[00:00] Announcer: From Neural Newscast, this is Prime Cyber Insights,
[00:03] Announcer: Intelligence for Defenders, Leaders, and Decision Makers.
[00:11] Aaron Cole: I'm Aaron Cole. Today is April 1, 2026. We're dissecting a high-fidelity attribution from Google regarding a supply chain attack on the Axios NPM package, alongside the expanding threat of living off the land tactics.
[00:28] Lauren Mitchell: And I'm Lauren Mitchell. We're also analyzing a breach at the AI startup Merker, involving the Light LLM project,
[00:35] Lauren Mitchell: and the emergence of a new remote-access Trojan from the threat group Silver Fox.
[00:41] Aaron Cole: Starting with the Axios NPM package compromise, Google Threat Intelligence has officially attributed this activity to UNC 1069, a North Korean cluster.
[00:52] Aaron Cole: They've identified two Trojanized versions, 1.14.1 and 0.30.4.
[01:00] Aaron Cole: Lauren, the technical delivery here is particularly surgical.
[01:03] Lauren Mitchell: It is, Aaron.
[01:04] Lauren Mitchell: Instead of altering Axios code directly, they utilized a post-install hook and a malicious
[01:10] Lauren Mitchell: dependency named PlaneCryptoJS.
[01:12] Lauren Mitchell: This drops a JavaScript payload called Silk Bell, which then fetches a platform-specific
[01:18] Lauren Mitchell: backdoor known as WaveShaper V2.
[01:21] Lauren Mitchell: It is built to target Windows, Mac OS, and Linux simultaneously.
[01:26] Lauren Mitchell: Once execution is complete, it replaces the malicious metadata with clean version to hide its tracks.
[01:31] Aaron Cole: The sophistication is noteworthy.
[01:34] Aaron Cole: Reversing Labs described this as a template for scalable operations rather than a one-off
[01:39] Aaron Cole: event.
[01:40] Aaron Cole: It matches the patterns we're seeing from Chinese-speaking groups like Silver Fox as well.
[01:45] Aaron Cole: They were recently observed using 11 typosquatted domains, impersonating Zoom, Teams, and Signal,
[01:52] Aaron Cole: to deliver a new remote-access Trojan called Atlas Cross.
[01:56] Lauren Mitchell: Silver Fox is effectively building on the lineage of Valley Rat.
[02:00] Lauren Mitchell: This new Atlas Cross Rat uses a framework called PowerShell to host the .NET runtime directly
[02:05] Lauren Mitchell: in memory, which allows it to bypass EMSI and script block logging.
[02:09] Lauren Mitchell: Erin, this isn't just about stealing data.
[02:12] Lauren Mitchell: They're gaining the ability to terminate security product connections at the TCP level.
[02:17] Aaron Cole: That pivot to disabling defenses brings us to the AI sector.
[02:21] Aaron Cole: Merker, the AI recruiting firm, confirmed it was one of thousands of companies hit by
[02:26] Aaron Cole: a supply chain attack on the Light LLM project.
[02:29] Aaron Cole: The group Team PCP pushed a malicious package, and now Lapsus is claiming access to Merker's internal slack and AI training data.
[02:38] Lauren Mitchell: The common thread across these stories is how detection-evasive these actors have become.
[02:43] Lauren Mitchell: Recent data shows that 84% of high-severity incidents now involve the abuse of legitimate tools already in the environment, such as PowerShell and WMIC.
[02:56] Lauren Mitchell: If the tools are trusted by default, simply looking for malicious files is a failing strategy.
[03:02] Aaron Cole: Exactly, Lauren.
[03:03] Aaron Cole: When 95% of access to these risky tools is unnecessary for the average user,
[03:09] Aaron Cole: the internal attack surface is essentially unmanaged.
[03:12] Aaron Cole: Practitioners need to move toward auditing dependency trees,
[03:15] Aaron Cole: pinning safe versions and package lock files,
[03:18] Aaron Cole: and strictly limiting the permissions of native binaries.
[03:22] Lauren Mitchell: The mandate for 2026 is clear.
[03:24] Lauren Mitchell: You must treat any secrets exposed in these build environments as compromised immediately, regardless of where they were stored.
[03:33] Lauren Mitchell: I'm Lauren Mitchell.
[03:34] Aaron Cole: And I'm Aaron Cole.
[03:36] Aaron Cole: This has been your briefing on Prime Cyber Insights.
[03:39] Aaron Cole: For more details, visit pci.neuralnewscast.com.
[03:43] Aaron Cole: The views expressed are our own and do not constitute legal or professional advice.
[03:47] Aaron Cole: Neural Newscast is AI-assisted, human-reviewed.
[03:51] Aaron Cole: View our AI transparency policy at neuralnewscast.com.
[03:55] Aaron Cole: Stay focused and we'll see you in the next session.
[03:57] Announcer: This has been Prime Cyber Insights on Neural Newscast.
[04:01] Announcer: Intelligence for Defenders, Leaders, and Decision Makers.