Unpatched Windows Defender Zero-Day, AI Exfiltration, and Supply-Chain Worms: A Convergence Demanding Immediate Action

<p> <strong> Threat Assessment Level: ELEVATED </strong> </p> <p> <em> Elevated due to an unpatched Microsoft Defender privilege escalation zero-day with public proof-of-concept, a confirmed AI-based data exfiltration vulnerability in Microsoft 365 Copilot, active supply-chain worms compromising developer ecosystems, continued ransomware pressure on county and state government, and five new Rockwell Automation ICS advisories affecting water/wastewater infrastructure. </em> </p> <h2> <strong> Executive Summary </strong> </h2> <p> State government IT leaders face a compressed decision window this week. A rare convergence of threats &mdash; an unpatched zero-day on every Windows endpoint, a novel attack class weaponizing your own AI tools against you, and self-propagating supply-chain worms already inside major package ecosystems &mdash; demands coordinated action across endpoint security, cloud administration, DevOps, and OT/ICS teams simultaneously. </p> <p> Meanwhile, a Georgia county just paid $200,000 in ransom after a month-long outage of court and law enforcement systems, reinforcing that sub-state government entities remain squarely in the crosshairs of ransomware operators. The question is not <em> whether </em> your state will face a similar incident, but whether your backup integrity and response playbooks will hold when it happens. </p> <h2> <strong> What Changed </strong> </h2> <table> <thead> <tr> <th> <p> <strong> Development </strong> </p> </th> <th> <p> <strong> Why It Matters for State Government </strong> </p> </th> </tr> </thead> <tbody> <tr> <td> <p> <strong> CVE-2026-50656 "RoguePlanet" </strong> &mdash; Microsoft Defender zero-day with public PoC, no patch available </p> </td> <td> <p> Every state Windows endpoint running Defender is vulnerable to SYSTEM-level privilege escalation. Attackers who gain initial access can immediately escalate to full system control. </p> </td> </tr> <tr> <td> <p> <strong> CVE-2025-32711 "EchoLeak" </strong> &mdash; M365 Copilot zero-click data exfiltration </p> </td> <td> <p> If your state deploys Microsoft 365 Copilot, a hidden payload in any inbound email can silently exfiltrate emails, Teams messages, and SharePoint files &mdash; no user interaction required. </p> </td> </tr> <tr> <td> <p> <strong> Shai-Hulud supply-chain worm </strong> &mdash; 516+ packages, 3,000+ repos, 200+ developer accounts compromised </p> </td> <td> <p> Self-propagating worm using Git timestamp manipulation to evade code review. Government is explicitly listed as a targeted industry. </p> </td> </tr> <tr> <td> <p> <strong> Mastra npm compromise </strong> &mdash; 144 packages, 918K weekly downloads of @mastra/core </p> </td> <td> <p> Hijacked legitimate contributor account used to inject cross-platform infostealer with C2 infrastructure at 23.254.164[.]92 and 23.254.164[.]123. </p> </td> </tr> <tr> <td> <p> <strong> Murray County, GA ransomware </strong> &mdash; $200K paid, month-long outage </p> </td> <td> <p> Tax, court, and law enforcement systems encrypted including backups. Direct peer-organization impact. </p> </td> </tr> <tr> <td> <p> <strong> 5 Rockwell Automation ICS advisories </strong> &mdash; Logix 5370/5570, CompactLogix, FLEX I/O, RSLinx, FactoryTalk </p> </td> <td> <p> Denial-of-service and unauthorized access vulnerabilities in PLCs commonly deployed in state water/wastewater facilities. </p> </td> </tr> <tr> <td> <p> <strong> CVE-2026-48907 (Joomla JCE) </strong> added to CISA KEV </p> </td> <td> <p> Active exploitation confirmed; affects state agencies running Joomla-based public-facing sites. </p> </td> </tr> <tr> <td> <p> <strong> WARLORD KITTEN (Iran-nexus APT) </strong> &mdash; fresh OtakuKit IOC refresh </p> </td> <td> <p> New malware hashes published 