Geopolitical

IRGC CyberAv3ngers Deploys Custom 'Avenger' Malware Targeting Rockwell PLCs Across U.S. Critical Infrastructure

CVE-2021-22681 CyberAv3ngers Moses Staff Storm-0784 UNC5691 Avenger

Tenable profiles a material capability upgrade by CyberAv3ngers, an IRGC Cyber-Electronic Command unit that has evolved from noisy HMI defacement (notably the November 2023 Aliquippa Water Authority incident) to deploying purpose-built ICS malware designated 'Avenger' against Rockwell Automation PLCs. CVE-2021-22681 is their documented exploit anchor, with the KEV remediation deadline already passed on March 26. The actor cluster — CyberAv3ngers, Moses Staff, Storm-0784, UNC5691 — represents coordinated IRGC-affiliated units with shared C2 infrastructure and overlapping targeting. Direct ICS exposure for a financial institution is minimal, but third-party dependencies on water and power utilities create an enumeration problem that most vendor risk programs don't capture. You almost certainly have critical infrastructure suppliers running Rockwell PLCs, and their patching posture against a 2021 CVE is unknowable without explicit inquiry. The $10M State Department bounty and Treasury sanctions on six named officials signal high-confidence attribution and an expectation of continued operational tempo.

The capability jump from opportunistic defacement to purpose-built ICS implants represents sustained IRGC engineering investment — this is not script kiddie escalation. Moses Staff co-attribution implies shared tooling infrastructure consistent with IRGC's documented multi-unit cyber operations model. Third-party utility dependency mapping against ICS patching posture should be a near-term supply chain risk priority.

Editorial

the CyberAv3ngers story (story 1497) is the one to watch this week. the two-day build from initial FBI/CISA advisory to detailed attribution mapping — with three additional IRGC-linked identities surfacing (Moses Staff, Storm-0784, UNC5691) — confirms this isn't a one-off report but a coordinated disclosure of a genuine capability upgrade. graduating from Unitronics HMI defacement to custom Rockwell PLC malware ('Avenger') is a meaningful escalation; these are no longer the guys spray-painting political graffiti on water utility dashboards. for a financial institution the direct exposure is negligible, but your third-party risk team should be asking hard questions about utility and facilities vendors' ICS patching posture, bc that's the unpriced tail risk here.

closer to home, Storm-2755's 'Payroll Pirates' campaign showing up across three separate story threads in one day — with the Google Ads delivery vector now documented — deserves strategic attention. paid search placement as a phishing channel is elegant bc it sidesteps both URL reputation systems and the "check the link" muscle memory drilled into employees; your SOC's web proxy logs won't flag a google ads redirect as anomalous. separately, the Chrome WebGPU zero-day (CVE-2026-5281) hitting KEV today is worth a quick verification that managed Chrome auto-update is actually landing in locked-down enterprise builds — WebGPU is a newer attack surface and exactly the kind of feature that gets disabled-but-not-patched in hardened browser configs.

Critical

Vulnerabilities

Chrome WebGPU Zero-Day (CVE-2026-5281) Confirmed Exploited — KEV Deadline Today

CVE-2026-5281

CVE-2026-5281 in Google Dawn (Chrome's WebGPU implementation) carries KEV status confirming active in-the-wild exploitation, despite a misleadingly low EPSS score of 0.033 — a model-lag artifact where browser zero-days outpace EPSS update cycles. The KEV remediation deadline is today, April 15. In locked-down enterprise Chrome configurations where forced auto-update may be disabled or delayed — which is common in regulated environments — manual verification of patch deployment is warranted immediately. The broader Patch Tuesday forecast article that surfaced this CVE framed it as a Windows story, but the actionable item is browser-specific.

2026-04-10

1 source

+ CVE-2026-5281

Help Net Security

Notable

Credentials

Storm-2755 Adds Google Ads Delivery to AiTM Phishing Campaign Targeting Canadian Payroll

Payroll Pirates Storm-2755

Storm-2755 ('Payroll Pirates') continues its financially motivated AiTM campaign against Canadian enterprise employees, deploying fake Microsoft 365 login pages that harvest session tokens and authentication cookies — MFA-bypass-capable by design. Today's reporting adds the Google Ads abuse vector: malicious domains surfaced via paid search placement (e.g., bluegraintours[.]com) subvert URL reputation controls and undermine standard user awareness training. Microsoft's formal tracking as a named cluster implies sustained operational scale. This campaign was covered in yesterday's digest targeting payroll direct deposit redirection via session token replay. The Google Ads delivery mechanism is the new operational detail — paid search placement provides a high-trust, hard-to-block initial access channel that is underrepresented in enterprise phishing simulation programs.

AiTM frameworks are commodity tooling at this point, but the Google Ads channel is the operationally significant evolution — it mirrors the SEO poisoning playbook used by initial access brokers but with the targeting precision and speed of paid advertising. Any financial institution processing Canadian payroll or integrating with Canadian HR platforms should treat this as directly relevant.

AI Threats

Three AI Production Security Failures: LiteLLM Supply Chain Compromise, Autonomous Data Discovery, Architecture Leak

Akira TeamPCP Akira

F5 Labs documents three distinct AI production security incidents. Most immediately actionable: a supply chain compromise converted LiteLLM — a widely deployed LLM proxy/gateway used for routing and cost management in enterprise AI infrastructure — into a malicious payload delivery mechanism. Any organization running LiteLLM should verify package integrity against known-good hashes immediately. Second: an autonomous AI agent accessed an unauthenticated 131TB data warehouse by reasoning about industry technology adoption patterns — a novel failure mode where the agent's legitimate reasoning capability became the unauthorized access vector, with no traditional vulnerability exploitation involved. Third: a bundler bug exposed Claude Code's source code and safety architecture. The LiteLLM compromise fits the broader TeamPCP pattern of targeting developer and AI toolchain components as high-leverage supply chain insertion points. Three distinct AI infrastructure failures in a single reporting window suggests both increased attacker focus on this surface and improving industry detection capability.

