19, 2026, noting that the flaw impacts organizations across multiple sectors. Due to the severity of the threat, CISA added the vulnerability to its Known Exploited Vulnerabilities catalog on February 13, 2026. The vulnerability is an OS command injection flaw residing in the component that handles incoming WebSocket connections. Unauthenticated attackers can exploit this during the handshake phase by submitting a maliciously crafted version string. Because the backend script uses improper bash arithmetic evaluation, it inadvertently executes the injected payload. Unit 42 confirms active exploitation in the wild, observing attackers using this initial access to deploy web shells, temporarily hijack administrative accounts, and install backdoors like SparkRAT and VShell.
Impact: Successful exploitation grants an unauthenticated attacker the ability to execute operating system commands in the context of the site user. This level of access provides control over the appliance configuration, managed remote sessions, and network traffic. Attackers are currently using this access to conduct network reconnaissance, establish persistence via DNS tunneling, and exfiltrate sensitive internal databases. Because these platforms are specifically designed for privileged access management, a compromise severely undermines enterprise security and enables deep lateral movement.
Recommendation: Organizations should identify exposed BeyondTrust appliances and verify their patch status. Self-hosted customers not subscribed to automatic updates must manually upgrade Remote Support to version 25.3.2 or Privileged Remote Access to version 25.1.1. Audit appliance logs and databases for unauthorized administrative accounts, unexpected Python scripts, or unrecognized PHP web shells in web root directories. Monitor outbound network traffic for signs of DNS tunneling or unexpected connections over ports commonly used by remote access tools. Restrict administrative and management interfaces to internal segmented networks or Zero Trust Network Access gateways to limit public exposure.
🚩 Elastic Security Labs Discovers MIMICRAT, a Custom C++ RAT Delivered via a Multi-Stage ClickFix Campaign Using Compromised Legitimate Websites
Elastic Security Labs disclosed an active ClickFix campaign on February 19, 2026, that delivers a newly discovered Remote Access Trojan (RAT) dubbed MIMICRAT. The campaign relies on compromising legitimate websites to serve fake Cloudflare verification pages across 17 different languages. These localized lures trick users into manually copying and executing an obfuscated PowerShell command from their clipboard. The attack unfolds across a five-stage execution chain that programmatically patches Antimalware Scan Interface (AMSI) and Event Tracing for Windows (ETW) in memory to blind defensive sensors The script then drops a custom Lua-based loader that decrypts and executes shellcode entirely in memory to deploy the final payload. MIMICRAT is a native C++ implant that communicates over HTTPS using malleable C2 profiles disguised as legitimate web analytics traffic. It supports 22 distinct commands, featuring capabilities for token theft, process manipulation, shellcode injection, and SOCKS5 proxy tunneling.
Impact: By socially engineering users into manually executing the initial PowerShell command, attackers successfully bypass standard browser-based download protections and perimeter proxies. Once MIMICRAT is deployed, threat actors gain deep, persistent control over the infected endpoint. The RAT’s built-in token impersonation and SOCKS5 proxy capabilities demonstrate that it is highly optimized for immediate lateral movement and sustained data exfiltration within enterprise environments.
Recommendation: Block known payload delivery and C2 infrastructure. Monitor or hunt for commands containing minimized window flags (-WInDo Min), obfuscated string manipulation, or reflective memory patching associated with AMSI and ETW bypasses. Finally, organizations should educate employees on the mechanics of ClickFix campaigns, emphasizing that legitimate services will never ask users to open a Run dialog or PowerShell terminal to paste verification commands.
Sign up here!
To receive the TIGR Threat Watch email bulletin and critical vulnerability notifications, simply complete the form below.
Follow on Twitter
@SRA_ThreatWatch will keep you up to date with the most recent posts on your social media feed.
Subscribe to the RSS
Just copy and add this link to your RSS app and be notified immediately when new intel is posted.
How to use RSS
Following the RSS feed is easy. RSS can be added in your Outlook desktop app, and there are many free RSS readers available for your mobile device.
To follow using Outlook:
- In Outlook, right-click the RSS Feeds folder and choose Add a New RSS Feed.
- In the New RSS Feed dialog box, enter the URL of the RSS Feed: https://sra.io/category/tigr/feed
(click here for detailed instructions and additional options for Outlook)
Popular mobile RSS reader apps include:
- Feedly
- NewsBlur
- RSS Reader
- Inoreader
After installing your preferred RSS reader, you will be able to add this feed by entering the URL: https://sra.io/category/tigr/feed
Threat Bulletin Archive
About TIGR Threat Watch
Our Threat Intelligence Gathering & Research (TIGR) team is focused on threat intelligence and curates a daily intelligence report, TIGR Threat Watch, with information collected from several industry intel sources. We also create and publish ad-hoc critical vulnerability notifications in case of critical and time-sensitive vulnerabilities or threats. These notifications include details and recommendations for mitigation/remediation.