2026-06-17 indicate continued operational activity by this IRGC-affiliated group. </p> </td> </tr> <tr> <td> <p> <strong> APT29 (Russia SVR) </strong> &mdash; new credential-harvesting executable targeting government </p> </td> <td> <p> Nation-state credential theft campaign active as of June 15; government and telecom organizations at elevated risk. </p> </td> </tr> <tr> <td> <p> <strong> Three FortiSandbox CVEs (CVE-2026-39813/39808/25089) </strong> confirmed exploited in the wild </p> </td> <td> <p> CVSS 9.1 vulnerabilities in network security appliances confirmed exploited June 16; one exploit AI-assisted. </p> </td> </tr> <tr> <td> <p> <strong> ShinyHunters/UNC6040 </strong> &mdash; mass exploitation of Oracle PeopleSoft (CVE-2026-35273) </p> </td> <td> <p> Approximately 100 organizations compromised in five days; state HR and finance ERP systems at direct risk. </p> </td> </tr> <tr> <td> <p> <strong> CVE-2026-20262 (Cisco Catalyst SD-WAN Manager) </strong> added to CISA KEV </p> </td> <td> <p> Active exploitation of state network infrastructure confirmed; transportation and distributed-site agencies most exposed. </p> </td> </tr> </tbody> </table> <h2> <strong> Threat Timeline </strong> </h2> <table> <thead> <tr> <th> <p> <strong> Date </strong> </p> </th> <th> <p> <strong> Event </strong> </p> </th> <th> <p> <strong> Impact </strong> </p> </th> </tr> </thead> <tbody> <tr> <td> <p> 2026-05-13 </p> </td> <td> <p> Murray County, GA ransomware attack begins </p> </td> <td> <p> Tax, court, law enforcement systems encrypted; backups destroyed </p> </td> </tr> <tr> <td> <p> 2026-06-12 </p> </td> <td> <p> ShinyHunters/UNC6040 mass exploitation of Oracle PeopleSoft (CVE-2026-35273) begins; ~100 orgs compromised </p> </td> <td> <p> State HR/Finance ERP systems at risk </p> </td> </tr> <tr> <td> <p> 2026-06-12 </p> </td> <td> <p> Handala/VOID MANTICORE (IRGC) breaches California water utilities </p> </td> <td> <p> <strong> Critical infrastructure targeting confirmed </strong> </p> </td> </tr> <tr> <td> <p> 2026-06-15 </p> </td> <td> <p> CISA adds CVE-2026-20262 (Cisco Catalyst SD-WAN Manager) to KEV </p> </td> <td> <p> Active exploitation of state network infrastructure </p> </td> </tr> <tr> <td> <p> 2026-06-15 </p> </td> <td> <p> APT29 (Russia SVR) deploys new credential-harvesting executable targeting government </p> </td> <td> <p> Nation-state espionage activity ongoing </p> </td> </tr> <tr> <td> <p> 2026-06-16 </p> </td> <td> <p> Three FortiSandbox CVEs confirmed exploited in the wild (CVE-2026-39813/39808/25089) </p> </td> <td> <p> Network security appliances compromised; one exploit AI-assisted </p> </td> </tr> <tr> <td> <p> 2026-06-16 </p> </td> <td> <p> CISA adds CVE-2026-48907 (Joomla JCE) to KEV </p> </td> <td> <p> Web application exploitation active </p> </td> </tr> <tr> <td> <p> 2026-06-16 </p> </td> <td> <p> Five Rockwell Automation ICS advisories published </p> </td> <td> <p> Water/wastewater SCADA at risk </p> </td> </tr> <tr> <td> <p> 2026-06-16 </p> </td> <td> <p> Murray County pays $200K ransom; systems begin recovery </p> </td> <td> <p> Demonstrates ransomware ROI for attackers targeting government </p> </td> </tr> <tr> <td> <p> 2026-06-17 </p> </td> <td> <p> CVE-2026-50656 "RoguePlanet" PoC published &mdash; no patch </p> </td> <td> <p> Every Defender-protected endpoint vulnerable </p> </td> </tr> <tr> <td> <p> 2026-06-17 </p> </td> <td> <p> Mastra npm compromise discovered &mdash; 144 packages weaponized </p> </td> <td> <p> State DevOps pipelines in blast radius </p> </td> </tr> <tr> <td> <p> 2026-06-17 </p> </td> <td> <p> WARLORD KITTEN OtakuKit IOC refresh </p> </td> <td> <p> Iran-nexus APT remains operationally active </p> </td> </tr> </tbody> </table> <h2> <strong> Key Threat Analysis </strong> </h2> <h3> <strong> 1. CVE-2026-50656 "RoguePlanet" &mdash; The Defender Becomes the Vulnerability </strong> </h3> <p> A race condition in the Microsoft Malware Protection Engine (MsMpEng.exe) allows any local user to escalate to SYSTEM privileges on fully patched Windows 10 and Windows 11 systems. The exploit works regardless of whether real-time protection is enabled or disabled. </p> <p> <strong> Why this is critical for state government: </strong> Microsoft Defender is the default endpoint protection across most state enterprise deployments. With a public proof-of-concept and no available patch, every state workstation and server is one initial-access foothold away from full compromise. Ransomware operators and nation-state actors routinely chain initial access (phishing, supply-chain) with local privilege escalation &mdash; this zero-day provides that second link for free. </p> <p> <strong> Detection is currently the only mitigation. </strong> Monitor for cmd.exe or powershell.exe spawning as SYSTEM from the MsMpEng.exe process tree. </p> <h3> <strong> 2. CVE-2025-32711 "EchoLeak" &mdash; Your AI Assistant as an Exfiltration Channel </strong> </h3> <p> This zero-click indirect prompt injection vulnerability in Microsoft 365 Copilot represents a fundamentally new attack class. An attacker embeds hidden instructions (white-on-white text, HTML comments) in an email sent to a Copilot-enabled user. When Copilot processes that email as context, it silently follows the injected instructions &mdash; exfiltrating emails, Teams messages, and SharePoint/OneDrive files to attacker-controlled endpoints. </p> <p> <strong> No user interaction required. </strong> The victim never clicks a link or opens an attachment. The email simply needs to exist in their mailbox for Copilot to ingest it as context. </p> <p> Microsoft applied a server-side patch in May 2026, but the underlying attack class &mdash; indirect prompt injection against RAG-based AI assistants &mdash; remains viable. State agencies deploying Copilot should verify the patch is active and consider restricting Copilot's access to external email context. </p> <h3> <strong> 3. Supply-Chain Worms: Shai-Hulud and Mastra </strong> </h3> <p> Two distinct but related supply-chain attacks are actively compromising developer ecosystems: </p> <p> <strong> Shai-Hulud </strong> (attributed to TeamPCP) is a self-propagating worm that has compromised 516+ packages across npm, PyPI, and RubyGems, 3,000+ GitHub repositories, and 200+ developer accounts. It uses a novel technique &mdash; Git commit timestamp backdating and author metadata forgery &mdash; to make malicious commits appear legitimate and evade code review. Government organizations are explicitly listed as targets. GitHub has declined to fix the underlying platform design flaws that enable propagation. </p> <p> <strong> Mastra npm compromise </strong> exploited a hijacked legitimate contributor account ("ehindero") to publish 144 malicious packages injecting the "easy-day-js" dependency. The payload disables TLS validation, downloads a cross-platform infostealer, harvests browser credentials and crypto wallets, and establishes persistence. C2 infrastructure is active at 23.254.164[.]92 and 23.254.164[.]123. </p> <p> <strong> State government exposure: </strong> Any state agency with DevOps pipelines consuming npm, PyPI, or GitHub-hosted dependencies is in the blast radius. Both attacks would be mitigated by requiring SLSA provenance attestations on package installation &mdash; a policy decision, not a tooling decision. </p> <h3> <strong> 4. Ransomware Continues to Devastate County Government </strong> </h3> <p> Murray County, Georgia discovered their attack at 3 AM on May 13 when law enforcement software went offline. The attackers encrypted systems supporting the Tax Commissioner, Tax Assessors, Probate Court, Juvenile Court, and Sheriff's Office &mdash; and critically, <strong> encrypted the backups as well </strong> . After