CTO at NCSC Summary: week ending September 14th
We can all identify what good looks like, the finesse is how we also devise and articulate the practical path between where we are today and the new sunny uplands we aspire to reach…
Welcome to the weekly highlights and analysis of the blueteamsec Lemmy (and my wider reading). Not everything makes it in, but the best bits do.
Operationally obviously events in the UK continue to drive the tempo..
In the high-level this week:
Cyber resilience matters as much as cyber defence - NCSC UK publish - “In recent months, we’ve seen incidents against major UK retailers and manufacturers causing serious disruption to supply chains and services. These examples remind me why medium and large organisations must plan not only their defences, but also their recovery.”
For the last few months we have been working on further technical guidance of what works in practice to reduce the impact and enable speedy recovery from destructive events - which we are looking to publish in the winter.
It's taken three years to recover from China hack, election watchdog says - BBC reports - “The UK's elections watchdog says it's taken three years and at least a quarter of a million pounds to fully recover from a hack that saw the private details of 40m voters accessed by Chinese cyber spies.”
MoD puts £182m towards ‘cyber sixth forms’ to boost defence - The Telegraph reports - “Teenagers will be able to learn about cyber warfare in sixth form as part of a £182 million government funding package to boost defence recruitment.
Five new “technical excellence colleges” focused on defence are set to open across the country next year to develop the skills needed to ensure national security.” - as a big advocate for vocational training this will only enable more diversity into the sector..
Encouraging New Thinking on Offensive Cyber Operations - RUSI Think Tanks - “Today RUSI and the UK’s National Cyber Force (NCF) are launching a new initiative to develop a UK community of interest on the subject of offensive cyber operations. The UK Cyber Effects Network is particularly aimed at early career professionals with a view to encouraging new thinking on the theory and practice of offensive cyber.”
Microsoft cloud services disrupted by Red Sea cable cuts - BBC reports - “Users of Azure - one of the world's leading cloud computing platforms - would experience delays because of problems with internet traffic moving through the Middle East, the company said.”
KazMunaiGas denies attack by Russian hackers - Orda reports - " In May 2025, KMG organized and conducted a planned internal event to check, evaluate and improve the level of awareness of employees in matters of information security. Particular attention was paid to the analysis of the efficiency and correctness of the response to threats by the Operational Information Security Center and the Operational Information Security Management Center of KMG ," the national company explained.
A Playbook for Winning the Cyber War - Center for Strategic & International Studies outlines a seven part series - “The final chapter lays out a practical playbook for policymakers to get from today’s gaps to tomorrow’s strength. It urges stronger defenses at home and provides a roadmap for fully integrating cyber operations. The United States needs urgency, clarity, and resolve, so it can regain the upper hand in a domain where it cannot afford to lose.”
Tallinn Mechanism Endorses Four SSSCIP Cybersecurity Projects - The State Cyber Protection Centre of the State Service of Special Communications and Information Protection of Ukraine announces - “The Tallinn Mechanism is an international initiative launched in 2023 by Ukraine's international partners to coordinate and promote the development of Ukraine's civilian cyber capabilities. Its objective is to ensure Ukraine's right to self-defence in cyberspace and to address its long-term cyber resilience needs.”
New Civil Liberties Alliance -vs- Securities Exchange Commission - The United States District Court for the District of Columbia publishes - A consulting report not prepared solely for litigation was found to be protected as an attorney work-product by the court.
Data Act: Data sharing and competitiveness - European Parliament Think Tank publishes - “The EU's data economy is projected to reach €630 billion this year, accounting for 4.7 % of the EU's GDP. Forecasts suggest it will range between €743 billion and €908 billion by 2030.”
Reporting on/from China
Warning about data transfer to and remote administration from China - National Cyber and Information Security Agency Czechia publish - “of cyber security threat consisting of
the transfer of system and user data to the People's Republic of China, to the territories of People's Republic of China´s Special Administrative Regions or to entities based in the territories of the People's Republic of China or its Special Administrative Regions, and
the remote administration of technical assets carried out from the territories of the People's Republic of China, People's Republic of China´s Special Administrative Regions or by entities based in the territories of the People's Republic of China or its Special Administrative Regions.”
From Vietnam to Volt Typhoon: How the PRC Refined Grey Zone Cyber Tactics before Targeting the West - Christopher Braccia analyses - “The analysis reveals striking parallels between earlier campaigns targeting critical infrastructure sectors across Vietnam and other ASEAN Nations, and later operations conducted against Western targets. This evidence suggests a deliberate strategy of capability refinement, leveraging the diverse technical environments and varying cybersecurity maturity levels across ASEAN to test and perfect techniques before deployment against higher-value, better-defended Western targets.”
"Fox In The Henhouse” How China Weaponized America's Open Research System - US Select Committee on the CCP publishes - “Balancing academic freedom and open science with national security interests is important. However, unlike in democratic societies—where the norms of scientific openness are grounded in reciprocal trust, transparency, and research integrity— PRC institutions operate under a state-directed research model that is deeply politicized and subordinate to national strategic objectives, including military and economic priorities.”
The Internet Coup: A Technical Analysis on How a Chinese Company is Exporting The Great Firewall to Autocratic Regimes - InterSecLab analyses - “Based on analysis of a leak of more than 100,000 Geedge Networks documents that was shared with InterSecLab, this research sheds light on the features and capabilities of Geedge Networks’ systems, which include deep packet inspection, real-time monitoring of mobile subscribers, granular control over internet traffic, as well as censorship rules that can be tailored to each region.”
