Anomali Cyber Watch: Salesloft Drift Breach, Salty2FA Phishing, GPUGate Malware, and More
Salesloft Drift Breach Expands to Qualys and Tenable
(published: September 8, 2025)
The supply-chain attack exploiting Salesloft’s Drift AI integration continues to impact new organizations. Qualys and Tenable confirmed that attackers used stolen OAuth tokens to access their Salesforce environments, exfiltrating customer support data including names, business emails, phone numbers, and case details. Both companies reported that no core infrastructure or scanning services were compromised, but sensitive support interactions were exposed. This disclosure follows earlier reports of hundreds of Salesforce tenants being breached through the same OAuth token theft campaign attributed to UNC6395. Affected organizations have since disabled Drift integrations, revoked tokens, and launched joint investigations with partners.
Analyst Comment: What stands out here is that the full fallout of this supply-chain attack is still being revealed. Weeks after the initial disclosure, major security vendors like Qualys and Tenable are only now confirming exposure, which tells us two things: the scope of the campaign is wider than first understood, and victim identification takes time when OAuth tokens are involved. Tokens are silent keys that do not trigger the same alerts as passwords, making detection and investigation slower. For defenders, the lesson is not just to revoke the obvious compromised credentials but to assume persistence and audit all OAuth integrations. Reviewing API logs, implementing tighter scopes on tokens, and enforcing regular rotation schedules will help limit this type of exposure. Just as important is maintaining visibility into third-party applications, because the weakest link in your ecosystem may not be under your direct control.
Salty2FA Phishing Kit Shows Enterprise-Grade Evasion Capabilities
(published: September 9, 2025)
Researchers have uncovered a phishing campaign powered by the Salty2FA kit, which demonstrates a professional level of technical innovation. The kit uses session-based subdomain rotation to assign each victim a unique domain, abuses legitimate platforms like Aha[.]io for staging lures, and replicates corporate branding with logos and colors to maximize credibility. Cloudflare’s Turnstile is integrated to block automated scanners and filter security vendor traffic, while obfuscated JavaScript detects debugging and enforces anti-analysis loops. Critical strings are XOR-encrypted and decrypted only at runtime, concealing operational logic. Victims are funneled through layered redirects mimicking legitimate .com.de domains before reaching portals capable of intercepting multiple MFA methods.
Analyst Comment: The real concern with Salty2FA is not only its technical sophistication but also the breadth of its targeting. Healthcare, finance, energy, automotive, and technology are all in scope, which suggests this is not opportunistic crime but a structured operation designed for scale. The distributed infrastructure means takedowns will not cripple the campaign quickly, and that resilience is what makes it harder to defend against.
MITRE ATT&CK: T1566.002 - Phishing: Spearphishing Link | T1111 - Two-Factor Authentication Interception | T1027 - Obfuscated Files Or Information | T1140 - Deobfuscate/Decode Files Or Information | T1622 - Debugger Evasion | T1036 - Masquerading
GPUGate Malware Abuses Google Ads and GitHub to Evade Sandboxes
(published: September 8, 2025)
Arctic Wolf has identified GPUGate, a malware campaign active since at least December 2024, that uses Google Ads and tampered GitHub commits to deliver trojanized GitHub Desktop installers. Victims clicking the promoted links are redirected to a fake domain (gitpage[.]app) hosting a 127.7 MB MSI installer packed with 171 executables, most of them dummy files designed to overwhelm static analysis. A unique evasion tactic is GPU-based decryption: the payload only activates if the system has a genuine GPU with a device name of at least 10 characters, effectively filtering out most virtual machines and sandboxes. Once decrypted, the malware uses PowerShell and VBScript to disable protections, establish persistence via scheduled tasks, and create marker files. Windows victims receive the GPUGate payload, while macOS users are redirected to AMOS Stealer. The operation primarily targets IT and software development professionals in Western Europe.
