The Indicator — Weekly Threat Intelligence

Weekly Threat Intel
April 27–May 3, 2026

Published May 3, 2026 | Based on 28 IOC reports | TLP: CLEAR
28 Reports analyzed
2,100+ IOCs extracted
3 Major UK retail victims
$577M DPRK crypto theft YTD
4 Supply-chain incidents
Key Takeaways for Security Professionals
  • Audit what privileged access your outsourced helpdesk or MSP has into your environment — and add out-of-band verification for every privileged action they execute. The M&S, Co-op, and Harrods intrusions all entered through outsourced IT helpdesks, not the target organizations. Implement callback verification (manager confirm, badge number lookup) before any helpdesk-initiated password reset or access grant, and review whether your MSP’s access is scoped to least-privilege or broadly inherited from an administrative trust.
  • Add network-layer detection for unexpected outbound API calls to commercial LLM providers from endpoints with no business justification. APT28’s LAMEHUG and PROMPTSTEAL malware make live API calls to Alibaba Cloud’s Qwen and Google Gemini at runtime to generate attack commands — keeping the malware binary itself minimal and signature-resistant. An endpoint that isn’t running an AI development workflow has no reason to make authenticated API calls to these services.
  • If anyone installed SAP CAP or cloud MT npm packages on April 29 between 09:55–12:14 UTC, rotate GitHub tokens, cloud credentials, and AI platform API keys immediately. Check your GitHub audit log for new repository creation events on that date under the affected user’s account — that’s the exfiltration artifact. Assume the entire developer workstation is compromised and follow a full credential rotation runbook.
  • Patch cPanel now (upgrade to 12.6+), and treat any cPanel/WHM server running versions 12.5.0.2421–12.5.0.2434 or the pre-April-28 release as potentially compromised. CVE-2026-41940 was exploited for 64 days before the patch; Censys found ~9,000 hosts already showing compromise indicators. Presence of .sorry extension files in open directories is the strongest available post-exploitation indicator.
  • If you run Gladinet CentreStack, treat CVE-2025-30406 as an emergency patch — Clop is actively scanning and exfiltrating from unpatched instances. Patch to version 16.4.10315.56368 or later. Also apply CVE-2025-11371 and CVE-2025-14611 fixes in the same maintenance window; Clop is chaining all three.
  • Audit exposed Docker API ports, Kubernetes API servers, and Redis/MongoDB instances for unauthorized access, and rotate AI platform API keys for any cloud-adjacent systems. PCPJack exploits five CVEs to spread worm-like across cloud infrastructure and specifically targets Anthropic and OpenAI API keys. Restricting cloud metadata server access to known workloads and enabling API key access logs will surface unauthorized usage before the billing alert does.
  • If any developer installed DAEMON Tools between April 8 and May 4, treat that endpoint as potentially compromised and begin forensic investigation. Trojanized versions 12.5.0.2421–12.5.0.2434 were distributed from the official website with valid code-signing certificates; endpoint agents that verify signatures would not have flagged the installation.
Contents
  1. UK Retail Collapse: DragonForce Cartel Hits M&S, Co-op, and Harrods
  2. Nation-State: APT28 AI Malware, DPRK’s $577M Crypto Year, Silver Dragon
  3. Supply Chain: TeamPCP SAP npm Poisoning, PCPJack Cloud Worm, DAEMON Tools
  4. Vulnerabilities: cPanel Zero-Day, Clop/CentreStack, April Patch Tuesday
  5. Phishing & Fraud: Code of Conduct AiTM, AccountDumpling, MuddyWater Chaos
  6. Also This Week
Three headlines fought for the top slot this week. Marks & Spencer announced it expects a £300M loss from a DragonForce ransomware attack that began with social engineering against its outsourced helpdesk and escalated to seven weeks of disrupted online orders. CERT-UA disclosed that APT28 has deployed LAMEHUG and PROMPTSTEAL — the first confirmed state-sponsored malware that queries a commercial large language model at runtime to generate attack commands. And Lazarus Group completed a two-act April crypto heist totaling $577M, cementing DPRK’s position as the dominant force in 2026’s crypto theft ecosystem. The supply-chain story continued in parallel, with TeamPCP poisoning four official SAP npm packages and PCPJack spreading worm-like through cloud infrastructure to specifically harvest AI platform API keys.
01 — TOP STORY