Anthropic to stop selling AI services to majority Chinese-owned groups - Financial Times reports - “The San Francisco-based developer of Claude AI is trying to limit the ability of Beijing to use its technology to benefit China’s military and intelligence services, according to an Anthropic executive who briefed the Financial Times.”
China's bid to rewrite the internet's DNA - DFRLab at the Atlantic Council alert - “Here’s the big play: China wants to host the World Radiocommunication Conference (WRC)—the once-every-four-years U.N. gathering where governments and industry leaders decide how the world’s airwaves and networks will function. It’s not some obscure tech meetup. The WRC decides the rules for everything from 5G and 6G spectrum to satellite internet, emergency communications, and the future architecture of global connectivity.”
AI
Trusted third-party AI assurance roadmap - Department for Science, Innovation and Technology publishes - “This roadmap is intended as the next step to set us on this path and ensure the widespread adoption of secure and trusted AI across the UK. It sets out our ambitions for the third-party assurance market and the immediate actions that government will take to support this emerging sector. “
Just How Bad Would an AI Bubble Be? - The Atlantic assesses - “The answer has to do with the “capability-reliability gap.” Although AI systems have learned to perform an impressive set of tasks, they struggle to complete those tasks with the consistency and accuracy demanded in real-world settings.”
NodeZero® vs. GOAD: Technical Deep Dive - Naveen Sunkavally details - “In just over 14 minutes, NodeZero completely compromised a complex network environment based on the well-known GOAD cyber range.” - however unclear if it was due to its training set including said well known lab or because of the general capabilities of the model.
more generally you will see relevant AI publications under Discovery, Defence, Vulnerability, Tooling and Techniques and Footnotes sections this week.
Cyber proliferation
Mythical Beasts: Diving into the depths of the global spyware market - Atlantic Council illuminate - “In total, this edition of the Mythical Beasts project 2025 surveys 561 entities across forty-six countries from 1992 to 2024. One hundred and thirty new entities were identified and added to the dataset, of which forty-three are new entities established in 2024.”
Spyware installed on Kenyan filmmakers' phones in police custody - Committee to Protect Journalists - Committee to Protect Journalists alerts - “The Committee to Protect Journalists is gravely alarmed by the installation of spyware on two Kenyan filmmakers’ phones while the devices were in police custody, and calls on authorities to drop a case against them and two other filmmakers and ensure that journalists are not further targeted for surveillance.”
Bounty Hunting
“LockerGoga,” “MegaCortex,” and “Nefilim” Ransomware Administrator Charged with Ransomware Attacks - US Department of Justice announce - “unsealed a superseding indictment charging Volodymyr Viktorovich Tymoshchuk — also known as deadforz, Boba, msfv, and farnetwork — a Ukrainian national, with serving as an administrator in the LockerGoga, MegaCortex, and Nefilim ransomware schemes.”
Market Incentives
Qantas cyber attack: Chief executive punished with $278k pay cut - The New Zealand Herald reports - “In its 2025 annual report, delivered to the Australian Securities Exchange today, the company said chief executive Vanessa Hudson’s pay would be docked. The board said due to the large number of customers involved and the importance of security, it would drop its score for the company’s performance. That rating was used to assess incentives for Hudson and the executive team, which would now be cut by 15%.”
Shifting cyber insurance growth into the next gear - SwissRE recalibrates - “While cyber does continue to prove a compelling business line, with Swiss Re projecting full-year 2025 premium to hit USD 15.6 billion, growth estimates have been revised from 6% to 5% CAGR as from 2023. The ambitious exponential cyber growth forecasts frequently circulated in the industry are unlikely to materialise.”
Reflections this week are on the gap between ‘oversimplification of solution’ and ‘reality of realisation in practice’..
We often hear ‘we need to address root cause’, ‘why don’t you just…’ and the ‘if only they…’ when talking about the solution to our range of collective cyber security challenges.
The reality is whilst it may be obvious what the source of cyber risk stems from and what the answer might be - the lack of incentives, complexity, skills required and level of investment to address systemically or otherwise create headwind in reality.
If we want an example we just need to look at memory safety. We have an enduring source of vulnerability, have numerous solutions which mitigate from hardware, to software to systems. Yet still on the whole the world wrestles over 55 years later from first discovery to deal with this class of vulnerability in a comprehensive manner. The reason for this reality is for a variety of reasons, but broadly is comes down to little incentive to embark on what will be costly endeavour i.e. the return of investment is in actual practice low. Or in a word .. economics.
The reality is for most organisations, who are either building or consuming technology, there are divergent incentives, constraints in resource and time along with other business pressures, be they competitive or otherwise, which limit the response.
Understanding these constraints along with the practicality and practicability of proposed solution are equally important in being credible when we put solutions forward.
We can all identify what good looks like, the finesse is how we also devise and articulate the practical path between where we are today and the new sunny uplands we aspire to reach…
…which in reality will likely be rocky and uneven path with various tradeoffs against the perfect.
Not getting this via email? Subscribe:
Think someone else would benefit? Share:
All attribution is by others and not the UK Government unless specifically stated as such, please see the legal text at the end.
Have a lovely Saturday…
Ollie
Cyber threat intelligence
Who is doing what to whom and how allegedly.
Reporting on Russia
GPUGate Malware: Malicious GitHub Desktop Implants Use Hardware-Specific Decryption, Abuse Google Ads to Target Western Europe
Arctic Wolf Threat Research detail a campaign which has alleged Russian links. The victimology of developers is of note as is the operational and technical tradecraft on show to obtain initial access.
