Triple Supply Chain Threat Converges on State Government: FortiBleed, SaaS OAuth Weaponization, and Critical Infrastructure Under Siege

<p> <strong> Threat Assessment Level: ELEVATED (Worsening) </strong> </p> <p> <em> Changed from ELEVATED-STABLE in the prior cycle. The convergence of three simultaneous supply chain/credential attack vectors targeting state government infrastructure &mdash; FortiBleed credential exposure, Klue/Icarus SaaS OAuth weaponization, and the Texas vendor breach &mdash; combined with new critical vulnerabilities in Cisco ISE and a novel AI attack class, justifies the upward trend. </em> </p> <h2> <strong> Introduction </strong> </h2> <p> In the past 72 hours, state government IT infrastructure has become the intersection point for three distinct but converging attack campaigns &mdash; each exploiting a different flavor of third-party trust. Nearly 74,000 Fortinet firewalls worldwide have had administrator credentials exposed and cracked. A new extortion group weaponized dormant SaaS OAuth tokens to exfiltrate CRM data from enterprise victims. And a peer state &mdash; Texas &mdash; lost over 3 million resident records through a compromised licensing vendor. </p> <p> These are not theoretical risks. They are active operations, confirmed by CISA alerts, vendor disclosures, and peer-state incident reports. The common thread: <strong> trusted third-party access that was never adequately monitored, rotated, or scoped. </strong> </p> <p> This brief provides state government CIOs and CISOs with the specific intelligence needed to act &mdash; today, this week, and this month. </p> <h2> <strong> What Changed (June 17&ndash;19, 2026) </strong> </h2> <table> <thead> <tr> <th> <p> <strong> Date </strong> </p> </th> <th> <p> <strong> Development </strong> </p> </th> <th> <p> <strong> Impact to State Government </strong> </p> </th> </tr> </thead> <tbody> <tr> <td> <p> June 10 </p> </td> <td> <p> <strong> CVE-2026-50656 </strong> &mdash; Windows Defender privilege escalation zero-day with public PoC; active exploitation ongoing </p> </td> <td> <p> Unpatched Windows endpoints across state agencies exposed to local privilege escalation; no patch available at time of writing </p> </td> </tr> <tr> <td> <p> June 12 </p> </td> <td> <p> <strong> VOID MANTICORE/Handala </strong> (IRGC-affiliated) confirms breach of California water utilities </p> </td> <td> <p> <strong> Direct critical infrastructure attack by nation-state actor; state water/wastewater operators should validate OT segmentation immediately </strong> </p> </td> </tr> <tr> <td> <p> June 17&ndash;18 </p> </td> <td> <p> <strong> FortiBleed </strong> &mdash; CISA publishes formal hardening alert after 73,932 FortiGate credentials exposed globally via GPU-accelerated hash cracking </p> </td> <td> <p> State Fortinet perimeter estate is in confirmed blast radius; public sector entities tagged in eCrime sales catalogs </p> </td> </tr> <tr> <td> <p> June 18 </p> </td> <td> <p> <strong> CISA adds CVE-2026-20253 </strong> to Known Exploited Vulnerabilities catalog (active exploitation confirmed) </p> </td> <td> <p> Product identification pending &mdash; naming convention suggests Cisco product; BOD 22-01 compliance clock starts </p> </td> </tr> <tr> <td> <p> June 18 </p> </td> <td> <p> <strong> Cisco ISE Critical RCE &mdash; CVE-2026-20181 &amp; CVE-2026-20190 disclosed; no workaround available </strong> </p> </td> <td> <p> State NAC infrastructure directly exposed; ISE controls network segmentation for dozens of agencies </p> </td> </tr> <tr> <td> <p> June 17 </p> </td> <td> <p> <strong> Salesforce disables Klue Battlecards integration </strong> after Icarus group exfiltrates CRM data via stolen OAuth tokens </p> </td> <td> <p> Any state Salesforce org