UK Retail Collapse: DragonForce Cartel Hits M&S, Co-op, and Harrods

Three of the UK’s most recognizable retail brands were simultaneously targeted by DragonForce-affiliated attackers in the most operationally impactful ransomware campaign against the UK private sector since WannaCry. The common thread across all three intrusions: social engineering against outsourced IT helpdesk staff, not the target organizations directly.

Ransomware — DragonForce

Marks & Spencer: £300M Loss, Seven Weeks of Disrupted Orders

M&S suffered the most severe impact. Attackers compromised Tata Consultancy Services (TCS), M&S’s outsourced IT helpdesk provider, by impersonating internal IT staff to obtain credentials and password resets — the Scattered Spider social-engineering playbook that drove last month’s SLH coverage. Once inside the TCS environment, the attackers laterally moved into M&S’s network, staged DragonForce ransomware encryptors, and triggered the deployment at a time calculated for maximum impact. M&S paused all online clothing and home orders; contactless payments and click-and-collect services were disrupted across hundreds of stores. Customer data was confirmed stolen, triggering mandatory password resets for the retailer’s 37 million UK loyalty customers. M&S’s CFO confirmed in an investor call that the company projects the cyberattack will cost approximately £300M ($402M) in direct remediation, lost revenue, and customer compensation. Four individuals were arrested by UK authorities in connection with the attacks, though no formal charges have been announced.

Significant impact · DragonForce encryptors, MSP helpdesk as initial access vector
Ransomware — DragonForce

Co-op and Harrods: Preemptive Shutdowns Limit Damage

Co-op detected intrusion activity consistent with the M&S attack pattern and proactively shut down significant portions of its IT systems before encryptors could deploy — the correct call, though it came with its own operational disruption to membership and loyalty services. Harrods took a similar approach, restricting external internet access across its estate after identifying reconnaissance activity. Neither suffered the same degree of customer-visible disruption as M&S, though both confirmed that attackers had achieved at least initial network access. UK’s NCSC issued private sector guidance on the Scattered Spider / DragonForce helpdesk-impersonation playbook for retail and hospitality sectors.

Preemptive containment · Same DragonForce affiliate cluster across all three targets
RaaS Context

DragonForce Cartel: The LockBit / Qilin Axis

DragonForce formalized a cartel arrangement with LockBit 5.0 and Qilin in fall 2025, sharing techniques, affiliate referrals, and infrastructure. The cartel framing reflects a broader maturation trend: DragonForce functions less as a single RaaS brand and more as a shared services platform for affiliates who bring their own access and need encryptors, negotiation support, and leak infrastructure on demand. Qilin dethroned Akira as the most active ransomware group in April after Akira held the top spot every month since July 2025; daily leak-site tracking showed peak days with 49–58 victims posted across all active groups.

Cartel context · DragonForce + LockBit 5.0 + Qilin shared infrastructure
Ransomware — Healthcare

ChipSoft Disrupts 80% of Dutch Hospital Records

Dutch healthcare software vendor ChipSoft — whose HiX 365 cloud platform serves approximately 80% of all Dutch hospitals — suffered a ransomware attack on April 7–8. Eleven hospitals temporarily disconnected ChipSoft software, reverting to paper-based workflows for clinical documentation. Patient data including records from Rotterdam Eye Hospital, family doctor networks, and rehabilitation clinics was confirmed stolen. No ransomware group claimed responsibility publicly, suggesting either ongoing negotiations or a deliberate choice to avoid the attribution that follows healthcare attacks in Europe. The incident underlines the disproportionate impact when a single SaaS vendor concentrates a critical national healthcare dependency.