Trusted‑source Illusion: Even when a link seems to point to a reputable platform such as GitHub, the underlying URL can be manipulated to resolve to a counterfeit site.
Ad‑driven Redirection: Paid search and display ads can be weaponized by bad actors to distribute malicious payloads at scale, misleading users who rely on search engines for discovery.
Privilege Escalation: Once the malicious payload is executed by the user, it gains administrative rights, enabling further lateral movement and persistence.
Malware Uniqueness:
The initial installer is a 128 MB MSI file that mimics the legitimate GitHub Desktop installer but contains over 100 dummy executables to inflate size and evade sandbox limits.
The installer employs a GPU‑gated decryption routine: an OpenCL™ kernel derives the AES key only on machines with a real GPU, whose device name is at least ten characters long, causing the payload to remain encrypted in headless analysis environments. (A headless environment is where the front-end or user interface of an application (the “head”) has been decoupled from the back-end services, allowing each to be developed and operated separately.)
The GPU-based decryption mechanism suggests the attackers are targeting systems with specific hardware configurations, potentially focusing on users involved in development, gaming, or cryptocurrency mining activities.
Campaign Goals: We believe the goal of this campaign was to gain initial access to organizations for the purposes of malicious activity such as credential theft, infostealing and ransomware deployment, by misleading IT workers (who often have higher level of network access) into downloading malware while attempting to install GitHub Desktop.
Geography and Industries Targeted: The campaign we observed targeted users in Western Europe, in the Information Technology industry.
Attribution: The threat actors behind this campaign have native Russian language proficiency, as demonstrated by PowerShell script comments written in Russian.
FANCY BEAR GONEPOSTAL – Espionage Tool Provides Backdoor Access to Microsoft Outlook
Marc Messer and Dave Truman provide further reporting on this capability and alleged Russian alignment.
Kroll has observed GONEPOSTAL malware used in an espionage campaign attributed to KTA007 (Fancy Bear, APT28).
The malware consists of a dropper DLL and an obfuscated, password protected VbaProject.OTM file, which houses macros written for Microsoft Outlook.
The malicious macros add backdoor functionality to Outlook, enabling email communication for Command and Control (C2).
Uncovering ALVIVA HOLDING: Links to Russian Shell Companies and Cybercrime
RakeshKrish delves into what they are allege are some of the underpinning enabling infrastructure of cybercrime and links to Russia.
Beginning the investigation with Clop Ransomware, we navigate to the shady practices of a popular hosting provider “ALVIVA HOLDING”, which is a de-facto choice of cyber criminals to build their malicious business Empire.
But these criminals are less-bothered about the service which they rely on is already and indirectly connected to a banned/black-listed organization (ALPHA CONSULTING) which has a Geo-Political ties with the large sharks in the crime industry that includes money laundering, drug trafficking etc as per Pandora Leaks.
This is a detailed investigation on connecting the dots between a Shell Company which is involved in the running of a cyber crime mafia that wreaks havoc on global organizations in the form of Ransomware, DDoS, Infostealer attacks, Bulletproof Hosting etc.
Reporting on China
Chinese Hackers Pretended to Be a Top U.S. Lawmaker During Trade Talks
Joel Schectman reports on this alleged Chinese campaign which occurred during trade talks. The victimology at a time of inter-government events if of note and a reminder than actor interest may ebb and flow.
Several trade groups, law firms and U.S. government agencies had all received an email appearing to be from the committee’s chairman, Rep. John Moolenaar (R., Mich.), asking for input on proposed sanctions with which the legislators were planning to target Beijing.
“Your insights are essential,” the email read, asking the groups to review a draft of the legislation attached to the message. But why had the chairman sent the message from a nongovernment address?
It turned out to be the latest in a series of alleged cyber espionage campaigns linked to Beijing, people familiar with the matter said, timed to potentially deploy spyware against organizations giving input on President Trump’s trade negotiations.
The FBI and the Capitol Police are investigating the Moolenaar emails, and cyber analysts traced the embedded malware to a hacker group known as APT41—believed to be a contractor for Beijing’s Ministry of State Security.
EggStreme Malware: Unpacking a New APT Framework Targeting a Philippine Military Company
Bogdan Zavadovschi details an alleged Chinese operation which is noteworthy due to the targeting of the Philippine military industrial supply base company. The technical tradecraft on show is not however overly unique or special.
A Chinese APT group compromised a Philippine military company using a new, fileless malware framework called EggStreme. This multi-stage toolset achieves persistent, low-profile espionage by injecting malicious code directly into memory and leveraging DLL sideloading to execute payloads. The core component, EggStremeAgent, is a full-featured backdoor that enables extensive system reconnaissance, lateral movement, and data theft via an injected keylogger.
https://www.bitdefender.com/en-us/blog/businessinsights/eggstreme-fileless-malware-cyberattack-apac
Frankenstein Variant of the ToneShell Backdoor Targeting Myanmar
Nicole Fishbein details an evolution in an alleged Chinese implant which is noteworthy due to regional targeting…
ToneShell is a lightweight backdoor tied to the China-nexus group Mustang Panda. Typically delivered via DLL sideloading inside compressed archives with legitimate signed executables and often spread through cloud-hosted lures. Zscaler’s 2025 analysis described updates to its FakeTLS C2 (shifting from TLS 1.2- to 1.3-style headers), use of GUID-based host IDs, a rolling-XOR scheme, and a minimal command set for file staging and interactive shell access. Notably, some of this activity was observed in Myanmar, a region of strategic importance to China. Targeting Myanmar is particularly interesting as it reflects China’s broader geopolitical interests, spanning border security, infrastructure projects, and political developments, and highlights how cyber operations are leveraged to maintain influence in neighboring states.