nearly a month offline, the county paid $200,000. </p> <p> This follows the pattern established by groups like Akira (PUNK SPIDER), Qilin (REVENANT SPIDER), and DragonForce &mdash; all of which actively target government entities and prioritize backup destruction (T1490) to maximize pressure. </p> <p> <strong> For state IT leadership: </strong> The question is whether centralized backup-as-a-service for county interconnections would reduce systemic risk. Individual counties often lack the resources for air-gapped or immutable backup architectures. </p> <h3> <strong> 5. Rockwell Automation ICS Vulnerabilities &mdash; Water/Wastewater at Risk </strong> </h3> <p> Five simultaneous CISA ICS advisories cover Rockwell Automation products commonly deployed in state water and wastewater facilities: </p> <ul> <li> <strong> Logix 5370 &amp; 5570 Controllers </strong> &mdash; Denial-of-service via CIP causing major nonrecoverable fault </li> <li> <strong> CompactLogix </strong> &mdash; Denial-of-service </li> <li> <strong> FLEX I/O EtherNet/IP Adapters </strong> &mdash; Unauthorized access and account takeover </li> <li> <strong> RSLinx </strong> &mdash; Application denial-of-service </li> <li> <strong> FactoryTalk Analytics PavilionX </strong> &mdash; Privileged operation execution </li> </ul> <p> Combined with the June 12 IRGC-affiliated breach of California water utilities (Handala/VOID MANTICORE), the water sector threat picture is acute. These vulnerabilities provide the technical pathway; the Iran-nexus actors provide the intent. </p> <h3> <strong> 6. Nation-State Activity: Persistent but Evolving </strong> </h3> <table> <thead> <tr> <th> <p> <strong> Actor </strong> </p> </th> <th> <p> <strong> Affiliation </strong> </p> </th> <th> <p> <strong> Recent Activity </strong> </p> </th> <th> <p> <strong> Target </strong> </p> </th> </tr> </thead> <tbody> <tr> <td> <p> APT29 </p> </td> <td> <p> Russia SVR </p> </td> <td> <p> New credential-harvesting executable (June 15) </p> </td> <td> <p> Government, telecom </p> </td> </tr> <tr> <td> <p> WARLORD KITTEN </p> </td> <td> <p> IRGC (Iran) </p> </td> <td> <p> OtakuKit malware IOC refresh (June 17) </p> </td> <td> <p> Government, defense </p> </td> </tr> <tr> <td> <p> Handala / VOID MANTICORE </p> </td> <td> <p> IRGC (Iran) </p> </td> <td> <p> California water utility breach (June 12) </p> </td> <td> <p> <strong> Critical infrastructure </strong> </p> </td> </tr> <tr> <td> <p> ShinyHunters / UNC6040 </p> </td> <td> <p> Criminal </p> </td> <td> <p> Oracle PeopleSoft mass exploitation (June 12) </p> </td> <td> <p> Enterprise ERP </p> </td> </tr> <tr> <td> <p> HOOK SPIDER </p> </td> <td> <p> Russia-nexus </p> </td> <td> <p> Access broker activity (ongoing) </p> </td> <td> <p> Initial access sales </p> </td> </tr> </tbody> </table> <p> <strong> Notable absence: </strong> Volt Typhoon and Salt Typhoon (China-nexus) have shown zero indicators for 3+ intelligence cycles. This could indicate an operational pause, a shift to unattributed infrastructure, or a collection gap. Given their known focus on pre-positioning within U.S. critical infrastructure, this silence warrants proactive hunting rather than complacency. </p> <h2> <strong> Predictive Analysis </strong> </h2> <table> <thead> <tr> <th> <p> <strong> Scenario </strong> </p> </th> <th> <p> <strong> Probability </strong> </p> </th> <th> <p> <strong> Timeframe </strong> </p> </th> <th> <p> <strong> Basis </strong> </p> </th> </tr> </thead> <tbody> <tr> <td> <p> Microsoft releases out-of-band Defender patch for CVE-2026-50656 </p> </td> <td> <p> <strong> 75% </strong> </p> </td> <td> <p> 7 days </p> </td> <td> <p> Public PoC + media pressure + SYSTEM escalation severity </p> </td> </tr> <tr> <td> <p> Commodity ransomware operators incorporate RoguePlanet into attack chains </p> </td> <td> <p> <strong> 60% </strong> </p> </td> <td> <p> 14 