High impact · Single-vendor SaaS concentration risk in healthcare infrastructure

Why this matters: The M&S attack chain — social engineer the MSP helpdesk → establish foothold in outsourced environment → pivot to the target → deploy encryptors — is identical to the Scattered Spider / SLH playbook from the previous two weeks. The defenders closest to the action (TCS helpdesk) had no visibility into M&S’s internal network; M&S’s internal team had no visibility into what was happening inside TCS. Two questions to answer this week: (1) What privileged access does your outsourced helpdesk or MSP have into your environment, and what does your identity and access management policy say should be revoked when that third party is breached? (2) Is your helpdesk trained to verify caller identity via out-of-band channels (manager callback, badge number lookup) before executing any privileged action like a password reset?

02 — NATION-STATE ACTIVITY

APT28 AI Malware, DPRK’s $577M Crypto Year, Silver Dragon

Nation-state activity reached a qualitative milestone this week: confirmed deployment of malware that queries commercial large language model APIs as an operational capability, not as a research curiosity. Meanwhile, DPRK completed a two-heist April that makes every month since look modest.

Russia — APT28

LAMEHUG & PROMPTSTEAL: First Confirmed LLM-Querying State Malware

Ukraine’s Computer Emergency Response Team (CERT-UA) documented two new APT28 tools deployed against Ukrainian government targets. LAMEHUG queries Alibaba Cloud’s Qwen 2.5-Coder-32B large language model at runtime to auto-generate Windows reconnaissance and document-collection commands tailored to the victim’s environment. This is not a model running locally — LAMEHUG makes live API calls to Alibaba Cloud during the attack, offloading command generation to an external AI service and keeping the malware’s own logic minimal. PROMPTSTEAL uses the same architectural approach, querying external LLM APIs to generate one-line Windows commands for targeted document theft. Mandiant’s M-Trends 2026 separately documented PROMPTFLUX, a VBScript dropper attributed to APT28 that queries the Gemini API to rewrite its own source code mid-execution, generating novel variants in real time to defeat signature-based detection. APT28’s FrostArmada DNS hijacking campaign was disrupted by an FBI court-authorized operation in early April, with the IC3 advisory confirming the botnet’s peak of 18,000+ infected SOHO routers across 120 countries; M365 credential interception via adversary-in-the-middle router DNS rewriting affected 200+ organizations.

189 IOCs (FrostArmada) · LAMEHUG/PROMPTSTEAL: new tooling category, LLM API calls as evasion
DPRK — Lazarus / TraderTraitor

KelpDAO Bridge Hack: $292M in 12 Minutes via Forged Cross-Chain Messages

Lazarus Group’s TraderTraitor sub-cluster executed the KelpDAO bridge hack on April 18, completing a two-act April that totaled $577M in DPRK-attributed crypto theft. Attackers compromised two of the RPC nodes used by LayerZero’s verifier to confirm cross-chain transactions, then forged a cross-chain message draining approximately 116,500 rsETH from KelpDAO’s LayerZero bridging adapter. Stolen tokens were used as fake collateral on Aave to drain real ETH; nine DeFi protocols were affected and Aave’s TVL dropped by $10 billion. Chainalysis matched the mixer usage and fund-dispersal fingerprint to Lazarus within 72 hours. Combined with the Drift Protocol hack ($285M, attributed to UNC4736 / Citrine Sleet) earlier in April, DPRK-attributed theft accounts for 76% of all 2026 crypto hack losses through April ($577M of $759M total). Microsoft separately documented BlueNoroff targeting macOS finance professionals with fake Zoom SDK update lures delivering the icloudz backdoor, which loads payloads into memory via Apple’s NSCreateObjectFileImageFromMemory API.