This blog is a technical analysis of another variant of the backdoor. While this variant does not introduce major new features, it is worth highlighting the anti-analysis techniques it employs and the new indicators that can support threat hunting and detection.
https://intezer.com/blog/frankenstein-variant-of-the-toneshell-backdoor-targeting-myanmar/
Salt Typhoon and UNC4841: New Domains; Urges Defenders to Check Telemetry and Log Data
SilentPush identify 47 domains they allege are associated with Salt Typhoon. Once again such releases highlight the value, due to relative low cost, of keeping DNS resolution logs for an organisation in cold storage for retrospective hunts.
The domains date back several years, with the oldest registration activity occurring in May 2020, further confirming that the 2024 Salt Typhoon attacks were not the first activity carried out by this group.
Our research team discovered a similar Chinese threat actor, UNC4841, known for exploiting a Barracuda vulnerability to gain unauthorized access to networks. UNC4841 shares overlapping technical infrastructure with Salt Typhoon, and appears to have similar government and corporate targeting, raising questions about additional connections between these Chinese APT groups.
https://www.silentpush.com/blog/salt-typhoon-2025/
Reporting on North Korea
Bells Ringing in Dar es Salaam
Chollima Group alleges that some North Korean IT workers are based in Africa. Reminds me of the BBC’s The Mole: Infiltrating North Korea which found North Korea was renting an island in Africa.
Although we originally did not spend much time looking into Lian, we did remember that he claimed to be based out of Dar Es Salaam, Tanzania, worked as a Project Manager at a company called StarMobile Ltd, and said that he went to Yanbian University of Science.
..
This is our second and final part documenting connections to DPRK actors related to Moonstone Sleet's DeTankZone operation. While Tanzania, and Africa more broadly, has not been widely recognized as the hotbed of North Korean activity that it is, we hope that this analysis contributes to better understanding DPRK operations there.
https://chollima-group.io/posts/bells-ringing-in-dar-es-salaam
APT37: Rust Backdoor & Python Loader
Seongsu Park details an alleged North Korean campaign which isn’t overly noteworthy, includes well trodden tradecraft but does evidence their persistence.
APT37 is a North Korean-aligned threat actor active since at least 2012 that primarily targets individuals connected to the North Korean regime or involved in human rights activism.
In recent campaigns, APT37 utilizes a single command-and-control (C2) server to orchestrate all components of their malware arsenal, including the Rust-based backdoor we named Rustonotto, the PowerShell-based Chinotto malware, and FadeStealer.
FadeStealer, first identified in 2023, is a surveillance tool designed to log keystrokes, capture screenshots and audio, track devices and removable media, and exfiltrate data through password-protected RAR archives. FadeStealer leverages HTTP POST and Base64 encoding for communication with its command-and-control (C2) server.
APT37 utilizes Windows shortcut files and Windows help files as initial infection vectors.
Rustonotto, active since June 2025, is a Rust-compiled malware, representing the first known instance of APT37 leveraging Rust-based malware to target Windows systems.
Using simple backdoors in the initial stage, the threat actor deployed FadeStealer via a Python-based infection chain.
Reporting on Iran
Nothing overly of note this week…
Reporting on Other Actors
Uncloaking VoidProxy: a Novel and Evasive Phishing-as-a-Service Framework
Houssem Eddine Bordjiba further reinforces the case for Passkeys and phishing resistant MFA.
VoidProxy is a novel and highly evasive service used by attackers to target Microsoft and Google accounts. The service is also capable of redirecting accounts protected by third-party single sign-on (SSO) providers like Okta to second-stage phishing pages.
The service uses Adversary-in-the-Middle (AitM) techniques to intercept authentication flows in real-time, capturing credentials, MFA codes and any session tokens established during the sign-in event. This capability can bypass the protection of several common MFA methods, such as SMS codes and one-time passwords (OTP) from authenticator apps.
https://sec.okta.com/articles/uncloakingvoidproxy/
Petya/NotPetya copycat with UEFI Secure Boot bypass
Martin Smolár details a capability which is technically novel but without any confirmed in the wild hits. Unclear if a research project or intended to be actually be used with malicious intent.
New ransomware samples, which we named HybridPetya, resembling the infamous Petya/NotPetya malware, were uploaded to VirusTotal in February 2025.
HybridPetya encrypts the Master File Table, which contains important metadata about all the files on NTFS-formatted partitions.
Unlike the original Petya/NotPetya, HybridPetya can compromise modern UEFI-based systems by installing a malicious EFI application onto the EFI System Partition.
One of the analyzed HybridPetya variants exploits CVE‑2024‑7344 to bypass UEFI Secure Boot on outdated systems, leveraging a specially crafted cloak.dat file.
ESET telemetry shows no signs of HybridPetya being used in the wild yet; this malware does not exhibit the aggressive network propagation seen in the original NotPetya.
The GhostAction Campaign: 3,325 Secrets Stolen Through Compromised GitHub Workflows
Gaetan Ferry and Guillaume Valadon detail an intrusion which again highlights the fragility of software security supply chain dependencies in the SaaS era.
