Authors: Nitish Singh, Tanmay Kumar, and Nikhil Kumar Chadha
The Monthly Intelligence Insights report provides a summary of top threats curated, monitored, and analyzed by Securonix Threat Labs in April 2026. The report also includes a synopsis of the threats, indicators of compromise (IoCs), tactics, techniques, and procedures (TTPs), and related tags. Each threat has a comprehensive summary from Threat Labs and search queries from the Threat Research team. For additional information on Threat Labs and related search queries used via Autonomous Threat Sweeper to detect the below-mentioned threats, refer to our Threat Labs home page.
Last month, Securonix Autonomous Threat Sweeper identified and analyzed 4,751 TTPs and IoCs; identified 121 emerging threats; investigated 72 potential threats; and elevated 12 incidents. The top data sources swept against include IDS / IPS / UTM / Threat Detection, Data Loss Prevention, Endpoint Management Systems, and Email / Email Security.
In April 2026, the Autonomous Threat Sweeper team observed a sharp rise in sophisticated cyber operations driven by supply chain compromise, ransomware evolution, and increasing abuse of AI ecosystems. A series of North Korea–linked intrusions targeting the widely used Axios npm package demonstrated how poisoned dependencies can rapidly cascade through developer environments, while the re-emergence of Shai-Hulud–style activity introduced self-propagating npm worms and Bun-based payloads targeting SAP-related packages for credential theft and lateral spread.
Ransomware activity also intensified, with campaigns such as Kyber and Medusa expanding attacks across Windows and ESXi systems and, in some cases, exhibiting destructive wiper-like behavior. Malware developments throughout the month reflected a growing emphasis on stealth, persistence, and infrastructure targeting, with threats such as ZionSiphon focusing on water-sector operational technology environments, while Operation PhantomCLR and Deep#Door leveraged in-memory execution, AppDomain hijacking, tunneling, and layered persistence mechanisms to evade detection and maintain long-term access. At the same time, AI-related threats gained momentum as adversaries increasingly targeted emerging AI infrastructure through reconnaissance activity, poisoned Xinference packages, and phishing campaigns masquerading as Claude installers or fake AI service portals to distribute malware and gain unauthorized access. Overall, April activity highlighted a convergence of supply chain exploitation, adaptive malware tradecraft, ransomware expansion, and AI-focused attacks, underscoring how threat actors continue to prioritize scalable compromise methods, stealthier execution chains, and the exploitation of rapidly growing developer and AI ecosystems.
AI Threats Turn Coordinated and Stealthy (Originally published in April 2026)
By mid-April 2026, the story of AI-driven cyber threats stopped being about scattered incidents and started looking like a coordinated campaign.
It begins with something familiar, a developer downloading what appears to be a legitimate AI tool. The website looks right, the installer behaves as expected. But behind the scenes, that trust is exploited. A trojanized package quietly deploys a backdoor, sometimes using techniques like DLL sideloading with signed binaries, blending in so well that nothing immediately seems wrong.
At the same time, another thread unfolds through phishing. What used to be simple lures has evolved into interactive attack chains. A user is tricked into running a command, which leads to a sequence of hidden steps: obfuscated scripts, staged PowerShell payloads, AMSI bypass, and finally in-memory execution. By the time anything suspicious could be noticed, the attacker is already inside.
Meanwhile, the supply chain becomes an entry point of its own. Malicious packages targeting AI environments slip into trusted repositories, executing as soon as they are imported. Instead of persistence, they focus on speed, harvesting credentials from cloud services, containers, and developer tools, then exfiltrating everything of value before disappearing.
In parallel, attackers are scanning the internet, not randomly, but with intent. Exposed AI services and misconfigured infrastructure are probed for secrets, configuration files, and access points. These aren’t isolated scans. They are part of a broader effort to map and exploit the growing AI ecosystem.
What ties all of this together is how seamlessly it blends. Social engineering meets technical precision. Legitimate tools are abused. Payloads avoid disk and live in memory. Artifacts are minimal, and traces often clean themselves up.