days </p> </td> <td> <p> Public PoC lowers barrier; LPE is the missing link in many intrusion chains </p> </td> </tr> <tr> <td> <p> Shai-Hulud worm variants expand to Go modules and Cargo ecosystems </p> </td> <td> <p> <strong> 50% </strong> </p> </td> <td> <p> 30 days </p> </td> <td> <p> GitHub's refusal to address design flaws + worm's self-propagating nature </p> </td> </tr> <tr> <td> <p> DragonForce ransomware affiliates claim US state/local government victims </p> </td> <td> <p> <strong> 35% </strong> </p> </td> <td> <p> 30 days </p> </td> <td> <p> Active MSP targeting (Helix International pattern) provides lateral access to government clients </p> </td> </tr> <tr> <td> <p> Iran-nexus actors (APT42/Charming Kitten) surge credential harvesting ahead of 2026 midterms </p> </td> <td> <p> <strong> 40% </strong> </p> </td> <td> <p> 60 days </p> </td> <td> <p> Historical pattern of election-cycle activity + current operational tempo </p> </td> </tr> <tr> <td> <p> Additional Rockwell Automation exploitation in water/wastewater sector </p> </td> <td> <p> <strong> 45% </strong> </p> </td> <td> <p> 30 days </p> </td> <td> <p> Five new advisories + confirmed Iran-nexus intent (Handala breach) </p> </td> </tr> </tbody> </table> <h2> <strong> SOC Operational Guidance </strong> </h2> <h3> <strong> Detection Priorities </strong> </h3> <table> <thead> <tr> <th> <p> <strong> Priority </strong> </p> </th> <th> <p> <strong> What to Detect </strong> </p> </th> <th> <p> <strong> ATT&amp;CK ID </strong> </p> </th> <th> <p> <strong> Detection Logic </strong> </p> </th> </tr> </thead> <tbody> <tr> <td> <p> <strong> CRITICAL </strong> </p> </td> <td> <p> RoguePlanet exploitation </p> </td> <td> <p> T1068 </p> </td> <td> <p> Alert on cmd.exe, powershell.exe, or unknown processes spawning as SYSTEM from MsMpEng.exe parent process. Monitor for race condition artifacts: rapid file creation/deletion in Defender scan directories. </p> </td> </tr> <tr> <td> <p> <strong> CRITICAL </strong> </p> </td> <td> <p> EchoLeak prompt injection </p> </td> <td> <p> T1566.001, T1567 </p> </td> <td> <p> Scan inbound email for hidden HTML comments, white-on-white text (font-size:0, color matching background), and Unicode zero-width characters. Alert on Copilot-initiated outbound connections to unrecognized domains. </p> </td> </tr> <tr> <td> <p> <strong> HIGH </strong> </p> </td> <td> <p> Supply-chain payload execution </p> </td> <td> <p> T1195.002, T1059.007 </p> </td> <td> <p> Monitor CI/CD runners and developer workstations for outbound connections to 23.254.164[.]92 and 23.254.164[.]123. Alert on npm install of packages lacking SLSA provenance. Detect TLS validation disabling in Node.js processes. </p> </td> </tr> <tr> <td> <p> <strong> HIGH </strong> </p> </td> <td> <p> Backup destruction </p> </td> <td> <p> T1490 </p> </td> <td> <p> Alert on volume shadow copy deletion (vssadmin delete shadows), modification of backup agent configurations, and bulk file encryption patterns in backup storage locations. </p> </td> </tr> <tr> <td> <p> <strong> HIGH </strong> </p> </td> <td> <p> Rockwell PLC anomalies </p> </td> <td> <p> T0831, T0814 </p> </td> <td> <p> Monitor CIP traffic for malformed packets targeting Logix 5370/5570. Alert on unauthorized connections to FLEX I/O adapters. Baseline normal PLC communication patterns and alert on deviations. </p> </td> </tr> <tr> <td> <p> <strong> MODERATE </strong> </p> </td> <td> <p> APT29 credential harvesting </p> </td> <td> <p> T1078, T1555 </p> </td> <td> <p> Hunt for new unsigned executables in %APPDATA% and %TEMP% making outbound HTTPS connections. Correlate with Azure AD impossible-travel alerts. </p> </td> </tr> </tbody> </table> <h3> <strong> Hunting Hypotheses </strong> </h3> <ol> <li> <strong> Hypothesis: </strong> RoguePlanet PoC has already been incorporated into post-exploitation frameworks used against