GhostAction, a massive supply chain attack affecting 327 GitHub users across 817 repositories. Attackers injected malicious workflows that exfiltrated 3,325 secrets, including PyPI, npm, and DockerHub tokens via HTTP POST requests to a remote endpoint.
..
The compromised maintainer, GitHub user Grommash9, pushed the malicious commit on September 2, 2025. The commit, titled "Add Github Actions Security workflow," contained a single GitHub action workflow file designed to steal secrets:
https://blog.gitguardian.com/ghostaction-campaign-3-325-secrets-stolen/
How an Attacker’s Blunder Gave Us a Rare Look Inside Their Day-to-Day Operations
Jamie Levy, Lindsey O'Donnell-Welch and Michael Tigges detail an investigation which triggered a lot of debate this week around proportionality and otherwise. Undeniable that there was intelligence gain..
imagine our delight when a threat actor installed Huntress onto their operating machine—after finding us via one of our advertising campaigns and starting a trial— giving us a sprawling inside look at how they’re using AI to build workflows, searching for tools like Evilginx, and more.
https://www.huntress.com/blog/rare-look-inside-attacker-operation
ChillyHell: A Deep Dive into a Modular macOS Backdoor
Ferdous Saljooki and Maggie Zirnhelt provide a detailed technical analysis of this implant but also more concerning highlight that the notarization continued to be valid and lack of detection by third party solutions.
[We] discovered a file that stood out due to a notable method of process reconnaissance being used. Despite the malware family having been documented in the past, it remains unflagged by antivirus vendors.
The malware, known as ChillyHell, was originally unveiled in a private 2023 Mandiant report that loosely tied it to a threat actor targeting officials in Ukraine.
The sample is developer-signed and successfully passed Apple’s notarization process in 2021. Its notarization status remained active until these recent findings.
https://www.jamf.com/blog/chillyhell-a-modular-macos-backdoor/?nav=1
Discovery
How we find and understand the latent compromises within our environments.
Detecting Active Directory Password-Spraying with a Honeypot Account
Sean Metcalf provides some detection tradecraft to deploy if you are still using Active Directory..
Using the guidance in this article, password-spray activity can be easily detected by creating a honeypot account and configuring monitoring for logon activity associated with this account. This approach provides a simple methodology to configure the environment to detect password spray activity.
https://trustedsec.com/blog/detecting-password-spraying-with-a-honeypot-account
Stop MFA Push Bombing
Oussama AZRARA provides a KQL to spot attempts at MFA push bombing..
Detect clusters of push‑based MFA denials/timeouts that suddenly flip to a success for the same user and network fingerprint within a short window. Start with 5 – 10 failures in ≤30 minutes followed by a success from the same IP/device; tune per your baseline.
DRMD: Deep Reinforcement Learning for Malware Detection under Concept Drift
Shae McFadden, Myles Foley, Mario D'Onghia, Chris Hicks, Vasilios Mavroudis, Nicola Paoletti and Fabio Pierazzi show potential in applying deep reinforcement learning to Android malware detection over the long term and lower the risk of concept drift.
We evaluated the joint detection and drift mitigation policy learned by the DRL-based Malware Detection (DRMD) agent through time-aware evaluations on Android malware datasets subject to realistic drift requiring multi-year performance stability. The policies learned under these conditions achieve a higher Area Under Time (AUT) performance compared to standard classification approaches used in the domain, showing improved resilience to concept drift.
https://arxiv.org/abs/2508.18839
Defence
How we proactively defend our environments.
Securing Sideways: Thwarting Lateral Movement by Implementing Active Directory Tiering
Tyler Schroder and Sohee Park reenforce the value of design patterns (architecture) in this work. How many ransomware incidents wouldn’t occur if such a model was employed…
In this article, we examine the challenge of security compromises in Active Directory (AD) environments and present effective strategies to prevent credential theft and limit lateral movement by threat actors. These strategies include:
1) Active Directory Tiering-a method of logically segmenting the network into three tiers based on the sensitivity of the systems and data within each tier;
2) implementing the technical steps necessary to deploy AD Tiering; and
3) evaluating the benefits and potential trade-offs, such as setup time, hardware costs, ongoing maintenance, and required adjustments to business processes.
Our proposed approaches aim to confine the movement of compromised credentials, preventing significant privilege escalation and theft.
https://papers.ssrn.com/sol3/papers.cfm?abstract_id=5392529
External Sharing Security Checklist in Microsoft 365
Aima S provides a practical checklist on how to approach managing the associated risks with external sharing..
External sharing in Microsoft 365 makes collaboration with vendors, clients, and partners seamless. But at the same time, it is also one of the biggest gateways for data leaks and misuse. This ongoing debate of security vs. productivity often leaves admins wondering how much external sharing is too much.
While disabling external sharing may seem secure, it forces organizations to convert external users into internal ones for collaboration, which creates security concerns. At the same time, it can also block productivity and slow down teamwork. The key lies in finding the right balance!
That’s why we have put together an external sharing security checklist. To make it easier to follow, we’ve grouped the settings into three distinct categories.
https://blog.admindroid.com/external-sharing-security-checklist-in-microsoft-365/
Stopping ransomware before it starts: Lessons from Incident Response
Lexi DiScola provides an overview the most interesting of which was this graph..
https://blog.talosintelligence.com/stopping-ransomware-before-it-starts/
Memory Integrity Enforcement: A complete vision for memory safety in Apple devices
Apple Security Engineering and Architecture (SEAR) detail the hardware and software changes to introduce some of the memory safety changes in the latest models. A good example of a practicable solution as opposed to rewriting everything..
