{
	"id": "1810eca0-4cc8-4a96-bc8d-d4d3317baeeb",
	"created_at": "2026-04-06T00:18:18.719179Z",
	"updated_at": "2026-04-10T03:37:58.982188Z",
	"deleted_at": null,
	"sha1_hash": "fe19c06b46686e4a30bcf9b00a709f6d4fc5ac08",
	"title": "Research, News, and Perspectives",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 6203915,
	"plain_text": "Research, News, and Perspectives\r\nArchived: 2026-04-05 14:05:42 UTC\r\nPrivacy \u0026 Risks\r\nTrendAI Insight: New U.S. National Cyber Strategy\r\nTrendAI reviews the White House National Cyber Strategy, outlining six pillars to strengthen U.S. cybersecurity\r\n—from deterrence and regulation to federal modernization, critical infrastructure protection, AI leadership, and\r\nworkforce development.\r\nhttps://blog.trendmicro.com/trendlabs-security-intelligence/operation-poisoned-news-hong-kong-users-targeted-with-mobile-malware-via-local-news-links/\r\nPage 1 of 11\n\nArtificial Intelligence (AI)\r\nThe Real Risk of Vibecoding\r\nThis blog looks at how AI‑driven vibecoding speeds up software development while increasing security risk by\r\noutpacing traditional review and ownership. It explains why security needs to move earlier and be built into\r\nmodern development workflows.\r\nExpert Perspective Mar 31, 2026\r\nExpert Perspective Mar 31, 2026\r\nhttps://blog.trendmicro.com/trendlabs-security-intelligence/operation-poisoned-news-hong-kong-users-targeted-with-mobile-malware-via-local-news-links/\r\nPage 2 of 11\n\nCyber Threats\r\nAxios NPM Package Compromised: Supply Chain Attack Hits JavaScript HTTP Client with\r\n100M+ Weekly Downloads\r\nA supply chain attack hit Axios when attackers used stolen npm credentials to publish malicious versions\r\ncontaining a phantom dependency. This triggered a cross-platform RAT during installation and replaced its files\r\nwith clean decoys, making detection challenging.\r\nhttps://blog.trendmicro.com/trendlabs-security-intelligence/operation-poisoned-news-hong-kong-users-targeted-with-mobile-malware-via-local-news-links/\r\nPage 3 of 11\n\nArtificial Intelligence (AI)\r\nTrendAI™ Research at RSAC 2026: Advancing Defense Across AI‑Driven and Cyber‑Physical\r\nThreats\r\nTrendAI™ Research explored agentic AI cybercrime and EV infrastructure security through two research sessions\r\nat RSAC 2026.\r\nhttps://blog.trendmicro.com/trendlabs-security-intelligence/operation-poisoned-news-hong-kong-users-targeted-with-mobile-malware-via-local-news-links/\r\nPage 4 of 11\n\nMalware\r\nTeamPCP’s Telnyx Attack Marks a Shift in Tactics Beyond LiteLLM\r\nMoving beyond their LiteLLM campaign, TeamPCP weaponizes the Telnyx Python SDK with stealthy\r\nWAV‑based payloads to steal credentials across Linux, macOS, and Windows.\r\nhttps://blog.trendmicro.com/trendlabs-security-intelligence/operation-poisoned-news-hong-kong-users-targeted-with-mobile-malware-via-local-news-links/\r\nPage 5 of 11\n\nArtificial Intelligence (AI)\r\nYour AI Gateway Was a Backdoor: Inside the LiteLLM Supply Chain Compromise\r\nTeamPCP orchestrated one of the most sophisticated multi-ecosystem supply chain campaigns publicly\r\ndocumented to date. It cascaded through developer tooling and compromised LiteLLM and exposed how AI proxy\r\nservices that concentrate API keys and cloud credentials become high-value collateral when supply chain attacks\r\ncompromise upstream dependencies.\r\nhttps://blog.trendmicro.com/trendlabs-security-intelligence/operation-poisoned-news-hong-kong-users-targeted-with-mobile-malware-via-local-news-links/\r\nPage 6 of 11\n\nAPT \u0026 Targeted Attacks\r\nPawn Storm Campaign Deploys PRISMEX, Targets Government and Critical Infrastructure\r\nEntities\r\nThis blog discusses the steganography, cloud abuse, and email-based backdoors used against\r\nthe Ukrainian defense supply chain in the latest Pawn Storm campaign that TrendAI™ Research observed and\r\nanalyzed.