245+ IOCs (combined April DPRK) · LayerZero RPC compromise, cross-chain forgery, $577M 2026 total
China — APT41

Silver Dragon: Google Drive as C2 Against Southeast Asian Governments

Check Point Research published detailed findings on Silver Dragon, an APT41 sub-cluster active since mid-2024 and ongoing through this reporting period. The campaign targets government entities in Southeast Asia and parts of Europe, with initial access via exploitation of internet-facing Microsoft Exchange and IIS servers. Post-compromise tooling centers on GearDoor, a custom backdoor that uses Google Drive as C2 — infected systems upload periodic heartbeat data to dedicated Drive folders and receive commands via the same channel, blending exfiltration into legitimate cloud traffic that most enterprise proxies implicitly permit. Supporting tools include SSHcmd for lateral movement, SilverScreen for periodic screenshot capture, and Cobalt Strike as the final-stage payload. Tropic Trooper (APT23) continued a parallel campaign against Taiwan, South Korea, and Japan using a trojanized SumatraPDF reader to sideload a custom AdaptixC2 beacon with GitHub-hosted C2 infrastructure.

80+ IOCs (Silver Dragon) · Google Drive C2, GearDoor, Southeast Asian government targeting
Iran — MuddyWater

Chaos Ransomware Masquerade Hits U.S. Organizations

Iran-linked MuddyWater (Mango Sandstorm / Mercury) continued a campaign that began in February 2026, conducting espionage disguised as a Chaos ransomware intrusion to complicate attribution and incident response. Targets included a U.S. bank, a regional airport, nonprofits, and a defense/aerospace software supplier with Israeli operations. Attackers leveraged Microsoft Teams screen-sharing sessions to steal credentials and manipulate MFA tokens — a vishing variant that bypasses phone-based controls. Two previously undocumented backdoors were deployed: Dindoor (built on the Deno JavaScript runtime for cross-platform execution) and Fakeset (Python-based), both signed with certificates issued to “Amy Cherne.” Data was exfiltrated via Rclone to Wasabi cloud storage, another legitimate-service-as-exfil technique. Iranian-affiliated actors also ran large-scale password spraying against Israeli municipalities and UAE M365 tenants from commercial VPN infrastructure in ASN AS35758.

35 IOCs · Dindoor + Fakeset backdoors, Teams-based vishing, Wasabi exfil

The LLM-as-malware-component pattern: LAMEHUG, PROMPTSTEAL, and PROMPTFLUX represent a new class of threat: malware that externalizes its intelligence to commercial AI APIs, keeping the compiled binary minimal and evasion-resistant while gaining dynamic command generation on demand. The defensive implication is uncomfortable — the malware’s own code may be entirely clean from a signature perspective; what matters is detecting the runtime LLM API call. Network-layer behavioral analytics that flag unexpected outbound API calls to Alibaba Cloud, Google Gemini, or OpenAI from endpoints that have no business reason to make them are now a detection priority. Mandiant’s M-Trends 2026 finding that 28.3% of CVEs are now exploited within 24 hours of disclosure (enabled partly by AI-assisted exploit generation) reinforces that AI has crossed from theoretical threat-amplifier to documented operational reality.

03 — SUPPLY CHAIN

TeamPCP SAP npm Poisoning, PCPJack Cloud Worm, DAEMON Tools

Three distinct supply chain operations hit this week, covering the npm registry, cloud infrastructure, and desktop software distribution. The common thread: the compromised artifact is something the defender actively installed and trusts.

npm — SAP

Mini Shai-Hulud: TeamPCP Poisons Four Official SAP npm Packages

On April 29, 2026, between 09:55 and 12:14 UTC, threat actor TeamPCP published poisoned versions of four official SAP CAP and cloud MT npm packages. The campaign — named Mini Shai-Hulud by Socket researchers — injected preinstall scripts that harvested GitHub and npm tokens, GitHub Actions secrets, AWS/Azure/GCP/Kubernetes credentials, and AI platform API keys from Anthropic, OpenAI, Grafana Cloud, HashiCorp Vault, and OnePassword. Stolen data was AES-encrypted and exfiltrated to public GitHub repositories created under the victim’s own account with the description “A Mini Shai-Hulud has Appeared,” meaning the exfiltration looks like the victim’s own commit history. The same attack wave hit PyTorch Lightning on PyPI, intercom-client on npm, and intercom-php on Packagist. TeamPCP links to prior campaigns against Trivy, Checkmarx KICS, LiteLLM, Bitwarden CLI, and Telnyx.