with competitive intelligence or abandoned integrations faces identical risk </p> </td> </tr> <tr> <td> <p> June 12&ndash;17 </p> </td> <td> <p> <strong> Texas state government breach </strong> &mdash; 3M+ records (DL numbers, passports, addresses) stolen via third-party licensing vendor </p> </td> <td> <p> Direct peer-state analog; demonstrates vendor compromise pathway to mass PII exfiltration </p> </td> </tr> <tr> <td> <p> June 18 </p> </td> <td> <p> <strong> M365 Copilot "SearchLeak" </strong> disclosed &mdash; parameter-to-prompt injection enables full tenant data exfiltration via single crafted link </p> </td> <td> <p> State M365/Copilot Enterprise deployments exposed to new attack class; Microsoft patched server-side </p> </td> </tr> <tr> <td> <p> June 18 </p> </td> <td> <p> <strong> Oracle Critical Patch Update (June 2026) released; ShinyHunters/UNC6040 mass exploitation of Oracle PeopleSoft (CVE-2026-35273) continues </strong> </p> </td> <td> <p> State HR/Finance ERP systems running PeopleSoft remain at risk </p> </td> </tr> </tbody> </table> <h2> <strong> Threat Timeline </strong> </h2> <table> <thead> <tr> <th> <p> <strong> Date </strong> </p> </th> <th> <p> <strong> Actor/Campaign </strong> </p> </th> <th> <p> <strong> Target </strong> </p> </th> <th> <p> <strong> Technique </strong> </p> </th> <th> <p> <strong> Status </strong> </p> </th> </tr> </thead> <tbody> <tr> <td> <p> June 10 </p> </td> <td> <p> Unknown </p> </td> <td> <p> Windows endpoints </p> </td> <td> <p> CVE-2026-50656 (Defender privilege escalation zero-day, public PoC) </p> </td> <td> <p> Active &mdash; unpatched </p> </td> </tr> <tr> <td> <p> June 11 </p> </td> <td> <p> <strong> Icarus </strong> (new extortion group) </p> </td> <td> <p> Klue &rarr; Salesforce CRM customers </p> </td> <td> <p> OAuth token theft via legacy integration credential (T1528) </p> </td> <td> <p> Active &mdash; Salesforce disabled integration June 17 </p> </td> </tr> <tr> <td> <p> June 12 </p> </td> <td> <p> <strong> ShinyHunters/UNC6040 </strong> </p> </td> <td> <p> Oracle PeopleSoft (~100 orgs) </p> </td> <td> <p> CVE-2026-35273 mass exploitation </p> </td> <td> <p> Active </p> </td> </tr> <tr> <td> <p> June 12 </p> </td> <td> <p> <strong> VOID MANTICORE/Handala </strong> (IRGC-affiliated) </p> </td> <td> <p> California water utilities </p> </td> <td> <p> <strong> Critical infrastructure breach </strong> </p> </td> <td> <p> Confirmed </p> </td> </tr> <tr> <td> <p> June 16 </p> </td> <td> <p> Ransomware (unattributed) </p> </td> <td> <p> Murray County, GA </p> </td> <td> <p> Encrypted tax, court, law enforcement systems + backups; $200K ransom paid </p> </td> <td> <p> Resolved (paid) </p> </td> </tr> <tr> <td> <p> June 17&ndash;18 </p> </td> <td> <p> Russia-nexus (UNC5435 attributed) </p> </td> <td> <p> 73,932 FortiGate firewalls globally </p> </td> <td> <p> Credential stuffing + 45-GPU hash cracking cluster (T1110.002) </p> </td> <td> <p> Active &mdash; credentials circulating </p> </td> </tr> <tr> <td> <p> June 18 </p> </td> <td> <p> Unknown </p> </td> <td> <p> Undetermined product </p> </td> <td> <p> CVE-2026-20253 (CISA KEV &mdash; active exploitation) </p> </td> <td> <p> Active </p> </td> </tr> <tr> <td> <p> June 18 </p> </td> <td> <p> N/A (vulnerability) </p> </td> <td> <p> Cisco ISE </p> </td> <td> <p> <strong> CVE-2026-20181, CVE-2026-20190 (Critical RCE) </strong> </p> </td> <td> <p> Patch available, no exploitation reported yet </p> </td> </tr> <tr> <td> <p> June 18 </p> </td> <td> <p> N/A (patched) </p> </td> <td> <p> M365 Copilot Enterprise </p> </td> <td> <p> SearchLeak &mdash; parameter-to-prompt injection (T1566.002 &rarr; T1114.002) </p> </td> <td> <p> Patched server-side </p> </td> </tr> </tbody> </table> <h2> <strong> Key Threat Analysis </strong> </h2> <h3> <strong> 1. FortiBleed: Industrial-Scale Credential Harvesting Targeting Government </strong> </h3> <p> The FortiBleed operation represents a paradigm shift in credential theft &mdash; not a vulnerability exploit, but the industrialization of credential cracking. A threat actor (attributed to Russia-nexus UNC5435) deployed a 45-GPU cluster to crack SHA-256 legacy password hashes extracted from FortiGate devices. The resulting catalog of 73,932 valid administrator credentials is being sold through eCrime channels, with <strong> government agencies explicitly tagged </strong> as high-value entries. </p> <p> <strong> Why this matters for state government: </strong> Fortinet FortiGate is the dominant perimeter firewall/VPN platform across state networks. If your organization runs FortiGate with legacy hash configurations, your admin credentials may already be in adversary hands. Historical pattern analysis shows a <strong> 10&ndash;14 day window </strong> between credential exposure and ransomware deployment via access brokers. </p> <p> <strong> Named actors in the chain: </strong> UNC5435 (credential harvesting) &rarr; HOOK SPIDER (access brokerage) &rarr; PUNK SPIDER/Akira, LockBit5, Cloak, IncRansom (ransomware deployment) </p> <h3> <strong> 2. Icarus/Klue: SaaS OAuth Tokens Are the New Attack Surface </strong> </h3> <p> On June 11, a new extortion group called <strong> Icarus </strong> (active since April 2026, pattern mirrors ShinyHunters/UNC6395) compromised Klue's backend through a legacy integration credential. They pushed malicious code to harvest OAuth tokens from connected Salesforce instances, then used automated Python scripts to bulk-query Salesforce REST APIs for approximately 24 hours before detection. Confirmed victims include Huntress and Recorded Future. </p> <p> <strong> Why this matters for state government: </strong> State agencies increasingly use Salesforce for constituent services, vendor management, and case tracking. Any connected integration platform &mdash; competitive intelligence tools, analytics plugins, abandoned proof-of-concept integrations &mdash; represents the same attack surface that Icarus exploited. Dormant OAuth tokens with broad API permissions are the equivalent of leaving admin credentials in a shared spreadsheet. </p> <h3> <strong> 3. Texas Vendor Breach: Peer-State Warning on Third-Party Risk </strong> </h3> <p> The Texas state government lost 3M+ records (driver's license numbers, passport numbers, residential addresses) through a compromised third-party hunting/fishing license system vendor. The attack leveraged supply chain compromise (T1195.002) and likely vendor credential abuse (T1078) to access and exfiltrate bulk PII. </p> <p> <strong> Why this matters: </strong> Every state government relies on specialized vendors for licensing, permitting, and constituent-facing services. These vendors often maintain persistent access to state databases with minimal monitoring. The Texas breach is a direct analog for any state with outsourced licensing systems. </p> <h3> <strong> 4. Cisco ISE Critical RCE: Network Access Control at Risk </strong> </h3> <p> CVE-2026-20181 and CVE-2026-20190 affect Cisco Identity Services Engine &mdash; the platform many state governments use to enforce network segmentation, device posture assessment, and role-based access control. These are <strong> Critical-rated remote code execution </strong> vulnerabilities with no workaround. If ISE is compromised, an attacker gains control of the policy engine that decides which devices access which network segments. </p> <h3> <strong> 5. M365 Copilot SearchLeak: A New Attack Class Emerges </strong> </h3> <p> The "SearchLeak" vulnerability disclosed by Varonis establishes <strong> parameter-to-prompt (P2P) injection </strong> as a new attack class. A crafted URL with a malicious ?q= parameter causes M365 Copilot to execute natural language instructions with the victim's full Microsoft Graph permissions &mdash; accessing emails, SharePoint, and OneDrive, then exfiltrating data through a Bing Image Search SSRF proxy. </p> <p> While Microsoft has patched this specific variant, the underlying architectural issue &mdash; AI copilots inheriting user permissions and accepting instructions via URL parameters &mdash; will produce recurring vulnerabilities across every AI-enhanced SaaS platform state government deploys. </p> <h3> <strong> 6. Nation-State Persistent Pressure </strong> </h3> <p> The UK's National Cyber Security Centre (NCSC) publicly warned this week that critical infrastructure remains under "sustained cyber pressure" from <strong> Russia, China, and Iran </strong> , with 75% of attacks on critical infrastructure attributed to state-linked actors. Named actors with confirmed or assessed government-targeting activity: </p> <ul> <li> <strong> APT29 </strong> (Russia SVR) &mdash; credential harvesting, cloud exploitation </li> <li> <strong> Sandworm/Electrum </strong> (Russia GRU) &mdash; critical infrastructure disruption </li> <li> <strong> UNC5435 </strong> (Russia-nexus) &mdash; FortiBleed credential operations </li> <li> <strong> VOID MANTICORE/Handala </strong> (IRGC-affiliated) &mdash; confirmed California water utility breach (June 12) </li> <li> <strong> Volt Typhoon / Salt Typhoon </strong> (China) &mdash; prepositioning in US infrastructure (no new indicators this cycle, but NCSC confirms active operations) </li> <li> <strong> SloppyLemming </strong> &mdash; BurrowShell backdoor campaign targeting government entities (South/East Asia focus, potential expansion) </li> </ul> <h2> <strong> Predictive Analysis (72-Hour Horizon) </strong> </h2> <table> <thead> <tr> <th> <p> <strong> Scenario </strong> </p> </th> <th> <p> <strong> Probability </strong> </p> </th> <th> <p> <strong> Basis </strong> </p> </th> </tr> </thead> <tbody> <tr> <td> <p> Additional Klue/Icarus victim disclosures emerge, potentially including government SaaS vendors </p> </td> <td> <p> <strong> HIGH (&gt;75%) </strong> </p> </td> <td> <p> Only 2 victims publicly claimed; Salesforce disabled integration affecting many customers; extortion timeline suggests more disclosures imminent </p> </td> </tr> <tr> <td> <p> CVE-2026-20253 product identification reveals a state-relevant platform (likely Cisco based on naming convention) </p> </td> <td> <p> <strong> MODERATE-HIGH (50&ndash;70%) </strong> </p> </td> <td> <p> CVE naming pattern and CISA prioritization suggest major enterprise vendor </p> </td> </tr> <tr> <td> <p> FortiBleed-derived credentials leveraged for ransomware deployment against government targets </p> </td> <td> <p> <strong> MODERATE (50&ndash;70%) </strong> </p> </td> <td> <p> Historical pattern: credential exposure &rarr; 10&ndash;14 day access broker dwell &rarr; ransomware; government entities explicitly tagged in sales catalog </p> </td> </tr> <tr> <td> <p> Akira/PUNK SPIDER silence (~7 days) breaks with new state/local government victim announcement </p> </td> <td> <p> <strong> LOW-MODERATE (30&ndash;50%) </strong> </p> </td> <td> <p> Typical 2-week campaign cadence; silence may indicate target selection or retooling phase </p> </td> </tr> <tr> <td> <p> P2P injection variants discovered in other AI-enhanced SaaS platforms (ServiceNow, Salesforce Einstein) </p> </td> <td> <p> <strong> MODERATE (40&ndash;60%) </strong> </p> </td> <td> <p> Architectural pattern is systemic, not product-specific; security researchers actively probing </p> </td> </tr> </tbody> </table> <h2> <strong> SOC Operational