EvilBit Threat Digest - When AI Turns on Itself and Attackers Go Kinetic

If the past week taught us anything, it's that creativity in cyberattacks is alive and well. We've got AI compute clusters getting hijacked to mine cryptocurrency and spread themselves, Iranian state actors providing targeting data for real-world missile strikes, malware distributed through 3D modeling software, and enough phishing ingenuity to make you question whether your own domain is actually yours. It's the kind of week that makes you realize the threat landscape isn't just expanding--it's getting weird.

Let me hand this over to my co-pilot in chaos, UncleSp1d3r, who's been tracking some of the more creative technical plays. But first, let's talk about what happens when the line between cyber operations and kinetic warfare disappears entirely.

Iranian APTs Cross the Cyber-Physical Rubicon

Amazon Threat Intelligence dropped a report this week that should concern anyone working in critical infrastructure or maritime security. Iranian state-linked groups--specifically MuddyWater and Imperial Kitten--have been breaching maritime Automatic Identification System (AIS) platforms and CCTV surveillance systems to collect intelligence for kinetic military operations.

In plain English: they're hacking cameras and ship-tracking systems, gathering targeting data, and handing it off to people who launch actual missiles. This isn't theoretical disruption or espionage for policy advantage. This is reconnaissance that directly supports real-world violence.

The TTPs are straightforward but effective. Attackers scanned for exposed AIS web interfaces, exploited weak or default credentials, and extracted vessel location data. CCTV systems were similarly compromised for visual intelligence collection. Once inside, they set up persistent access via SSH tunnels and scheduled tasks, exfiltrating data over command-and-control channels to VPS infrastructure.

For defenders in these sectors, the guidance is clear: segment AIS and CCTV networks from the internet, enforce multi-factor authentication, audit for default credentials, and monitor access logs for reconnaissance patterns. The IOCs are available in Amazon's blog post, and the MITRE ATT&CK mappings include Active Scanning (T1595.002), Proxy (T1090), and Gather Victim Org Information (T1591).

This one's a bridge too far for me. When cyber operations have downstream kinetic consequences, the stakes aren't just data or uptime--they're lives. If you're running OT, maritime, or physical security infrastructure, treat this as the wake-up call it is.

AI Infrastructure Gets Its Own Botnet: ShadowRay 2.0

Speaking of things getting personal, AI infrastructure is now officially on the menu. Oligo Security published research on ShadowRay 2.0, a campaign exploiting CVE-2023-48022 in the Ray AI framework to build a self-propagating botnet across GPU clusters.

The vulnerability is an unauthenticated remote code execution flaw in Ray's Jobs API, which was designed for distributed machine learning workloads. Attackers are using it to deploy cryptocurrency miners, run DDoS operations, and steal training data and model weights. But the really clever bit? The malware scans for other exposed Ray instances and spreads itself autonomously, creating a self-sustaining botnet inside the AI compute ecosystem.

For those of us who spend time in cloud ML environments, this is a nightmare scenario. Compromised GPU cycles are expensive, model theft undermines competitive advantage, and the self-propagation mechanism means a single breach can cascade across your entire ML infrastructure.

The fix is to patch Ray to version 2.34.0 or later and disable unauthenticated access to the Jobs API. If you're running Ray in production, firewall the dashboard and API to internal networks only, and monitor for anomalous job submissions or unexpected GPU utilization spikes. IOCs--including C2 domains and file hashes--are available in the Oligo report.

Creativity in Malware Delivery: Blender, WhatsApp, and Homoglyphs

This week's malware campaigns are a master class in abusing trust and familiarity.

Russian Actors Weaponize Blender Files: Morphisec uncovered a campaign distributing StealC v2 infostealer via malicious .blend files hosted on CGTrader, a popular 3D asset marketplace. The attack relies on Blender's "Auto Run Python Scripts" feature, which--if enabled--executes embedded Python code when a file is opened. The scripts deploy a multi-stage PowerShell loader that eventually drops the StealC payload.

StealC is a credential harvester that targets over 23 browsers (including Chrome 132+), 100+ web extensions, 15+ cryptocurrency wallets, and messaging apps like Telegram and Discord. It persists via shortcut links in the Windows Startup folder and achieves impressively low antivirus detection rates.

The mitigation is simple: disable Auto Run Python Scripts in Blender's preferences. For defenders monitoring endpoints, watch for PowerShell execution originating from Blender processes and block the listed IOCs, including Cloudflare Workers domains used as loaders.