45 IOCs · 4 SAP packages, preinstall exfil scripts, GitHub repo exfil channel
Cloud Worm

PCPJack: Five CVEs, Worm Propagation, AI API Key Harvest

SentinelOne Labs documented PCPJack, a credential-stealing cloud worm that exploits five CVEs (CVE-2025-55182, CVE-2025-29927, CVE-2026-1357, CVE-2025-9501, and CVE-2025-48703) to spread across exposed Docker, Kubernetes, Redis, and MongoDB infrastructure. PCPJack actively evicts competing TeamPCP malware from compromised hosts before installing itself — an adversarial ecosystem dynamic that provides a useful detection signal. C2 operates via Telegram. Credentials targeted span 15+ platforms including Anthropic and OpenAI API keys, DigitalOcean, Discord, Google API, Grafana Cloud, HashiCorp Vault, and OnePassword. The focus on AI platform credentials is deliberate: stolen API keys enable high-volume LLM abuse at the victim’s expense, or can be resold to other actors running AI-powered operations.

62 IOCs · 5 CVEs, worm propagation, AI API key targeting, Telegram C2
Desktop — Installer

DAEMON Tools Supply Chain: 100+ Countries, Signed Malicious Installers

Kaspersky disclosed a sophisticated supply chain attack on DAEMON Tools (disk image virtualization software) affecting versions 12.5.0.2421 through 12.5.0.2434, trojanized from April 8 onward. The malicious installers were distributed from the official DAEMON Tools website and signed with legitimate developer certificates — meaning endpoint agents that validate code signatures saw nothing to flag. Infections spanned 100+ countries with highest concentrations in Russia, Brazil, Turkey, Spain, Germany, France, Italy, and China. Attackers selectively delivered second-stage payloads only to a subset of victims in retail, scientific, government, and manufacturing organizations — a selective staging approach consistent with nation-state or high-value-targeting financially motivated operations. DAEMON Tools released clean version 12.6 on May 5. Any organization that installed DAEMON Tools between April 8 and May 5 should treat the affected endpoints as potentially compromised.

40+ IOCs · Signed trojanized installers, selective second-stage staging, 100+ countries

Operational priority: If anyone in your organization installed npm packages from SAP’s CAP or cloud MT packages between 09:55 and 12:14 UTC on April 29, treat the machine as compromised and follow a full credential rotation runbook covering GitHub tokens, cloud provider credentials, and any AI platform API keys. The exfiltration going to a GitHub repo under the victim’s own account means your GitHub audit log is the fastest place to look for the artifact: search for new repository creation events on April 29. For DAEMON Tools, version 12.6 is the first clean release; assume any installation from April 8–May 4 is potentially affected.

04 — VULNERABILITIES & ACTIVE EXPLOITATION

cPanel Zero-Day, Clop/CentreStack, and April Patch Tuesday

CVE Product Impact Status
CVE-2026-41940 cPanel & WHM CRLF injection in login/session loading allows unauthenticated attackers to write arbitrary session files achieving root-level admin control. Exploited as a zero-day for 64 days before the April 28 emergency patch. Censys found 8,859 hosts with .sorry extension files indicating "Sorry" ransomware deployment. Estimated exposure: 1.5 million servers. watchTowr published PoC April 29. Patch immediately — CISA KEV
CVE-2025-30406 Gladinet CentreStack Deserialization via hardcoded machineKey enables unauthenticated RCE. Clop ransomware launched new extortion campaign targeting 12,694 internet-exposed CentreStack file server instances. Clop also chained CVE-2025-11371 (local file inclusion) and CVE-2025-14611 (insecure cryptography). Active Clop campaign
CVE-2026-32201 SharePoint Server Spoofing via improper input validation — actively exploited in the wild as a zero-day before the April 14 Patch Tuesday fix. Actively exploited
CVE-2026-33824 Windows IKE Service Extensions Critical unauthenticated RCE via double free (CVSS 9.8) — highest severity in April Patch Tuesday’s 167-flaw cycle. Patch now
CVE-2026-26268 Cursor IDE RCE in the AI coding environment via malicious Git repositories. High-risk for developer workstations running Cursor with automatic repository opening. Active exploitation
CVE-2026-33626 LMDeploy LLM Inference Engine Critical flaw in AI/ML infrastructure; exploited within 12 hours of public disclosure — fastest time-to-exploit observed this week. Rapid exploitation
CVE-2026-20122 / 20128 / 20133 Cisco Catalyst SD-WAN Manager Privilege escalation, file overwrite, authentication bypass. CISA KEV added April 20–21; federal patch deadline was April 23. CISA KEV
OT / ICS — Iran