Analyst Comment: The exclusive focus on IT and software development firms in Western Europe is significant, particularly when paired with the Russian language artifacts in the PowerShell script, which point to operators with regional proficiency while still warranting cautious attribution. Equally notable is the use of GPU functions to generate an encryption key, introducing a hardware dependency that hinders both sandbox execution and reverse engineering. This approach, described as Phantom Commit Injection, signals a deliberate move toward more advanced, hardware-aware obfuscation that goes beyond conventional techniques.
MITRE ATT&CK: T1189 - Drive-By Compromise | T1497 - Virtualization/Sandbox Evasion | T1059 - Command And Scripting Interpreter | T1053 - Scheduled Task/Job | T1140 - Deobfuscate/Decode Files Or Information | T1548 - Abuse Elevation Control Mechanism
Critical NPM Supply Chain Attack Hijacks Widely Used Packages
(published: September 9, 2025)
On 8 September 2025, attackers executed a large‐scale supply chain compromise of at least 18 highly popular npm packages, including chalk, debug, ansi-styles, strip-ansi, and color-convert, together seeing over 2.6 billion weekly downloads. The breach stemmed from a phishing email impersonating npm support, tricking a maintainer into performing a two-factor authentication update via a malicious site, which allowed the attacker to take over his npm account. With account control, the threat actor published malicious versions of the packages, embedding JavaScript that intercepted crypto transaction or web3 wallet calls in browser contexts, rewriting destination addresses to attacker-controlled wallets. The malicious versions were available for a brief window (about two hours) before being detected and removed. Despite the wide exposure, financial gains appear negligible, with only small sums traced to attacker wallets, and many wallets quickly flagged to limit conversion or movement.
Analyst Comment: It is striking that attackers managed to compromise some of the most widely used npm packages, a scenario that could have caused serious damage, yet in the end they walked away with only a few hundred dollars in crypto. The mismatch between potential scale and actual profit shows how a poorly chosen monetization path and a swift community response can blunt even a large-scale compromise. From my perspective, we should not assume this failure will discourage attackers. The phishing email that tricked the maintainer worked once, which means we are likely to see refined versions of the same approach. That could include more convincing support emails, SIM swapping, or even targeting multiple maintainers at the same time to guarantee access. Looking ahead, I would expect adversaries to focus on crypto-specific packages where malicious code would appear less suspicious and more likely to execute. If a library like ethers.js or web3.js were poisoned, attackers would not need billions of installs. Even a fraction of those handling real wallet transactions could deliver meaningful returns while reducing their visibility and improving the chance of profit.
MITRE ATT&CK: T1566 - Phishing | T1078 - Valid Accounts | T1195 - Supply Chain Compromise | T1059 - Command And Scripting Interpreter
Jaguar Land Rover Data Breach Following Major Cyber-Attack
(published: September 10, 2025)
Jaguar Land Rover (JLR) has confirmed that during a significant cyberattack in early September, attackers stole “some data” after initial claims that no customer data had been compromised. The breach forced the automaker to shut down multiple IT systems globally, which severely disrupted production, halted vehicle registrations, and impacted dealer and parts operations in locations including the UK, Slovakia, India, and China. JLR is working with third-party cybersecurity specialists and UK regulators in a forensic investigation; affected individuals will be notified if their personal data is confirmed as accessed. A group calling itself “Scattered LAPSUS$ Hunters,” possibly involving parts Scattered Spider, Lapsus$, and ShinyHunters, has claimed responsibility.
Analyst Comment: From my perspective, the JLR breach strikes at the heart of operational resilience. Downtime across factories and dealerships is not just a financial strain: it also exposes supply chain weak points, particularly the dependency on real-time IT connectivity. The group claiming responsibility appears to be a loose coalition drawing members from previously active clusters such as Scattered Spider, Lapsus$, and ShinyHunters, suggesting knowledge and tactics are being pooled rather than a full organizational merger. What strikes me is how these kinds of collaborations blur the lines between distinct threat groups, making it harder to pin down identities and showing that alliances in the cybercriminal world can be far more fluid than we often assume.