Memory Integrity Enforcement (MIE) is the culmination of an unprecedented design and engineering effort, spanning half a decade, that combines the unique strengths of Apple silicon hardware with our advanced operating system security to provide industry-first, always-on memory safety protection across our devices — without compromising our best-in-class device performance. We believe Memory Integrity Enforcement represents the most significant upgrade to memory safety in the history of consumer operating systems.
..
Because EMTE tag checking imposes a performance cost, we designed Memory Integrity Enforcement to take advantage of our secure allocators first and use EMTE to protect only smaller individual allocations within a type bucket, which software allocators can’t defend on their own.
https://security.apple.com/blog/memory-integrity-enforcement/
Incident Writeups & Disclosures
How they got in and what they did.
Update on Mandiant Drift and Salesloft Application Investigations
Salesloft publish, noteworthy for time between initial access and the actor achieving their objective.
In March through June 2025, the threat actor accessed the Salesloft GitHub account. With this access, the threat actor was able to download content from multiple repositories, add a guest user and establish workflows.
The investigation noted reconnaissance activities occurring between March 2025 and June 2025 in the Salesloft and Drift application environments.
The analysis has not found evidence beyond limited reconnaissance related to the Salesloft application environment.
The threat actor then accessed Drift’s AWS environment and obtained OAuth tokens for Drift customers’ technology integrations
The threat actor used the stolen OAuth tokens to access data via Drift integrations.
https://trust.salesloft.com/?uid=Third-Party+Drift+Integration+Partners+FAQ+%289%3A00PM+ET%29
npm debug and chalk packages compromised
Two vendors state the impact of these supply chain compromises which on face value make it sound serious.
The affected npm packages collectively receive more than 2 billion downloads every week.
Such extensive reach ensures the impact extends far beyond a few isolated projects, creating a ripple effect that influences the entire software ecosystem.
https://www.sonatype.com/blog/npm-chalk-and-debug-packages-hit-in-software-supply-chain-attack
All together, these packages have more than 2 billion downloads per week.
The packages were updated to contain a piece of code that would be executed on the client of a website, which silently intercepts crypto and web3 activity in the browser, manipulates wallet interactions, and rewrites payment destinations so that funds and approvals are redirected to attacker-controlled accounts without any obvious signs to the user.
https://www.aikido.dev/blog/npm-debug-and-chalk-packages-compromised
Whilst one vendor provided balance to the reporting on the real-world impact.
Surprisingly, practical damage from the attack is almost non-existent. The attackers poorly used a widely known obfuscator, which led to immediate detection shortly after the malicious versions were published. Blockchain analysis of the associated wallets indicates that the campaign yielded only around $500 in stolen cryptocurrency.
https://jfrog.com/blog/new-compromised-packages-in-largest-npm-attack-in-history/
s1ngularity's Aftermath: AI, TTPs, and Impact in the Nx Supply Chain Attack
Rami McCarthy details the aftermath of this intrusion..
In Phase 2, at least 480 compromised accounts (⅔ were organizations) published over 6,700 private repositories publicly with a
s1ngularity-repository-#5letters#naming scheme. In one case, a single organization had over 700 repositories leaked. Wiz identified thousands of valid credentials in these formerly-private repositories. GitHub eventually removed these repositories as well.In Phase 3, starting the evening of August 31st, two compromised users publicly uploaded over 500 repositories (suffixed with
_bak, and withS1ngularityas the description) belonging to a single organization.
https://www.wiz.io/blog/s1ngularitys-aftermath
Vulnerability
Our attack surface.
HIGH: Badsecrets Report
ShadowServer detail the long tail impact of insecure code on the internet - headline is about 12,000 instances globally..
This report identifies the use of known or very weak cryptographic secrets across a variety of web frameworks/platforms. These are often the result of software developers copy-pasting or forking code published on the Internet that includes a copied cryptographic secret, for example from a project on GitHub, official documentation of a project, or even a book, etc.
https://www.shadowserver.org/what-we-do/network-reporting/badsecrets-report/
Breaking Diffusion with Cache: Exploiting Approximate Caches in Diffusion Models
Desen Sun, Shuncheng Jie and Sihang Liu show that caches (even in different contexts) in generative AI introduce a side channel risk..
Diffusion models are a powerful class of generative models that produce content, such as images, from user prompts, but they are computationally intensive. To mitigate this cost, recent academic and industry work has adopted approximate caching, which reuses intermediate states from similar prompts in a cache. While efficient, this optimization introduces new security risks by breaking isolation among users. This work aims to comprehensively assess new security vulnerabilities arising from approximate caching.
First, we demonstrate a remote covert channel established with the cache, where a sender injects prompts with special keywords into the cache and a receiver can recover that even after days, to exchange information.
Second, we introduce a prompt stealing attack using the cache, where an attacker can recover existing cached prompts based on cache hit prompts. Finally, we introduce a poisoning attack that embeds the attacker's logos into the previously stolen prompt, to render them in future user prompts that hit the cache. These attacks are all performed remotely through the serving system, which indicates severe security vulnerabilities in approximate caching.
https://arxiv.org/abs/2508.20424
Offense
Attack capability, techniques and trade-craft.
Dittobytes
Tijme Gommers releases an obfuscating compiler without stubs which will up the detection game of cat and mouse..