ZionSiphon: ICS Sabotage Malware Targeting Israeli Water Infrastructure

Darktrace and PolySwarm disclosed ZionSiphon, malware specifically designed to target ICS/OT systems at Israeli water treatment and desalination facilities — including Mekorot national water carrier and plants at Sorek, Hadera, Ashdod, Palmachim, and the Shafdan complex. Sabotage configuration entries include Chlorine_Dose=10, Chlorine_Pump=ON, and RO_Pressure=80 appended to SCADA configuration files. An XOR key mismatch in the current sample renders it non-functional, but incomplete DNP3 and S7comm protocol implementations indicate active development. First detected on VirusTotal in June 2025 and attributed with medium confidence to Iranian-nexus actors. The functional impact if deployed against operational systems would be public health consequences, not data theft.

18 IOCs · ICS sabotage payloads, incomplete DNP3/S7comm implementation
Ransomware-as-Wiper

VECT 2.0: A Ransomware That Permanently Destroys Files

Check Point Research disclosed a critical flaw in VECT 2.0’s encryption implementation: a ChaCha20 IETF nonce-reuse bug means any file larger than 131KB is mathematically irrecoverable even if the victim pays and receives the decryption key. First observed in December 2025 and updated to v2.0 in February 2026, VECT targets Windows, Linux, and ESXi. Two confirmed victims were posted to the group’s leak site, both compromised via the TeamPCP supply chain attack chain. The nonce-reuse bug transforms what attackers intended as ransomware into an effective wiper — organizations that paid would receive functionally useless decryption keys for their largest files. The group has not publicly acknowledged the flaw.

25 IOCs · ChaCha20 nonce-reuse, mathematically irrecoverable files >131KB
05 — PHISHING & FRAUD

Code of Conduct AiTM, AccountDumpling, Itron Breach

AiTM — Microsoft 365

Microsoft “Code of Conduct” Campaign: 35,000 Users, 13,000 Organizations

Microsoft Threat Intelligence detailed a multi-stage credential theft campaign targeting 35,000+ users across 13,000+ organizations in 26 countries, with 92% of victims U.S.-based. Sector breakdown: healthcare/life sciences (19%), financial services (18%), professional services (11%), tech/software (11%). The attack chain: PDF attachment with filename like “Disciplinary Action – Employee Device Handling Case.pdf” or “Awareness Case Log File – Tuesday 14th, April 2026.pdf” → “Review Case Materials” link → adversary-in-the-middle phishing page that harvests Microsoft credentials and session tokens in real time, bypassing MFA. The PDF-as-lure-layer technique is designed to defeat link-scanner tools that only process URLs, not documents. Healthcare and financial services should treat unexplained PDF attachments from unknown senders as high-risk during this window.

55 IOCs · AiTM kit, PDF-wrapped lure, M365 session token harvest
Social Fraud

AccountDumpling: 30,000+ Facebook Accounts Hijacked

Researchers documented AccountDumpling, a large-scale credential theft operation attributed with medium confidence to Vietnam-based attackers that hijacked 30,000+ Facebook accounts through phishing infrastructure that precisely mimicked Facebook’s password recovery and account-review flows. Compromised accounts were used to amplify scam content and distribute further phishing links to victims’ contact lists, creating an organic amplification loop. Meta’s abuse-detection systems were subverted by distributing the phishing traffic across many newly registered domains with short TTLs.