The result is a shift in how these operations feel. This is no longer opportunistic cybercrime experimenting with AI as bait. It is a more deliberate system where fake platforms, phishing chains, supply chain compromises, and infrastructure targeting all reinforce each other, turning the rapid adoption of AI into a reliable attack surface.
Axios Supply Chain RAT via npm Install (Originally published in April 2026)
The compromise begins in a place most teams trust by default: dependency installation. A compromised package is pulled in as part of a routine npm install, triggering an obfuscated script that runs silently in the background. This script profiles the host system and reaches out to a remote server to download a second-stage payload tailored to the operating system. From that point, the activity shifts into native execution, adapting its behavior across Linux, Windows, and macOS while maintaining a consistent command-and-control pattern.
On Linux systems, the process chain typically begins with a Node or npm process spawning a shell, which then uses tools like curl to retrieve a Python payload into a temporary directory such as /tmp. The script is executed in the background using nohup, allowing it to persist long enough to complete its objectives without drawing attention. Equivalent techniques are used on other platforms, relying on PowerShell or compiled binaries. Across all environments, the malware communicates with its command-and-control infrastructure using periodic HTTP POST requests, typically every 60 seconds, with Base64-encoded JSON data and a consistent user-agent and identifier structure.
Functionally, the malware operates as a lightweight remote access tool. It supports command execution, file delivery, and system reconnaissance, gathering host details and staging additional payloads in less visible locations. Rather than relying heavily on persistence, especially in Linux environments, it takes advantage of short-lived execution contexts such as CI/CD pipelines and containerized workloads. Even brief access in these environments can expose sensitive data, including tokens, credentials, and build artifacts.
To reduce its footprint, the installer removes traces of the malicious components after execution and restores expected package metadata. This cleanup step makes traditional forensic analysis more difficult, leaving behavioral patterns as the primary indicators of compromise.
Overall, this campaign combines a supply chain entry point with practical post-exploitation techniques. Its real strength lies in timing, executing during installation or update phases where monitoring is often limited. The most reliable detection signals span platforms: dependency installation followed immediately by script interpreter activity, unexpected outbound connections to a consistent endpoint, and subtle artifacts left behind after execution.
Shai-Hulud npm Supply Chain Worm (Originally published in April 2026)
It starts quietly, the way most modern supply-chain attacks do. A developer installs what looks like a routine update to @bitwarden/cli@2026.4.0. Nothing seems unusual on the surface, but during installation a hidden preinstall hook fires. Instead of preparing the package, it pulls down an external runtime and launches a loader script, bw_setup.js. That’s the moment the system crosses from normal development activity into compromise.
The loader wastes no time. It fetches and executes a second-stage payload, bw1.js, heavily obfuscated and designed to blend in. This stage begins harvesting anything of value it can reach through the developer’s environment. SSH keys, npm tokens, Git credentials, cloud provider secrets from AWS and GCP, even configuration files tied to newer tooling like Claude and MCP all get swept up. If it lands inside a CI/CD runner, it goes further, scraping memory from active processes to extract secrets that were never written to disk.
Rather than exfiltrating data through obvious channels, the malware leans on GitHub as both a communication layer and a hiding place. Stolen data is encoded and pushed into repositories or commits that look harmless at a glance. At the same time, the malware searches GitHub itself, scanning commits for a specific marker string. When it finds matches, it decodes them into fresh GitHub tokens, effectively turning other compromised systems into a shared pool of credentials. This creates a feedback loop where each infection strengthens the next.
With valid tokens in hand, the attack shifts from theft to propagation. It creates new public repositories under victim accounts, giving them innocuous or themed names and benign-looking descriptions. Into these repos, it writes encrypted result files and, more importantly, seeds additional payloads. It also pushes subtle changes into existing repositories, adding files like .vscode/tasks.json or hidden setup scripts under .claude/. The commits look routine, labeled as dependency updates and authored with generic noreply identities, making them easy to overlook during reviews.
The infection doesn’t stop at GitHub. It circles back into the npm ecosystem, republishing itself through accessible packages, including those tied to SAP development workflows. Each new package carries the same install-time trigger, ensuring that any downstream user becomes the next link in the chain.