\r\nhttps://blog.trendmicro.com/trendlabs-security-intelligence/operation-poisoned-news-hong-kong-users-targeted-with-mobile-malware-via-local-news-links/\r\nPage 7 of 11\n\nArtificial Intelligence (AI)\r\nYour AI Stack Just Handed Over Your Root Keys: Inside the litellm PyPI Breach\r\nLitellm PyPI breach explained: malicious versions steal cloud credentials, SSH keys, and Kubernetes secrets.\r\nLearn impact and urgent mitigation steps.\r\nExpert Perspective Mar 25, 2026\r\nExpert Perspective Mar 25, 2026\r\nhttps://blog.trendmicro.com/trendlabs-security-intelligence/operation-poisoned-news-hong-kong-users-targeted-with-mobile-malware-via-local-news-links/\r\nPage 8 of 11\n\nMalware\r\nCopyright Lures Mask a Multi‑Stage PureLog Stealer Attack on Key Industries\r\nWe look into a stealthy multi‑stage attack campaign that delivers PureLog Stealer entirely in memory using\r\nencrypted, fileless techniques.\r\nhttps://blog.trendmicro.com/trendlabs-security-intelligence/operation-poisoned-news-hong-kong-users-targeted-with-mobile-malware-via-local-news-links/\r\nPage 9 of 11\n\nCompliance \u0026 Risks\r\nWhy East-West Visibility Matters for Grid Security\r\nLearn how east-west traffic visibility helps detect and stop lateral movement attacks inside electric grid\r\ninfrastructure and critical OT networks.\r\nConsumer Focus Mar 18, 2026\r\nConsumer Focus Mar 18, 2026\r\nNo matches found\r\nhttps://blog.trendmicro.com/trendlabs-security-intelligence/operation-poisoned-news-hong-kong-users-targeted-with-mobile-malware-via-local-news-links/\r\nPage 10 of 11\n\nSource: https://blog.trendmicro.com/trendlabs-security-intelligence/operation-poisoned-news-hong-kong-users-targeted-with-mobile-malware-via-local-news-links/\r\nhttps://blog.trendmicro.com/trendlabs-security-intelligence/operation-poisoned-news-hong-kong-users-targeted-with-mobile-malware-via-local-news-links/\r\nPage 11 of 11",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia",
		"ETDA"
	],
	"references": [
		"https://blog.trendmicro.com/trendlabs-security-intelligence/operation-poisoned-news-hong-kong-users-targeted-with-mobile-malware-via-local-news-links/"
	],
	"report_names": [
		"operation-poisoned-news-hong-kong-users-targeted-with-mobile-malware-via-local-news-links"
	],
	"threat_actors": [
		{
			"id": "3703894e-cf68-4c1e-a71a-e8fd2ef76747",
			"created_at": "2023-11-08T02:00:07.166789Z",
			"updated_at": "2026-04-10T02:00:03.432192Z",
			"deleted_at": null,
			"main_name": "TwoSail Junk",
			"aliases": [
				"Operation Poisoned News"
			],
			"source_name": "MISPGALAXY:TwoSail Junk",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "730dfa6e-572d-473c-9267-ea1597d1a42b",
			"created_at": "2023-01-06T13:46:38.389985Z",
			"updated_at": "2026-04-10T02:00:02.954105Z",
			"deleted_at": null,
			"main_name": "APT28",
			"aliases": [
				"Pawn Storm",
				"ATK5",
				"Fighting Ursa",
				"Blue Athena",
				"TA422",
				"T-APT-12",
				"APT-C-20",
				"UAC-0001",
				"IRON TWILIGHT",
				"SIG40",
				"UAC-0028",
				"Sofacy",
				"BlueDelta",
				"Fancy Bear",
				"GruesomeLarch",
				"Group 74",
				"ITG05",
				"FROZENLAKE",
				"Forest Blizzard",
				"FANCY BEAR",
				"Sednit",
				"SNAKEMACKEREL",
				"Tsar Team",
				"TG-4127",
				"STRONTIUM",
				"Grizzly Steppe",
				"G0007"
			],
			"source_name": "MISPGALAXY:APT28",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "741d58a1-0fc0-41a8-9681-106a06c07e61",
			"created_at": "2022-10-25T16:07:23.983046Z",
			"updated_at": "2026-04-10T02:00:04.822372Z",
			"deleted_at": null,
			"main_name": "Operation Poisoned News",
			"aliases": [
				"Operation Poisoned News",
				"TwoSail Junk"
			],
			"source_name": "ETDA:Operation Poisoned News",
			"tools": [
				"dmsSpy",