38 IOCs · 30,000+ hijacked accounts, Vietnam-attributed, Facebook impersonation
Critical Infrastructure Breach

Itron: Utility Meter Giant Breached, 7,700 Client Network Exposed

Itron — technology provider for energy grids managing 110 million homes and businesses via contracts with 7,700+ utility providers in 100 countries — disclosed an intrusion of its corporate IT network via an SEC 8-K filing on April 24. Initial intrusion detected April 13; attackers remained undetected for approximately 12 days. Itron confirmed no operational technology or customer-hosted systems were impacted, though an investigation into the full scope of data accessed remains ongoing. No ransomware group has claimed the breach. The combination of supply-chain-level utility market reach and operational technology adjacency makes this a high-watch incident for critical infrastructure teams, regardless of Itron’s stated scope containment.

High watch · 110M endpoint exposure, no OT impact confirmed but investigation ongoing
AI Threat

Bluekit PhaaS: AI-Assisted Phishing with GPT-4.1, Claude, Gemini Integration

Security researchers documented Bluekit, a phishing-as-a-service platform offering 40+ lure templates and native AI integration for automated lure customization. Subscribers can specify target industry, geography, and urgency level; the platform uses integrated GPT-4.1, Claude, Gemini, Llama, and DeepSeek APIs to generate contextually tailored phishing content with native language support. The automation dramatically lowers the skill floor for targeted phishing campaigns and reduces the per-target cost to near zero. Bluekit represents the commoditization endpoint of the AI-assisted social engineering trend: what required a skilled English-speaking attacker a week ago now requires clicking through a UI.

28 IOCs · Bluekit PhaaS, multi-LLM integration, 40+ templates
06 — ALSO THIS WEEK

Also Worth Tracking

Ukraine — UAC-0247

AgingFly: Chromium Credential Theft Without Admin Rights

CERT-UA documented AgingFly, a C# infostealer/RAT targeting Ukrainian government agencies, hospitals, and emergency services via humanitarian-aid-themed phishing lures. The tool uses ChromElevator (an open-source utility) to decrypt Chromium browser credentials without administrator rights, and ZAPiDESK to extract WhatsApp database files. C2 operates via WebSockets. The humanitarian lure targeting healthcare and emergency services during an active conflict context is consistent with the psychological targeting approach documented in prior CERT-UA reporting.

30 IOCs · ChromElevator for no-admin Chromium decryption, humanitarian lures
Android

KYCShadow & NGate Variant: Banking Malware Exploiting KYC Flows

Two new Android banking malware variants were documented this week. KYCShadow exploits fake Know-Your-Customer verification flows to harvest identity documents, banking credentials, and live camera feeds. A new NGate variant distributed via trojanized NFC payment apps captures payment card data and proxies it for fraudulent contactless transactions in real time — the same NFC relay technique as the original NGate but with updated distribution and obfuscation to evade Play Protect signatures.

22 IOCs · KYCShadow + NGate NFC relay variant

Analyst Assessment: April 27–May 3 in Context

The MSP / outsourced helpdesk is the new SaaS OAuth grant. Just as last week’s top story was the 22-month Vercel breach originating at a vendor’s employee with broad OAuth permissions, this week’s dominant story is a £300M attack that began at M&S’s outsourced helpdesk. In both cases, the target’s own security posture was irrelevant; the attack entered through a third party with trusted access. The pattern will repeat. The structural question is how your identity and access management framework handles “break glass” and privileged actions executed by third parties on your behalf — and what out-of-band verification exists to prevent social engineering from abusing that trust.

The AI-in-malware story crossed from hypothesis to evidence. LAMEHUG and PROMPTSTEAL are not proof-of-concept research — they are documented APT28 tools deployed against Ukrainian targets. The architectural pattern (LLM API call at runtime to generate commands) is evasion-oriented and extensible. Detection must shift toward runtime behavioral anomalies: unexpected outbound API calls to AI providers from endpoints with no business justification. Network-layer allow-listing of AI API endpoints is now a relevant control surface, not just a cost management issue.