Throughout the process, the malware maintains a low profile. It avoids running on certain regional systems, daemonizes itself on developer machines to persist quietly, and uses fallback communication methods when its primary channels fail. Beneath all of this, a single identifying string appears in the code like a signature left behind: “Shai-Hulud: The Third Coming.”
By the time anyone notices, the attack is no longer a single compromised package. It’s an ecosystem-level infection, spreading through trust relationships between developers, repositories, and build systems, turning everyday workflows into its delivery mechanism.
Ransomware Escalates Across Platforms (Originally published in April 2026)
Recent ransomware activity highlights a growing shift toward fast, multi-platform attacks designed to maximize operational disruption before defenders can respond. Threat actors are increasingly combining rapid exploitation of exposed systems with aggressive defense evasion, credential theft, and coordinated encryption across Windows, Linux, and virtualized environments. Rather than relying solely on sophisticated malware, these operations heavily abuse legitimate administrative tools, disable recovery mechanisms early, and target critical infrastructure such as VMware ESXi to amplify business impact.
One example is VECT 2.0, a ransomware operation targeting Windows, Linux, and ESXi systems through a shared codebase. Although presented as a conventional extortion tool, flaws in its encryption routine make victim data permanently unrecoverable, effectively turning attacks into destructive wipe events. The malware spreads through SSH, SCP, and administrative tooling, disables security protections, deletes backups and logs, encrypts files with a “.vect” extension, and removes traces of its activity across compromised systems.
At the same time, the financially motivated group Storm-1175 has demonstrated how quickly modern ransomware operators can weaponize newly disclosed vulnerabilities. By targeting exposed applications such as Microsoft Exchange, Ivanti appliances, TeamCity, and managed file transfer solutions, the group rapidly progresses from initial compromise to persistence, credential harvesting, lateral movement, data exfiltration, and eventual deployment of Medusa ransomware using enterprise administration tools like PowerShell, PsExec, PDQ Deploy, and Group Policy.
Meanwhile, the Kyber ransomware campaign reflects the increasing focus on virtual infrastructure disruption. The operators simultaneously deploy Windows and ESXi variants to encrypt both endpoints and virtual machine environments, terminate critical services, disable recovery capabilities, and even modify system interfaces or login messages to display ransom demands. The coordinated targeting of hypervisors and business systems demonstrates a broader trend where ransomware campaigns are evolving beyond data encryption into full-scale operational sabotage.
Stealth and Specialized Malware (Originally published in April 2026)
Deep#Door, identified by the Securonix Threat Research team, is a Windows-focused Python backdoor and credential stealer delivered through a heavily obfuscated batch script that carries the full implant inside itself. Once launched, the script weakens host protections, reads its own contents, extracts the embedded Python payload, and drops svc.py into a service-like LocalAppData location. From there, it establishes layered persistence through a Startup-folder VBScript launcher, a Run key, scheduled tasks, an optional WMI subscription, and a watchdog thread that restores removed artifacts. Before fully activating, it checks for debuggers, virtual machines, sandboxes, and EDR hooks, then sets up command-and-control through bore[.]pub using encoded configuration, dynamic ports, challenge-response authentication, retry logic, and tunnel discovery. Once connected, it supports shell access, surveillance, credential theft, reconnaissance, and follow-on actions. What makes it stand out is the way it combines self-contained delivery, aggressive defense tampering, persistence redundancy, and stealthy tunneling into a single intrusion flow.
The other two analyses reflect the same broader direction in attacker tradecraft, though in very different environments. One centers on OT-aware malware built to identify and interact with water treatment and desalination systems through layered target validation, industrial protocol probing, local persistence, PowerShell-based privilege escalation attempts, and removable-media propagation, even if the analyzed sample appears incomplete because of a validation flaw. The other examines a multi-stage Windows post-exploitation framework that abuses AppDomainManager during .NET startup to turn a signed Intel utility into a stealth execution container, using LNK masquerading, co-located configuration and DLL abuse, staged decryption, reflective in-memory loading, JIT-based execution, and CloudFront-backed command-and-control. Taken together, these campaign show attackers increasingly favoring trusted execution paths, selective activation, and resilient post-compromise tradecraft that is far more effectively detected through behavioral correlation than through isolated indicators alone.