EggStreme: Fileless Malware Framework Targets Philippine Military Firm
(published: September 10, 2025)
Bitdefender researchers uncovered a sophisticated campaign against a Philippine military company involving a newly identified fileless malware framework dubbed EggStreme. The attack begins with EggStremeFuel, a malicious DLL (mscorsvc.dll) that profiles the host and initiates contact with command servers. It then loads EggStremeLoader for persistence, which invokes EggStremeReflectiveLoader to execute the main backdoor, EggStremeAgent, entirely in memory. EggStremeAgent supports 58 commands covering reconnaissance, lateral movement, privilege escalation, data theft, and implant deployment. Each user session triggers the injection of EggStremeKeylogger, while EggStremeWizard acts as a fallback implant to ensure resilience. The campaign uses DLL sideloading, reflective loading, and memory-only execution to evade traditional defenses. While attribution remains cautious, the framework’s sophistication and targeting align with activity commonly linked to Chinese APT groups.
Analyst Comment: EggStreme’s use of DLL sideloading to trigger a staged, in-memory execution chain is what makes it so effective. Each loader conceals the next, leaving little on disk and depriving defenders of the usual indicators like suspicious files or registry entries. This design is purposeful: it ensures stealth, resilience, and the ability to persist even if part of the chain is uncovered. Rather than a single implant, EggStreme operates as a layered system built to endure, which explains why detection is so difficult and why intrusions can last far longer than expected.
MITRE ATT&CK: T1574.002 - Hijack Execution Flow: Dll Side-Loading | T1620 - Reflective Code Loading | T1055 - Process Injection | T1021.002 - Remote Services: Smb/Windows Admin Shares | T1056.001 - Input Capture: Keylogging
The Rising Cyber Risk of Deepfakes in Geopolitics and Business
(published: September 10, 2025)
Deepfake technology is increasingly weaponized across geopolitical spaces, fueling misinformation campaigns that erode trust and destabilize societies. In 2024, deepfakes were generated approximately every five minutes, with projections suggesting around 8 million will circulate across the EU in 2025. They have already appeared in election interference, armed conflicts such as Ukraine and the Middle East, and propaganda operations like a fabricated video of Ukrainian President Zelenskyy urging his troops to surrender. Experts warn that while state and non-state actors exploit synthetic media, detection and regulation continue to lag behind its creation and spread.
Analyst Comment: What worries me most about deepfakes is not only their use in geopolitical propaganda but how quickly they are seeping into everyday social engineering campaigns. Criminals are already using synthetic voices and faces to impersonate executives, trick employees into transferring funds, and lure victims into scams that look and sound legitimate. This shift is not abstract—it is directly impacting businesses across every sector, eroding trust in the communications we rely on to operate. The challenge is that once trust is undermined, even genuine messages can fall under suspicion, slowing decision-making and opening new avenues for attackers. Tackling this requires layered defenses: better employee training, stronger verification processes for high-risk requests, and investment in tools that can spot manipulated media. For a deeper dive into how to recognize and defend against these threats, I recommend reading our blog on spotting AI-generated disinformation and deepfakes, which provides practical guidance and examples. Read it here: https://www.anomali.com/blog/spotting-ai-generated-disinformation-and-deepfakes
MITRE ATT&CK: T1566 - Phishing | T1656 - Impersonation | T1582 - Sms Control | T1646 - Exfiltration Over C2 Channel
Cursor AI Editor Vulnerability Lets Repos “Autorun” Malicious Code on Devices
(published: September 11, 2025)
A newly disclosed vulnerability in Cursor, an AI-powered code editor by Anysphere, allows attackers to execute code automatically when a user opens a repository. Cursor ships with Workspace Trust (a VS Code feature that prevents automatic code execution without explicit user consent) disabled by default, meaning that a “run on folder open” task configured in a repo’s .vscode/tasks.json can execute silently. Oasis Security researchers demonstrated a harmless proof-of-concept to validate the risk, showing how attackers could steal credentials or API tokens, make file modifications, or leverage developer machines to attack CI/CD pipelines and cloud environments.
