{ "id": "7a62f790-2cc3-4163-885d-e751731b82c7", "created_at": "2026-04-06T02:11:43.374185Z", "updated_at": "2026-04-10T13:11:33.409548Z", "deleted_at": null, "sha1_hash": "ec10b023bc39e89b81388abebe49fd4ca94bb2b1", "title": "LevelBlue - Open Threat Exchange", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 260743, "plain_text": "LevelBlue - Open Threat Exchange\r\nBy CyberHunterAutoFeed\r\nArchived: 2026-04-06 02:06:17 UTC\r\n1,584 Subscribers\r\n1,584 Subscribers\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:Meterpreter\r\nPage 1 of 6\n\nHYDRA SAIGA: COVERT ESPIONAGE AND INFILTRATION OF CRITICAL UTILITIES\r\nFileHash-MD5: 1 | FileHash-SHA1: 1 | FileHash-SHA256: 6 | URL: 33 | Domain: 16 | Hostname: 8\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:Meterpreter\r\nPage 2 of 6\n\nHydra Saiga, an alleged state-sponsored threat group from Kazakhstan, has been active since at least 2021 and\r\nfocuses on infiltrating government and critical infrastructure sectors, particularly in Central Asia, Europe, and the\r\nMiddle East. The group employs various tactics and tools for command-and-control (C2) operations, notably\r\nutilizing the Telegram Bot API and deploying both commodity and custom malware, including payloads written in\r\nlanguages such as Python, PowerShell, Golang, and Rust.\r\n161 Subscribers\r\n1,584 Subscribers\r\n1,584 Subscribers\r\n841 Subscribers\r\n1,584 Subscribers\r\n1,584 Subscribers\r\n1,584 Subscribers\r\n54 Subscribers\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:Meterpreter\r\nPage 3 of 6\n\nAI-augmented threat actor accesses FortiGate devices at scale\r\nCVE: 3\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:Meterpreter\r\nPage 4 of 6\n\nRecent investigations by Amazon Threat Intelligence have revealed a troubling trend: financially motivated threat\r\nactors leveraging commercial AI tools to conduct large-scale cyberattacks, impacting over 600 FortiGate devices\r\nacross more than 55 countries. This campaign spanned from January 11 to February 18, 2026, indicating a shift in\r\nthe landscape where even less skilled individuals can execute significant operations through AI augments. The\r\nactions of this Russian-speaking actor primarily focused on exploiting weak security practices, notably exposed\r\nmanagement ports and inadequate credential protection, as opposed to leveraging specific vulnerabilities within\r\nFortiGate appliances.\r\n161 Subscribers\r\n1,584 Subscribers\r\n1,584 Subscribers\r\n1,584 Subscribers\r\n1,584 Subscribers\r\n1,584 Subscribers\r\n1,584 Subscribers\r\n1,584 Subscribers\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:Meterpreter\r\nPage 5 of 6\n\n1,584 Subscribers\r\nThreatFox Hunt: Meterpreter IOCs - 2026-02-16\r\nAutomated ThreatFox hunt for Meterpreter indicators. 23 IOCs collected via Pattern 49 intelligence streaming.\r\nMITRE ATT\u0026CK: T1055, T1059.001, T1105, T1027. Reference: https://analytics.dugganusa.com\r\n152 Subscribers\r\nSource: https://otx.alienvault.com/browse/pulses?q=tag:Meterpreter\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:Meterpreter\r\nPage 6 of 6\n\nHYDRA SAIGA: COVERT https://otx.alienvault.com/browse/pulses?q=tag:Meterpreter ESPIONAGE AND INFILTRATION OF CRITICAL UTILITIES\nFileHash-MD5: 1 | FileHash-SHA1: 1 | FileHash-SHA256: 6 | URL: 33 | Domain: 16 | Hostname: 8\n Page 2 of 6", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "origins": [ "web" ], "references": [ "https://otx.alienvault.com/browse/pulses?q=tag:Meterpreter" ], "report_names": [ "pulses?q=tag:Meterpreter" ], "threat_actors": [], "ts_created_at": 1775441503, "ts_updated_at": 1775826693, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/ec10b023bc39e89b81388abebe49fd4ca94bb2b1.pdf", "text": "https://archive.orkl.eu/ec10b023bc39e89b81388abebe49fd4ca94bb2b1.txt", "img": "https://archive.orkl.eu/ec10b023bc39e89b81388abebe49fd4ca94bb2b1.jpg" } }