Field Notes: Implants, Exploits, and the AI Edge

If it feels like your opsec is always playing catch-up, you're not the only one. Attackers are using AI deepfakes to walk right past macOS, dropping rootkits that sandboxes just ignore, and turning bulk SMS into a scalpel for wrecking 2FA. WinRAR chains and APT28 are still hanging around, but the real action is in the new evasion tricks that make breaking in easy and detection a pain.

Let's get into what actually matters: first, the offensive tricks you'll want to steal, then what blue teams need to watch for.

Smishing Tradecraft: From Data Brokers to AITM Precision

Scattered Spider has taken smishing to the next level, mixing dark web data dumps, bulk SMS gateways, and sender ID spoofing to go after high-value targets. iVerify says attackers build their lists from exposed cloud storage and broker markets, then blast out messages through compromised telecoms. UCL says we're seeing 300,000 to 400,000 scam texts a day, which tracks with what we're seeing. The big move now is Adversary-in-the-Middle setups that snatch SMS 2FA codes in real time, making SMS basically useless for security.

If you're on offense, this is plug-and-play: spoof legit short codes, chain to AitM proxies, and watch MFA fall over. Bonus points: it's low-tech enough to slip past most network monitoring if you keep rotating gateways. Blue team, seriously, stop using SMS for anything that matters and move to app-based auth yesterday. The full chain is in How Attackers Run Smishing Campaigns.

How Attackers Run Smishing Campaigns

Amaranth-Dragon's WinRAR Chain: Persistence Through Phishing

Since the last time we called out CVE-2025-8088 (the WinRAR path-traversal), Amaranth-Dragon (basically APT-41's cousin) has leveled up for Southeast Asian government targets. Check Point's breakdown shows phishing lures dropping RARs that sideload DLLs into Startup, then pulling down espionage tools over HTTPS with token tricks for privilege escalation.

Update: exploitation is live, and there are fresh IOCs: one Dropbox domain, a hash, and some geopolitical bait that's working for persistence. If you're red teaming, throw this in your next run; pre-7.13 installs are everywhere. Blue team, patch to 7.20 or higher, and hunt for weird stuff in Startup, blocking those IOCs.

Amaranth Dragon Weaponizes CVE-2025-8088.

APT28's Multi-Stage Office Assault: CVE-2026-21509 Evolved

We already hit APT28's spearphishing with CVE-2026-21509 last time. That's the Microsoft Office bypass that drops NotDoor and BeardShell over cloud C2. Trellix just dropped more details: multi-stage payloads using WebDAV for exfil, rundll32 for injection, and scheduled tasks for sticking around. Targets are European governments and militaries, with IOCs such as hashes and domains.

The evasion here is classic: in-memory execution, process injection, and encrypted channels riding on legit cloud storage. If you're on offense, steal this chain; it's a blueprint for dodging EDR. Blue team, watch for WebDAV outbound and patch now. The MITRE mapping in the advisory is gold for detection rules.

APT28's Stealthy Multi-Stage Campaign.

VoidLink: AI's Gift to C2 Tradecraft

Ontinue's breakdown of VoidLink, a Zig-based C2 implant for Linux cooked up with LLMs, shows just how much risk is ramping up for cloud ops. It's targeting major cloud providers and container environments, using container escapes and kernel exploits to evade detection. It does all the usual credential theft, lateral movement with standard protocols, and exfil over weird channels. I know I keep coming back to this one, but it's hands-down my favorite topic of the last six months, and it just keeps getting wilder.

What makes this one nasty: AES-256-GCM-encrypted channels over HTTPS that blend in with normal web traffic, process injection, and traffic signaling for evasion. The rootkit even adapts to whatever kernel it lands on, using eBPF hooks for new kernels and old-school modules for the rest. Red teams, dig into the MITRE mappings; it's basically a playbook for sticking around in multi-cloud. Blue team, audit your Kubernetes perms and lock down outbound to known C2. IOCs are out there. Use them.

VoidLink: Dissecting an AI-Generated C2 Implant.

Talos later published an analysis attributing VoidLink deployments to UAT-9921, a threat actor active since 2019 against technology and financial organizations. The report confirms VoidLink's technical architecture: Zig for implants, C for plugins, and Go for the backend, with compile-on-demand modules. The RBAC mechanism (SuperAdmin, Operator, Viewer roles) indicates a structured operational framework. UAT-9921's use of VoidLink is ongoing.

New threat actor, UAT-9921, leverages VoidLink framework in campaigns.