Guidance </strong> </h2> <h3> <strong> Detection Priorities </strong> </h3> <table> <thead> <tr> <th> <p> <strong> Priority </strong> </p> </th> <th> <p> <strong> What to Monitor </strong> </p> </th> <th> <p> <strong> ATT&amp;CK Technique </strong> </p> </th> <th> <p> <strong> Detection Logic </strong> </p> </th> </tr> </thead> <tbody> <tr> <td> <p> <strong> CRITICAL </strong> </p> </td> <td> <p> FortiGate admin logins from unexpected IPs/geolocations </p> </td> <td> <p> T1078 (Valid Accounts), T1133 (External Remote Services) </p> </td> <td> <p> Alert on any FortiGate admin authentication from non-approved IP ranges; correlate with FortiBleed exposure window </p> </td> </tr> <tr> <td> <p> <strong> CRITICAL </strong> </p> </td> <td> <p> Salesforce REST API queries with automated user-agents </p> </td> <td> <p> T1119 (Automated Collection), T1528 (Steal Application Access Token) </p> </td> <td> <p> Alert on Python-urllib or scripted user-agents querying /services/data/v59.0/sobjects or /services/data/v59.0/query </p> </td> </tr> <tr> <td> <p> <strong> HIGH </strong> </p> </td> <td> <p> M365 Copilot URL sharing with encoded parameters </p> </td> <td> <p> T1566.002 (Spearphishing Link), T1059 (Command and Scripting Interpreter) </p> </td> <td> <p> Inspect URLs to m365.cloud.microsoft.com containing HTML tags or natural language instructions in ?q= parameter </p> </td> </tr> <tr> <td> <p> <strong> HIGH </strong> </p> </td> <td> <p> Cisco ISE management plane access from non-jump-host IPs </p> </td> <td> <p> T1190 (Exploit Public-Facing Application) </p> </td> <td> <p> Until patched, restrict and alert on any ISE admin access outside approved bastion hosts </p> </td> </tr> <tr> <td> <p> <strong> MODERATE </strong> </p> </td> <td> <p> RDP lateral movement following VPN authentication </p> </td> <td> <p> T1021.001 (Remote Desktop Protocol) </p> </td> <td> <p> Correlate new VPN sessions (especially FortiGate SSL VPN) with subsequent RDP to internal hosts &mdash; indicator of credential-to-ransomware pipeline </p> </td> </tr> <tr> <td> <p> <strong> MODERATE </strong> </p> </td> <td> <p> OAuth token creation/modification in Salesforce, ServiceNow </p> </td> <td> <p> T1528 (Steal Application Access Token) </p> </td> <td> <p> Alert on new Connected App registrations or OAuth scope changes outside change windows </p> </td> </tr> </tbody> </table> <h3> <strong> Hunting Hypotheses </strong> </h3> <ol> <li> <strong> Hypothesis: FortiBleed credentials already in use. </strong> Hunt for FortiGate admin sessions originating from TOR exit nodes, known bulletproof hosting ASNs, or geolocations inconsistent with admin staff locations. Time window: June 10&ndash;present. </li> <li> <strong> Hypothesis: Dormant SaaS integrations with excessive OAuth scope. </strong> Inventory all Salesforce Connected Apps; identify any with full or api scope that haven't authenticated in &gt;90 days. These are the Klue-equivalent attack surface. </li> <li> <strong> Hypothesis: P2P injection reconnaissance. </strong> Search email gateway logs and proxy logs for inbound URLs containing m365.cloud.microsoft.com with unusually long or encoded query strings. Even though SearchLeak is patched, variants may exist. </li> <li> <strong> Hypothesis: Akira/ransomware staging via compromised VPN. </strong> Hunt for new scheduled tasks, service installations, or PowerShell execution on systems accessed via SSL VPN within 24 hours of VPN session establishment. Focus on T1053.005 (Scheduled Task) and T1059.001 (PowerShell). </li> </ol> <h3> <strong> Blocking Guidance </strong> </h3> <ul> <li> Block Python-urllib user-agent at Salesforce API gateway (or alert if blocking impacts legitimate automation) </li> <li> Restrict Cisco ISE management interfaces to designated