Dittobytes compiles your C-code to truly Position Independent Code (PIC) for Windows, MacOS, and Linux, and both AMD64 and ARM64. It features a metamorphic engine that ensures each compilation produces unique, functional shellcode. It does not rely on the classic decrypt stubs often seen in e.g. polymorphic compilations, and additionally it does not require reflective loaders such as Donut or sRDI as it can compile your C-code directly to PIC.
https://github.com/tijme/dittobytes
MFTool
Kurosh Dabbagh Escalante releases a tool which uses raw device access to subvert file system logging detection..
MFTool is a red team-oriented NTFS parser. Instead of asking Windows for files, it parses the on-disk structures of a mounted NTFS volume directly to build an in-memory copy of the Master File Table. That in-memory MFT is kept encrypted and is then used to:
https://github.com/Kudaes/MFTool
Sh3ller
Rob releases a lightweight C2 which due to the low dependency one can imagine will be adopted..
Sh3ller is a lightweight C2 framework in its simplest form.
It’s built for one job only: catching shells and letting you manage them. Nothing more.
Lightweight, no dependencies beyond PowerShell
Always listening for incoming connections
Manage multiple shells at once
https://github.com/Leo4j/Sh3ller
KittyLoader
Exsangui releases a loader which is a good collection of techniques against which to ensure discrete detection techniques.
Hijacks early execution by replacing the C runtime entrypoint (__scrt_common_main_seh) with custom assembly.
Hides all modules by walking PEB->Ldr lists and unlinking its module entry (LDR_DATA_TABLE_ENTRY) from :
InLoadOrderModuleList
InInitializationOrderModuleList
InMemoryOrderModuleList
Deploys a wide variety of anti-analysis techniques, including :
Debugger Detection : - IsDebuggerPresent, CheckRemoteDebuggerPresent, PEB Interrogation, hardware breakpoints, timing checks (RDTSC + Sleep) using __rdtsc timing analysis
Sandbox Detection : - Heuristic evaluation of sandbox probability from > GetSystemInfo, GlobalMemoryStatusEx, GetDiskFreeSpaceEx, GetTickCount
Self-Integrity checks by continously calculating checksum of its own code section to detect tampering.
Delayed Execution : - Sleeps for 30–40 seconds plus jitter based on PID and system tick count.
API Resolution via Export Hashing :
Avoids static imports by resolving function addresses at runtime.
Walks IMAGE_EXPORT_DIRECTORY and applies custom xor rotate hash algo.
APIs are initially attempted to be resolved via tprtdll.dll, which is quite the modern technique, it does so using GetModuleHandleW(L"tprtdll.dll") with DONT_RESOLVE_DLL_REFERENCES to minimize operation footprint.
Embedded payload is encrypted at rest, with key and nonce derived at runtime from entropy sources: PID, TID, QPC, memory load, CPU info (CPUID), tick count.
Preferred algo is ChaCha20, but in case of failure falls back to RC4, decryption occurs in place after the encrypted blob is copied into memory.
Searches process memory via VirtualQuery for an already-executable region large enough for the shellcode.
If none found, allocates new RW region with NtAllocateVirtualMemoryEx
After decryption, if memory was RW, flips to RX with NtProtectVirtualMemory.
Therefore, we intend to initially inject into pre-existing RWX memory page, but in case of failure, resort to custom resolved NtAllocateVirtualMemoryEx and flip RW-RX
Execute via LdrCallEnclave, normally intended for SGX/VBS enclaves, instead of jumping to a secure enclave, we jump to an arbitrary function pointer in normal (VTL0) user memory.
https://github.com/tlsbollei/KittyLoader
The Art of Hide and Seek: Making Pickle-Based Model Supply Chain Poisoning Stealthy Again
Tong Liu, Guozhu Meng, Peng Zhou, Zizhuang Deng, Shuaiyin Yao and Kai Chen evidence the scale of potential attack surface as models get flung around between organisations.
Our research demonstrates how pickle-based model poisoning can remain stealthy and highlights critical gaps in current scanning solutions. On the model loading surface, we identify 22 distinct pickle-based model loading paths across five foundational AI/ML frameworks, 19 of which are entirely missed by existing scanners. We further develop a bypass technique named Exception-Oriented Programming (EOP) and discover 9 EOP instances, 7 of which can bypass all scanners. On the risky function surface, we discover 133 exploitable gadgets, achieving almost a 100% bypass rate. Even against the best-performing scanner, these gadgets maintain an 89% bypass rate. By systematically revealing the pickle-based model poisoning surface, we achieve practical and robust bypasses against real-world scanners. We responsibly disclose our findings to corresponding vendors, receiving acknowledgments and a $6000 bug bounty.
https://arxiv.org/abs/2508.19774
Exploitation
What is being exploited..
Ongoing active exploitation of SonicWall SSL VPNs in Australia (CVE-2024-40766)
Australian Signals Directorate’s Australian Cybersecurity Centre warns..
ASD’s ACSC is aware of a recent increase in active exploitation in Australia of a 2024 critical vulnerability in SonicWall SSL VPNs (CVE-2024-40766).
We are aware of the Akira ransomware targeting vulnerable Australian organisations through SonicWall SSL VPNs.