DPRK’s $577M 2026 total should recalibrate your Web3 threat model. The KelpDAO and Drift heists required months of advance work (social engineering, RPC node compromise, cross-chain forgery) and executed with precision. Organizations with any exposure to DeFi, L2 bridges, or RPC infrastructure should assume DPRK actors have been in pre-positioning mode against targets they haven’t yet struck.

What to do this week: (1) Audit privileged access your MSP or outsourced helpdesk has into your environment; implement out-of-band callback verification for all password reset and access-granting actions. (2) If anyone installed SAP CAP or cloud MT npm packages on April 29 between 09:55–12:14 UTC, rotate GitHub tokens, cloud credentials, and AI API keys immediately. (3) Patch cPanel (12.6+ or equivalent), SharePoint (April Patch Tuesday), and Cursor IDE for CVE-2026-26268. (4) Block DAEMON Tools versions 12.5.0.2421–12.5.0.2434 from executing and treat any installations from April 8–May 4 as potentially compromised.

Sources

  1. Infosecurity MagazineInside DragonForce, the Group Tied to M&S, Co-op and Harrods Hacks
  2. Dark ReadingMarks & Spencer Projects Cyberattack Cost of $400M
  3. BleepingComputerFour Arrested in UK Over M&S, Co-op, Harrods Cyberattacks
  4. The RecordDutch Hospitals Face Disruptions After Ransomware Attack on ChipSoft
  5. LogPointAPT28’s New Arsenal: LAMEHUG — The First AI-Powered Malware
  6. Infosecurity MagazineAI-Enabled Malware Now Actively Deployed
  7. IC3 (FBI)PSA260407: Russian GRU Exploiting Vulnerable Routers for DNS Hijacking
  8. BleepingComputerKelpDAO Suffers $290 Million Heist Tied to Lazarus Hackers
  9. ChainalysisInside the KelpDAO Bridge Exploit
  10. The Hacker News$285 Million Drift Hack Traced to Six-Month DPRK Social Engineering Operation
  11. Check Point ResearchSilver Dragon: China-Nexus Cyber Espionage Targeting Southeast Asia and Europe
  12. SecurityWeekIranian APT Intrusion Masquerades as Chaos Ransomware Attack
  13. SecurityWeekZionSiphon Malware Targets ICS in Water Facilities
  14. The Hacker NewsSAP npm Packages Compromised in Mini Shai-Hulud Supply Chain Attack
  15. Socket.devTeamPCP-Linked Supply Chain Attack Hits SAP CAP and Cloud MT
  16. SentinelOnePCPJack: Cloud Worm Evicts TeamPCP and Steals Credentials at Scale
  17. The Hacker NewsPCPJack Credential Stealer Exploits 5 CVEs
  18. The RecordHackers Compromise DAEMON Tools in Global Supply Chain Attack
  19. Help Net SecuritycPanel Zero-Day Exploited for Months Before Patch Release (CVE-2026-41940)
  20. HuntressCVE-2025-30406: Critical Gladinet CentreStack Vulnerability Exploited in the Wild
  21. BleepingComputerClop Ransomware Targets Gladinet CentreStack Servers for Extortion
  22. BleepingComputerMicrosoft April 2026 Patch Tuesday Fixes 167 Flaws, 2 Zero-Days
  23. The Hacker NewsCISA Adds 8 Exploited Flaws to KEV, Sets April–May 2026 Federal Deadlines
  24. Microsoft Security BlogBreaking the Code: Multi-Stage “Code of Conduct” Phishing Campaign Leads to AiTM Token Compromise
  25. Check Point ResearchVECT: Ransomware by Design, Wiper by Accident
  26. BleepingComputerNew AgingFly Malware Used in Attacks on Ukraine Government, Hospitals
  27. TechCrunchCritical Infrastructure Giant Itron Says It Was Hacked
  28. Mandiant (Google Cloud)M-Trends 2026: 28.3% of CVEs Exploited Within 24 Hours of Disclosure

This post was generated with Claude by Anthropic, based on source reporting from the publications listed above and analysis of 28 IOC submissions to iocget.com between April 27–May 3, 2026.

The Indicator — iocget.com · Reports spanning April 27–May 3, 2026 · All IOCs TLP:CLEAR