				"lightSpy"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "ae320ed7-9a63-42ed-944b-44ada7313495",
			"created_at": "2022-10-25T15:50:23.671663Z",
			"updated_at": "2026-04-10T02:00:05.283292Z",
			"deleted_at": null,
			"main_name": "APT28",
			"aliases": [
				"APT28",
				"IRON TWILIGHT",
				"SNAKEMACKEREL",
				"Group 74",
				"Sednit",
				"Sofacy",
				"Pawn Storm",
				"Fancy Bear",
				"STRONTIUM",
				"Tsar Team",
				"Threat Group-4127",
				"TG-4127",
				"Forest Blizzard",
				"FROZENLAKE",
				"GruesomeLarch"
			],
			"source_name": "MITRE:APT28",
			"tools": [
				"Wevtutil",
				"certutil",
				"Forfiles",
				"DealersChoice",
				"Mimikatz",
				"ADVSTORESHELL",
				"Komplex",
				"HIDEDRV",
				"JHUHUGIT",
				"Koadic",
				"Winexe",
				"cipher.exe",
				"XTunnel",
				"Drovorub",
				"CORESHELL",
				"OLDBAIT",
				"Downdelph",
				"XAgentOSX",
				"USBStealer",
				"Zebrocy",
				"reGeorg",
				"Fysbis",
				"LoJax"
			],
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "d2516b8e-e74f-490d-8a15-43ad6763c7ab",
			"created_at": "2022-10-25T16:07:24.212584Z",
			"updated_at": "2026-04-10T02:00:04.900038Z",
			"deleted_at": null,
			"main_name": "Sofacy",
			"aliases": [
				"APT 28",
				"ATK 5",
				"Blue Athena",
				"BlueDelta",
				"FROZENLAKE",
				"Fancy Bear",
				"Fighting Ursa",
				"Forest Blizzard",
				"G0007",
				"Grey-Cloud",
				"Grizzly Steppe",
				"Group 74",
				"GruesomeLarch",
				"ITG05",
				"Iron Twilight",
				"Operation DealersChoice",
				"Operation Dear Joohn",
				"Operation Komplex",
				"Operation Pawn Storm",
				"Operation RoundPress",
				"Operation Russian Doll",
				"Operation Steal-It",
				"Pawn Storm",
				"SIG40",
				"Sednit",
				"Snakemackerel",
				"Sofacy",
				"Strontium",
				"T-APT-12",
				"TA422",
				"TAG-0700",
				"TAG-110",
				"TG-4127",
				"Tsar Team",
				"UAC-0028",
				"UAC-0063"
			],
			"source_name": "ETDA:Sofacy",
			"tools": [
				"ADVSTORESHELL",
				"AZZY",
				"Backdoor.SofacyX",
				"CHERRYSPY",
				"CORESHELL",
				"Carberp",
				"Computrace",
				"DealersChoice",
				"Delphacy",
				"Downdelph",
				"Downrage",
				"Drovorub",
				"EVILTOSS",
				"Foozer",
				"GAMEFISH",
				"GooseEgg",
				"Graphite",
				"HATVIBE",
				"HIDEDRV",
				"Headlace",
				"Impacket",
				"JHUHUGIT",
				"JKEYSKW",
				"Koadic",
				"Komplex",
				"LOLBAS",
				"LOLBins",
				"Living off the Land",
				"LoJack",
				"LoJax",
				"MASEPIE",
				"Mimikatz",
				"NETUI",
				"Nimcy",
				"OCEANMAP",
				"OLDBAIT",
				"PocoDown",
				"PocoDownloader",
				"Popr-d30",
				"ProcDump",
				"PythocyDbg",
				"SMBExec",
				"SOURFACE",
				"SPLM",
				"STEELHOOK",
				"Sasfis",
				"Sedkit",
				"Sednit",
				"Sedreco",
				"Seduploader",
				"Shunnael",
				"SkinnyBoy",
				"Sofacy",
				"SofacyCarberp",
				"SpiderLabs Responder",
				"Trojan.Shunnael",
				"Trojan.Sofacy",
				"USB Stealer",
				"USBStealer",
				"VPNFilter",
				"Win32/USBStealer",
				"WinIDS",
				"Winexe",
				"X-Agent",
				"X-Tunnel",
				"XAPS",
				"XTunnel",
				"Xagent",
				"Zebrocy",
				"Zekapab",
				"carberplike",
				"certutil",
				"certutil.exe",
				"fysbis",
				"webhp"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "63883709-27b5-4b65-9aac-c782780fbb28",
			"created_at": "2026-04-10T02:00:03.996704Z",
			"updated_at": "2026-04-10T02:00:03.996704Z",
			"deleted_at": null,
			"main_name": "TeamPCP",
			"aliases": [],
			"source_name": "MISPGALAXY:TeamPCP",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775434698,
	"ts_updated_at": 1775792278,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/fe19c06b46686e4a30bcf9b00a709f6d4fc5ac08.pdf",
		"text": "https://archive.orkl.eu/fe19c06b46686e4a30bcf9b00a709f6d4fc5ac08.txt",
		"img": "https://archive.orkl.eu/fe19c06b46686e4a30bcf9b00a709f6d4fc5ac08.jpg"
	}
}