The vulnerability enables an attacker to achieve unauthorised access and in specific conditions causes the firewall to crash. The vulnerability affects the following SonicWall devices:
Gen 5 devices
Gen 6 devices
Gen 7 devices running SonicOS 7.0.1-5035 and older versions
Tooling and Techniques
Low level tooling and techniques for attack and defence researchers…
VulnRepairEval: An Exploit-Based Evaluation Framework for Assessing Large Language Model Vulnerability Repair Capabilities
Weizhe Wang, Wei Ma, Qiang Hu, Yao Zhang, Jianfei Sun, Bin Wu, Yang Liu, Guangquan Xu and Lingxiao Jiang do some good work as we look to see how AI may scale vulnerability resolution..
This paper introduces VulnRepairEval, an evaluation framework anchored in functional Proof-of-Concept (PoC) exploits. Our framework delivers a comprehensive, containerized evaluation pipeline that enables reproducible differential assessment, where repair success requires the original exploit to fail execution against the modified code. The benchmark construction involved extensive data curation: we processed over 400 CVEs and approximately 2,500 potential sources to extract a collection of authentic vulnerability instances (23 Python CVEs) amenable to automated testing with working PoCs. Through VulnRepairEval, we conduct a comprehensive evaluation of 12 popular LLMs and observe a significant performance deficit: even the top-performing model successfully addresses merely 5/23 instances (about 21.7%), exposing critical weaknesses in security-focused applications. Our failure analysis reveals that most unsuccessful attempts stem from imprecise vulnerability identification and patches containing syntactic or semantic errors.
https://arxiv.org/abs/2509.03331
AI Agentic Vulnerability Injection And Transformation with Optimized Reasoning
Amine Lbath, Massih-Reza Amini, Aurelien Delaitre and Vadim Okun uses AI to introduce vulnerabilities to code bases. You can see the value to build up labeled representive datasets, you can also see the scaled malicious applications..
This paper introduces a novel framework designed to automatically introduce realistic, category-specific vulnerabilities into secure C/C++ codebases to generate datasets. The proposed approach coordinates multiple AI agents that simulate expert reasoning, along with function agents and traditional code analysis tools. It leverages Retrieval-Augmented Generation for contextual grounding and employs Low-Rank approximation of weights for efficient model fine-tuning. Our experimental study on 116 code samples from three different benchmarks suggests that our approach outperforms other techniques with regard to dataset accuracy, achieving between 89% and 95% success rates in injecting vulnerabilities at function level.
https://arxiv.org/abs/2508.20866
From CVE Entries to Verifiable Exploits: An Automated Multi-Agent Framework for Reproducing CVEs
Saad Ullah, Praneeth Balasubramanian, Wenbo Guo, Amanda Burnett, Hammond Pearce, Christopher Kruegel, Giovanni Vigna and Gianluca Stringhini claim some impressive results here. It will be interesting to see if others can replicate the findings.
Our systematic evaluation highlights the efficiency and robustness of CVE-GENIE's design and successfully reproduces approximately 51% (428 of 841) CVEs published in 2024-2025, complete with their verifiable exploits, at an average cost of $2.77 per CVE. Our pipeline offers a robust method to generate reproducible CVE benchmarks, valuable for diverse applications such as fuzzer evaluation, vulnerability patching, and assessing AI's security capabilities.
https://arxiv.org/abs/2509.01835
LLVM based VMProtect Devirtualization: Part 1
Hacky Boiz shows potential but lack of real-world applicability of this approach..
the LLVM-based devirtualization approach discussed in this article is effective for functions with a single path or only a few execution paths, but for programs with many paths, some code may be omitted. Therefore, applying this approach to real-world, large-scale code is still impractical.
https://hackyboiz.github.io/2025/09/11/banda/LLVM_based_VMP/en/
Secure Calls - The Bridge Between The NT Kernel and Secure Kernel
Connor McGarr details how the bridge works..
This post will be taking a look at the architecture which allows NT, which is in a completely isolated region of physical memory from the Secure Kernel, to “hand off” execution to the Secure Kernel, as well as showcase some of the common patterns NT and SK use in regards to copying and encapsulating parameters and output from VTL 0 <-> VTL 1 and VTL 1 <-> VTL 0.
https://connormcgarr.github.io/secure-calls-and-skbridge/
Retrieving [Windows] kernel process object addresses by exploiting a driver providing R/W to physical memory
Yazid Benjamaa shows that bring you own vulnerable driver is still a valid strategy..
By leveraging a vulnerable kernel driver that grants read access to the physical memory layout, it remains possible to retrieve the addresses of kernel objects for processes and threads
As in the two previous articles, the driver used here is eneio64.sys. As of today (05/09/2025), it is still tolerated by HVCI and can be loaded onto the kernel. The following technique was tested on Windows 11 versions 22H2 and 24H2.
https://github.com/Xacone/Eneio64-Driver-Exploit/tree/main/procs
Footnotes
Some other small (and not so small) bits and bobs which might be of interest.
Annual, quarterly and monthly reports
Nothing overly of note this week
ReDAN: An Empirical Study on Remote DoS Attacks against NAT Networks
Artificial intelligence
Books
Nothing overly of note this week
Events
Nothing overly of note this week
Finally finally the NCSC’s podcast series.
Unless stated otherwise, linked or referenced content does not necessarily represent the views of the NCSC and reference to third parties or content on their websites should not be taken as endorsement of any kind by the NCSC. The NCSC has no control over the content of third party websites and consequently accepts no responsibility for your use of them.
This newsletter is subject to the NCSC website terms and conditions which can be found at https://www.ncsc.gov.uk/section/about-this-website/terms-and-conditions and you can find out more about how will treat your personal information in our privacy notice at https://www.ncsc.gov.uk/section/about-this-website/privacy-statement.