Analyst Comment: The release of a working proof-of-concept should remove any doubt that this is more than a theoretical edge case. The real issue is not novel exploitation but a default setting that prioritizes convenience over safety, leaving developers exposed the moment they open an untrusted repo. If enabling Workspace Trust disrupts key Cursor features, then disabling all automatic task execution and isolating unknown repos in containers or disposable VMs is the safer trade-off. Developers should also avoid leaving credentials universally accessible and only load them at runtime. For enterprise defenders, monitoring for suspicious executions tied to .vscode/tasks.json offers a practical hunting lead. The broader lesson is simple: defaults matter, and until Cursor changes theirs, security teams and individual developers must take the lead in closing this gap.
MITRE ATT&CK: T1059 - Command And Scripting Interpreter | T1204 - User Execution
ChillyHell macOS Backdoor & ZynorRAT Threats
(published: September 10, 2025)
Security researchers have uncovered two distinct malware families targeting different platforms but sharing a theme of stealth and durability. ChillyHell, a macOS backdoor active since at least 2021, initially passed Apple’s notarization process, giving it a trusted appearance. Once installed, it maintains access through LaunchAgents, LaunchDaemons, and shell-profile injection, disguises files with timestomping, and connects to hardcoded servers over HTTP or DNS for commands such as host profiling and password brute forcing. Alongside it, investigators identified ZynorRAT, a Go-based remote access trojan with builds for Windows and Linux. ZynorRAT enables file theft, screenshots, arbitrary command execution, and persistence via system services, while relying on Telegram bots for command-and-control, showing the actor’s intent to maintain broad cross-platform reach.
Analyst Comment: ChillyHell highlights how attackers exploit trusted ecosystems like Apple’s notarization to remain hidden for years. Its durability comes from layered persistence and timestomping, while ZynorRAT broadens the threat across Windows and Linux using a lightweight Telegram C2 channel. Relying on platform trust alone leaves gaps. Stronger coverage comes from validating persistence mechanisms, scrutinizing DNS, HTTP, and messaging traffic for covert C2, and baselining normal process behavior across mixed operating environments.
MITRE ATT&CK: T1078 - Valid Accounts | T1547 - Boot Or Logon Autostart Execution | T1059 - Command And Scripting Interpreter | T1071 - Application Layer Protocol | T1110 - Brute Force
iCloud Calendar Abused to Send Phishing Emails from Apple’s Servers
(published: September 8, 2025)
A phishing scheme is using Apple’s iCloud Calendar invite system to send fraudulent emails that appear legitimate. Messages sent from noreply@email.apple.com, which pass SPF, DKIM, and DMARC checks, claim a $599 PayPal charge. The phishing text is embedded in the "Notes" field of a calendar event. Recipients are encouraged to call a supplied support phone number. When victims call, attackers may attempt to install remote access tools or otherwise trick them into handing over credentials or financial data. Attackers first send the invite to a Microsoft 365 address they control, which is configured as a forwarding list. To preserve email authenticity, Microsoft 365 uses Sender Rewriting Scheme (SRS) so forwarded messages still pass SPF checks.
Analyst Comment: What makes this campaign noteworthy is the way attackers piggyback on legitimate infrastructure. By sending invites through Apple’s iCloud Calendar system and then forwarding them via Microsoft 365, they inherit both Apple’s and Microsoft’s authentication trust. That combination strips away many of the usual warning signs defenders rely on. The takeaway is not that authentication is broken, but that adversaries are learning to operate within its limits. Mitigation has to be layered: technical teams should monitor for unusual calendar invites and forwarding activity in Microsoft 365, while user awareness must focus on behavior rather than sender legitimacy.
MITRE ATT&CK: T1566 - Phishing | T1598 - Phishing For Information
Discover More About Anomali
Get the latest news about cybersecurity, threat intelligence, and Anomali's Security and IT Operations platform.
Propel your mission with amplified visibility, analytics, and AI.
Learn how Anomali can help you cost-effectively improve your security posture.