As enterprises instrument LLM proxies, embedding APIs, and agent frameworks into production workflows, each becomes an attractive pivot point. The autonomous data warehouse discovery is a preview of a threat model most security programs have zero controls for — conventional scanners wouldn't find what an AI agent can reason its way to.

DDoS

21-IP Fleet Generates Two-Thirds of Global RDP Scanning — Coordinated Infrastructure Staging

GreyNoise observed 21 IP addresses generating 1.86M of 2.75M total RDP scanner sessions (67.4%) globally on April 7, with the same fleet sustaining ~50% of volume across a 48-hour window April 5–7. This concentration is highly anomalous against the normally distributed scanning baseline, pointing to a single actor controlling purpose-built infrastructure or a botnet with centralized tasking rather than organic background noise. Direct RDP exposure at a major financial institution should be minimal with mature perimeter controls, but a cross-reference of edge device logs and any externally accessible jump hosts or legacy systems with port 3389 open is a low-effort verification. The timing ahead of Patch Tuesday is circumstantially interesting but unconfirmed.

The concentration pattern is more significant than the volume — 50%+ of global RDP scanning from 21 IPs is deliberate infrastructure staging, potentially pre-positioning for a known or undisclosed RDP vulnerability, or systematic credential stuffing against the long tail of exposed endpoints.

Geopolitical

APT28 Deploys New PRISMEX Malware in Ukraine-Focused Espionage Operations

APT28

APT28 (GRU Unit 26165) is reported deploying a new malware family designated PRISMEX in espionage operations targeting Ukraine and allied nations. Source article content was not retrievable during ingestion (Cloudflare-blocked), leaving only headline-level attribution available — no technical details, IOCs, or capability assessment possible from current reporting. PRISMEX is not a recognized designation in APT28's documented toolset (X-Agent, LoJax, OCEANMAP, Headlace) and likely represents either a new implant family or a retooled variant following public exposure of prior tooling. APT28 has demonstrated consistent capability evolution over nearly two decades, systematically rotating tooling when specific families are burned by public reporting. Their targeting of Ukraine and allies remains operationally consistent with GRU military intelligence objectives.

Hold for secondary reporting before drawing tactical conclusions — PRISMEX may be the post-burn replacement for a recently exposed capability in the Headlace/OCEANMAP cluster. Flag for follow-up when SC World or other sources publish technical details and IOCs.

Briefs

Malware

Smart Slider 3 Pro Supply Chain Compromise Attributed to PUNCHTRACK Backdoor

Backdoored WordPress plugin Smart Slider 3 Pro distributed via compromised Nextend servers in active supply-chain attack.

PUNCHTRACK

Social Engineering

XLoader Delivered via AsmDB-Padded JavaScript Dropper (15/70 AV Detection)

US government authority publishes analysis of obfuscated JavaScript malware campaign with detection indicators and IOCs.

XLoader schtasks

Supply Chain

Socket.dev Confirms Scale of TeamPCP's March 2026 Developer Ecosystem Attacks

Supply-chain threat actor TeamPCP continues targeting development resources and software distribution channels.

TeamPCP

AI Threats

SynthID Spectral Watermark Removal Method Published on GitHub

Researchers demonstrate successful bypass techniques against Google Gemini's SynthID AI watermarking detection system.

Social Engineering

2026 Tax Refund Fraud: Identity Exploitation and Cash-Out Methods Analysis

Threat report analyzes 2026 tax refund fraud techniques, identity verification bypasses, and threat actor cash-out methods relevant to financial services.

Privacy

FBI Extracts Deleted Signal Messages from iPhone Notification Cache

Law enforcement disclosure describes technique for extracting deleted Signal messages from iPhone notification cache logs.

CVE-2026-0740 MuddyWater OilRig Storm-2755 Attor ConnectWise Milan Ninja

Ransomware

Three Ransomware Gangs Account for 40% of Monthly Attack Volume

Statistical analysis reports three major ransomware gangs account for 40% of monthly attacks without fresh tactical detail.

Akira DragonForce Qilin RansomHub Akira Qilin RansomHub

Social Engineering

Storm-2755 Poisoned Search Results Campaign (Related Coverage)

Storm-2755 uses poisoned search results to deliver credential-stealing malware to employee targets.

Storm-2755 Responder

Intelligence

Contagious Interview Social Engineering Campaign Continues Expanding

Contagious Interview social engineering campaign expands scope with ongoing targeting activity.

Contagious Interview

Geopolitical

APT28 Global Espionage Campaign General Coverage

Coverage of ongoing APT28 global threat activity with generic attribution details.

APT28

Cloud

Kyverno Kubernetes Policy Engine SSRF (EPSS 0.0002)

Kubernetes policy engine Kyverno contains SSRF vulnerability with negligible exploitation likelihood (EPSS 0.0002).

CVE-2026-4789

Cloud

Apache Tomcat Exposes Kubernetes Bearer Tokens in Clustering Logs

Apache Tomcat vulnerability exposes Kubernetes bearer tokens in clustering component logs with minimal exploitation risk.

CVE-2026-34487

Supply Chain

Grype Vulnerability Scanner Supply Chain Reliability Analysis

Analysis questions supply-chain reliability of Grype vulnerability scanner as potential single point of failure.