Brazilian Banking Trojan via WhatsApp: Trustwave SpiderLabs documented a new banking trojan called Eternidade that's spreading via a Python-based WhatsApp worm. The worm accesses victims' WhatsApp contacts and sends malicious messages containing links to a Delphi-based stealer. Once installed, the trojan uses overlay attacks and keylogging to steal credentials from Brazilian banks, MercadoPago, Binance, and MetaMask.

The C2 infrastructure is particularly clever: it uses dynamic IMAP email accounts as command servers, making traditional domain-based blocking less effective. For defenders, this means monitoring WhatsApp activity for anomalous bulk messaging, deploying EDR rules for process hollowing and Delphi payloads, and enabling two-factor authentication on email accounts to limit IMAP abuse.

Microsoft Homoglyph Phishing: In a delightfully simple but effective play, attackers are registering domains like rnicrosoft.com (replacing the 'm' with 'r n') and relying on font kerning to make the visual difference nearly invisible. The campaign uses these domains in phishing emails that mimic Microsoft branding to steal login credentials.

The defense is user awareness: hover over links before clicking, verify sender addresses, and navigate to microsoft.com manually rather than trusting embedded links. For SOC teams, blocking the listed domains and monitoring for similar typosquatting patterns is straightforward.

Critical Patches: Grafana, Oracle, and the Usual Suspects

A few high-impact vulnerabilities demand attention this week.

Grafana Enterprise SCIM Takeover: CVE-2025-41115 is a CVSS 10.0 vulnerability in Grafana Enterprise's SCIM user provisioning feature. An attacker with an Editor role can manipulate SCIM user mappings to gain Admin privileges, effectively taking over the Grafana instance. Patches are available in versions 12.0.6, 12.1.3, 12.2.1, and 12.3.0+. If you can't patch immediately, disable SCIM and review existing user role mappings for anomalies. More details in Grafana's advisory.

Oracle Identity Manager Still Under Fire: We flagged CVE-2025-61757 last week, but it bears repeating--this pre-authentication RCE in Oracle Identity Manager's REST APIs is being actively exploited and is now in CISA's Known Exploited Vulnerabilities catalog. SANS ISC published analysis of pre-patch reconnaissance activity dating back to September. If your OIM instances are exposed to the internet, patch immediately (October CPU) and hunt for signs of compromise.

Nessus Plugin Roundup: Tenable released plugin updates covering a broad swath of Linux distributions and enterprise software. Highlights include:

• CVE-2025-41115 (Grafana Enterprise SCIM)
• Multiple RHEL kernel vulnerabilities
• Oracle Linux patches for expat, libssh, libtiff, and grub2
• Rocky Linux fixes for Redis, GIMP, OpenSSL, HAProxy
• Ubuntu Python and realtime kernel updates
• Fedora Kubernetes, WebKitGTK, and Chromium patches
• Photon OS updates for python3, Linux core, OpenSSH, Containerd

For patch management workflows, prioritize internet-facing systems and critical servers, and use the updated Nessus plugins to identify exposed hosts. The full list is on Tenable's plugin page.

Closing Thoughts: Creativity Cuts Both Ways

This week reminded me why defense-in-depth isn't just a buzzword--it's survival strategy. When attackers are willing to breach CCTV systems to support missile strikes, weaponize Blender files, and build self-propagating botnets inside AI infrastructure, the fundamentals become lifelines.

Patch your edge appliances. Segment your critical systems. Audit your trust relationships. Train your users. And please, for the love of all that is secure, stop leaving Ray dashboards exposed to the internet.

If you're running maritime, OT, or physical security infrastructure, treat the Iranian targeting campaigns as the strategic shift they represent. The boundary between cyber and kinetic is gone. Act accordingly.

Stay sharp. The weird is only getting weirder.

-- KryptoKat

Vendor Patch Advisory Appendix

For those tracking this week's vendor advisories:

Tenable Nessus Plugins (2025-11-23 to 2025-11-25):

• Rocky Linux 10/9/8 security updates
• Fedora 43/42/41 package updates
• Oracle Linux 8/9 kernel, expat, libssh, libtiff, grub2, zzip
• Amazon Linux 2023 Firefox
• EulerOS 2.0 SP13
• Ubuntu 14.04-25.04 Python, Realtime Kernel
• Photon OS 4.0/5.0 python3, Linux core, OpenSSH, Containerd, gdb
• Grafana Enterprise 12.x SCIM vulnerability (CVE-2025-41115)

Oracle:

• Critical Patch Update October 2025 -- includes CVE-2025-61757 (OIM pre-auth RCE)

Google Chrome:

• Version 142+ addresses multiple CVEs including actively exploited V8 type confusion bugs