jump hosts via ACL (compensating control until patch) </li> <li> Disable internet-facing FortiGate management interfaces immediately </li> <li> Review and revoke OAuth tokens for any integration platform that has been disabled or decommissioned </li> </ul> <h2> <strong> Sector-Specific Defensive Priorities </strong> </h2> <h3> <strong> Financial Services (State Treasury, Revenue, Tax Systems) </strong> </h3> <ul> <li> <strong> Primary threat: </strong> FortiBleed credential access &rarr; ransomware targeting tax/revenue systems (cf. Murray County, GA &mdash; tax systems encrypted) </li> <li> <strong> Action: </strong> Validate that FortiGate devices protecting financial system enclaves have completed credential rotation; ensure offline backup integrity for tax processing databases </li> <li> <strong> Watch: </strong> ShinyHunters/UNC6040 Oracle PeopleSoft exploitation &mdash; state financial ERP systems running PeopleSoft must verify CVE-2026-35273 patching status </li> </ul> <h3> <strong> Energy (State-Operated Utilities, SCADA/ICS) </strong> </h3> <ul> <li> <strong> Primary threat: </strong> VOID MANTICORE/Handala (IRGC-affiliated) confirmed breach of California water utilities; NCSC warns of sustained Russia/China/Iran pressure on critical infrastructure </li> <li> <strong> Action: </strong> Validate network segmentation between IT and OT per CISA ICS advisories (Mitsubishi MELSEC iQ-F, Schneider Electric Easergy/EcoStruxure/PowerLogic, Rockwell FactoryTalk Historian); ensure ICS systems are not reachable from FortiGate VPN segments </li> <li> <strong> Watch: </strong> Six new ICS advisories this cycle &mdash; review applicability to state water/wastewater and power distribution SCADA </li> </ul> <h3> <strong> Healthcare (State Health Agencies, Medicaid Systems) </strong> </h3> <ul> <li> <strong> Primary threat: </strong> Ransomware operators (IncRansom, Cloak, LockBit5) actively targeting government public services including health systems; PII exfiltration via vendor compromise (Texas analog) </li> <li> <strong> Action: </strong> Audit third-party vendor access to Medicaid/benefits databases; verify that vendor connections use time-limited credentials with least-privilege API scope </li> <li> <strong> Watch: </strong> ConnectWise ScreenConnect CVE-2025-3935 (improper authentication) &mdash; healthcare MSPs frequently use ScreenConnect for remote support </li> </ul> <h3> <strong> Government (Executive Branch, Public Safety, Courts) </strong> </h3> <ul> <li> <strong> Primary threat: </strong> Triple convergence &mdash; FortiBleed (perimeter), Klue/Icarus (SaaS), Texas vendor breach (third-party) all directly target government operations </li> <li> <strong> Action: </strong> Emergency FortiGate credential rotation; SaaS OAuth audit; vendor access review for all licensing/permitting systems </li> <li> <strong> Watch: </strong> Murray County, GA paid $200K ransom after court and law enforcement systems encrypted including backups &mdash; validate backup isolation for court management and public safety systems </li> </ul> <h3> <strong> Aviation/Logistics (State DOT, Airport Authorities, Fleet Management) </strong> </h3> <ul> <li> <strong> Primary threat: </strong> Nation-state prepositioning (Volt Typhoon) in transportation infrastructure; FortiBleed exposure of traffic management system perimeters </li> <li> <strong> Action: </strong> Verify that traffic management, airport operations, and fleet management systems are segmented from general-purpose IT networks; confirm FortiGate devices in transportation enclaves are included in credential rotation </li> <li> <strong> Watch: </strong> AzeoTech DAQFactory and AVer PTC camera advisories may affect transportation monitoring systems </li> </ul> <h2> <strong> Prioritized