UNC1069's macOS Arsenal: Deepfakes Meet TCC Bypasses

Mandiant's report on DPRK-linked UNC1069 is offensive catnip: seven macOS malware families deployed via ClickFix social engineering against fintech and crypto targets. The chain began with a compromised Telegram account and a spoofed Zoom meeting, during which the victim reported seeing what appeared to be a deepfake of a crypto CEO. Mandiant notes they couldn't independently verify the AI-generated video claim, and Kaspersky's parallel tracking (as "GhostCall") suggests some of these videos may be reused real recordings from previous victims. Either way, the social engineering is effective.

The real fun kicks in after compromise: DEEPBREATH dodges TCC.db for full-disk access, reflective dylib injection keeps everything in-memory, and creds get ripped from Keychain, browsers, and Telegram. There's curl-to-zsh execution, Rosetta cache tricks to dodge forensics, and browser exfil via NativeMessagingHosts. YARA rules and IOCs (like zoom[.]uswe05[.]us) mean you can test this right now. If you're running ops, the deepfake-and-replay-lure angle is moving fast in crypto.

UNC1069 Targets Cryptocurrency Sector.

Warlock Ransomware via SmarterMail Vulns

Storm-2603 is using CVE-2026-23760 and CVE-2026-24423 (both KEV-listed) to breach SmarterMail servers <100.0.9511 and deploy Warlock ransomware. ReliaQuest details the chain: RCE to cmd.exe shells, ingress tools, then persistence via scheduled tasks and masquerading.

If you're on offense, non-standard ports help with lateral moves, and signed proxies make evasion a breeze. CISA's mitigations are solid, but if you're pentesting, just run the full exploit chain yourself.

Storm-2603 Exploits CVE-2026-23760.

Ransomware Delivery: Phorpiex to Employee Monitoring Abuse

Phorpiex's LNK phishing drops GLOBAL GROUP ransomware featuring offline encryption with ChaCha20-Poly1305, anti-VM checks, and lateral via AD enum/remote services. Forcepoint's analysis includes mutexes and .Reco extensions for hunting. Phorpiex Phishing Campaign.

Huntress caught actors abusing Net Monitor for Employees and SimpleHelp RMM for Crazy (VoidCrypt) deployment and crypto theft. Dual-tool persistence with process masquerading (OneDriveSvc) and overlapping C2. SHA-256s and IPs provided. Employee Monitoring Abused.

Quick Hits

LummaStealer was supposed to be toast after the DOJ takedown, but Bitdefender just found it crawling back with CastleLoader. The new loader uses AutoIt for obfuscation and rundll32 to stick around. The evasion move is slick: CastleLoader hammers random, fake domains with DNS lookups to spot sandboxes. Real resolvers bail fast, sandboxes don't, and the loader uses that to decide what to do. If you're building detection, that DNS pattern is easy money. Bitdefender dropped IOCs on GitHub. LummaStealer Is Getting a Second Life.

AgreeToSteal is a new supply-chain curveball. Koi found an attacker snagging an abandoned Vercel subdomain that an Outlook add-in still trusted, which handed over mailbox access, no exploit needed. Over 4,000 creds stolen, just like that. No CVE here, since Outlook isn't the problem; it's the way add-in trust lingers after the backend is gone. If you're red teaming, audit your add-in registrations and see if any still point to stuff you don't control anymore. AgreeToSteal.

Adbleed is a side channel most people miss. Adblock extensions pull regional filter lists on a schedule, and those requests leak your real location, even if you're behind a VPN. By timing when the filter lists get fetched, attackers can figure out where you actually are. No exploit needed, just recon, and it blows right past the VPN shield most people trust. Add this to your passive fingerprinting bag of tricks. Adbleed.

OysterLoader is worth a look if you're into custom loaders. Sekoia's teardown shows a multi-stage chain: obfuscation, process injection, sandbox evasion, then C2 over normal web protocols. Exfil uses archive packaging to blend in with regular traffic. If you're building or breaking loaders, the staging and evasion tricks here are worth stealing. OysterLoader Unmasked.

Final Byte: Evasion's New Normal

From AI implants busting out of containers to deepfake lures smashing macOS, this week is all about tools that blend in and stick around. APT28's cloud pivots show the old chains keep mutating, but the new stuff, VoidLink's rootkits and UNC1069's TCC bypasses, is what you want in your offensive kit. Spin these up in your lab; you'll see them in the wild soon enough.

Till next op, stay sharp out there.

~ UncleSp1d3r