Defense Recommendations </strong> </h2> <h3> <strong> IMMEDIATE (Within 24 Hours) </strong> </h3> <table> <thead> <tr> <th> <p> <strong> Priority </strong> </p> </th> <th> <p> <strong> Owner </strong> </p> </th> <th> <p> <strong> Action </strong> </p> </th> </tr> </thead> <tbody> <tr> <td> <p> 1 </p> </td> <td> <p> IT Ops </p> </td> <td> <p> <strong> Rotate ALL FortiGate administrator and SSL VPN credentials. </strong> Force PBKDF2 hash migration by requiring admin re-login post-firmware upgrade. Disable internet-facing management interfaces. This is not optional &mdash; credentials are confirmed compromised and circulating in eCrime markets. </p> </td> </tr> <tr> <td> <p> 2 </p> </td> <td> <p> IT Ops </p> </td> <td> <p> <strong> Apply Cisco ISE patches for CVE-2026-20181 and CVE-2026-20190. </strong> If maintenance window is required, implement compensating ACLs restricting ISE management plane to jump hosts only. No workaround exists. </p> </td> </tr> <tr> <td> <p> 3 </p> </td> <td> <p> SOC </p> </td> <td> <p> <strong> Audit all Salesforce Connected Apps and OAuth integrations. </strong> Revoke tokens for any competitive intelligence, abandoned, or decommissioned integration platforms. Alert on Python-urllib user-agent strings querying Salesforce REST API endpoints. </p> </td> </tr> <tr> <td> <p> 4 </p> </td> <td> <p> CISO </p> </td> <td> <p> <strong> Brief executive leadership </strong> on FortiBleed exposure and the 10&ndash;14 day ransomware deployment window. Secure authorization for emergency maintenance windows. </p> </td> </tr> </tbody> </table> <h3> <strong> 7-DAY </strong> </h3> <table> <thead> <tr> <th> <p> <strong> Priority </strong> </p> </th> <th> <p> <strong> Owner </strong> </p> </th> <th> <p> <strong> Action </strong> </p> </th> </tr> </thead> <tbody> <tr> <td> <p> 5 </p> </td> <td> <p> SOC </p> </td> <td> <p> Deploy URL inspection rules to detect/block links containing encoded HTML or natural language instructions in M365 Copilot URL parameters. Brief security awareness team on P2P injection phishing lure format. </p> </td> </tr> <tr> <td> <p> 6 </p> </td> <td> <p> IT Ops </p> </td> <td> <p> Monitor CISA KEV catalog daily for CVE-2026-20253 product identification; prepare expedited patching workflow once product is confirmed. </p> </td> </tr> <tr> <td> <p> 7 </p> </td> <td> <p> CISO </p> </td> <td> <p> Commission full inventory of all SaaS-to-SaaS OAuth integrations across state Salesforce, ServiceNow, and HubSpot instances. Identify dormant/legacy credentials with excessive scope. </p> </td> </tr> <tr> <td> <p> 8 </p> </td> <td> <p> IT Ops </p> </td> <td> <p> <strong> Verify Oracle PeopleSoft instances have applied patches for CVE-2026-35273 and June 2026 Critical Patch Update. </strong> </p> </td> </tr> <tr> <td> <p> 9 </p> </td> <td> <p> IR Team </p> </td> <td> <p> Update incident response playbooks to include SaaS OAuth token compromise scenario (Klue/Icarus pattern) and FortiBleed-to-ransomware escalation path. </p> </td> </tr> </tbody> </table> <h3> <strong> 30-DAY </strong> </h3> <table> <thead> <tr> <th> <p> <strong> Priority </strong> </p> </th> <th> <p> <strong> Owner </strong> </p> </th> <th> <p> <strong> Action </strong> </p> </th> </tr> </thead> <tbody> <tr> <td> <p> 10 </p> </td> <td> <p> CISO </p> </td> <td> <p> Develop AI Copilot security policy addressing P2P injection risk class. Restrict Copilot Enterprise Search URL sharing to internal-only until Microsoft confirms all race condition variants are patched. </p> </td> </tr> <tr> <td> <p> 11 </p> </td> <td> <p> IT Ops </p> </td> <td> <p> Review and harden ICS/SCADA environments per CISA ICS advisories for Mitsubishi MELSEC iQ-F, Schneider Electric PowerChute/Easergy, and Rockwell FactoryTalk Historian. Validate IT/OT network segmentation. </p> </td> </tr> <tr> <td> <p> 12 </p> </td> <td> <p> CISO </p> </td> <td> <p> Implement OAuth token rotation policy: maximum 90-day lifetime for all SaaS integration tokens; automated revocation for integrations inactive &gt;30 days. </p> </td> </tr> <tr> <td> <p> 13 </p> </td> <td> <p> CISO </p> </td> <td> <p> Conduct tabletop exercise simulating FortiBleed &rarr; access broker &rarr; ransomware attack chain targeting state tax/court systems. Include backup recovery validation. </p> </td> </tr> <tr> <td> <p> 14 </p> </td> <td> <p> CIO </p> </td> <td> <p> Establish redundant OSINT collection capability with automated health monitoring and failover to prevent single-source intelligence blind spots. </p> </td> </tr> </tbody> </table> <h2> <strong> IOC Blocking Guidance </strong> </h2> <p> The following verified network-level indicators are associated with campaigns discussed in this report. Deploy to perimeter controls, EDR, and SIEM correlation rules as appropriate. </p> <p> <strong> File Hashes: </strong> Validated SHA-256 indicators associated with FortiBleed, Icarus/Klue, and related campaigns are available directly via Anomali ThreatStream. Please query ThreatStream for the latest verified hash indicators tied to UNC5435, Icarus, ShinyHunters/UNC6040, and VOID MANTICORE. Do not rely on unattributed hash lists circulating in open-source channels &mdash; attribution context is required to assess relevance and avoid false positives. </p> <p> <strong> Network Indicators to Monitor: </strong> </p> <table> <thead> <tr> <th> <p> <strong> Indicator </strong> </p> </th> <th> <p> <strong> Context </strong> </p> </th> </tr> </thead> <tbody> <tr> <td> <p> Salesforce API paths /services/data/v59.0/sobjects and /services/data/v59.0/query accessed by Python-urllib or other scripted user-agents </p> </td> <td> <p> Icarus/Klue OAuth abuse pattern &mdash; automated bulk CRM exfiltration </p> </td> </tr> <tr> <td> <p> URLs matching bing[.]com/images/searchbyimage?cbir=sbi&amp;imgurl= with external attacker-controlled domains appended </p> </td> <td> <p> M365 Copilot SearchLeak SSRF exfiltration channel &mdash; monitor even post-patch for variant activity </p> </td> </tr> </tbody> </table> <p> <em> For the full, continuously updated IOC feed including network infrastructure, file hashes, and behavioral signatures associated with all campaigns in this report, access Anomali ThreatStream or contact your Anomali account team. </em> </p> <h2> <strong> Bottom Line </strong> </h2> <p> State government sits at the intersection of three simultaneously active attack surfaces &mdash; perimeter devices (FortiBleed), SaaS integrations (Icarus/Klue), and third-party vendors (Texas breach) &mdash; while being explicitly targeted by both ransomware operators and nation-state actors. The 10&ndash;14 day window between FortiBleed credential exposure and likely ransomware deployment is closing. The VOID MANTICORE/Handala water utility breach confirms that IRGC-affiliated actors are actively targeting US critical infrastructure. Every day without credential rotation, OAuth audit, and vendor access review is a day closer to an incident that costs orders of magnitude more than the maintenance window disruption. </p> <p> <strong> Act today. Rotate credentials. Audit OAuth tokens. Verify your backups are isolated. </strong> The adversary already has the keys &mdash; the only question is whether you change the locks before they use them. </p> <p> <em> Published June 19, 2026 | Anomali CTI Desk </em> </p> <p> <em> Intelligence cutoff: 2026-06-19 0600 UTC </em> </p> <p> <em> Next update: 2026-06-20 </em> </p> <p> <em> For questions or additional IOC feeds, contact your Anomali account team or access ThreatStream directly. </em> </p>