state networks. </li> <ul> <li> <strong> Hunt: </strong> Search EDR telemetry for SYSTEM-level process creation from MsMpEng.exe parent in the last 7 days. Correlate with any initial access alerts (phishing, VPN exploitation) in the same timeframe. </li> </ul> <li> <strong> Hypothesis: </strong> State developer workstations have consumed compromised Mastra or Shai-Hulud packages. </li> <ul> <li> <strong> Hunt: </strong> Query package manager logs (npm, pip) across developer endpoints for easy-day-js, @mastra/* packages installed after 2026-06-16, or any package with 4.6MB+ obfuscated payloads. Check for outbound connections to 23.254.164[.]0/24. </li> </ul> <li> <strong> Hypothesis: </strong> Copilot-enabled mailboxes have received EchoLeak-class prompt injection emails. </li> <ul> <li> <strong> Hunt: </strong> Search email gateway logs for messages containing hidden HTML elements (display:none, font-size:0, zero-width Unicode). Review Copilot audit logs for unusual data access patterns or responses containing exfiltration instructions. </li> </ul> <li> <strong> Hypothesis: </strong> Rockwell PLCs in state water facilities are accessible from IT networks due to segmentation gaps. </li> <ul> <li> <strong> Hunt: </strong> Scan for CIP/EtherNet/IP traffic (TCP/44818, UDP/2222) crossing IT/OT network boundaries. Verify that Logix 5370/5570 controllers are not reachable from corporate VLANs. </li> </ul> </ol> <h3> <strong> Blocking Actions </strong> </h3> <ul> <li> Block 23.254.164[.]92 and 23.254.164[.]123 at perimeter firewalls and DNS sinkholes </li> <li> Block installation of npm package easy-day-js in enterprise package registries </li> <li> Add Joomla JCE exploitation signatures (CVE-2026-48907) to WAF rules for state Joomla deployments </li> </ul> <h2> <strong> Sector-Specific Defensive Priorities </strong> </h2> <h3> <strong> Financial Services (State Treasury, Revenue, Pension Systems) </strong> </h3> <ul> <li> <strong> Oracle PeopleSoft (CVE-2026-35273): </strong> If state financial systems run PeopleSoft, verify patching status immediately. ShinyHunters/UNC6040 compromised ~100 organizations in 5 days. </li> <li> <strong> M365 Copilot: </strong> Treasury and revenue staff handling sensitive financial data are high-value EchoLeak targets. Consider restricting Copilot access for users processing tax records and pension data until prompt injection defenses mature. </li> <li> <strong> Ransomware: </strong> Murray County's Tax Commissioner and Tax Assessors were primary targets. Ensure financial system backups are immutable and air-gapped. </li> </ul> <h3> <strong> Energy (State-Managed Utilities, Grid Coordination) </strong> </h3> <ul> <li> <strong> Rockwell Automation: </strong> Energy facilities using Logix controllers should implement CIP traffic filtering and verify network segmentation immediately. </li> <li> <strong> Volt Typhoon absence: </strong> The lack of visible China-nexus activity targeting energy infrastructure is not reassurance &mdash; it may indicate pre-positioned access operating below detection thresholds. Conduct proactive threat hunts for living-off-the-land techniques (T1218, T1053). </li> <li> <strong> FortiSandbox vulnerabilities: </strong> If energy facilities use Fortinet appliances, verify patching for CVE-2026-39813/39808/25089 (all CVSS 9.1, confirmed exploited in the wild). </li> </ul> <h3> <strong> Healthcare (State Health Agencies, Medicaid Systems) </strong> </h3> <ul> <li> <strong> Ransomware resilience: </strong> Healthcare data systems face the same backup-destruction playbook seen in Murray County. Validate that Medicaid, vital records, and public health systems have offline recovery capability tested within the last 90 days. </li> <li> <strong> Supply-chain risk: </strong> Health IT systems increasingly rely on modern web frameworks. Audit npm/Python dependencies in patient portal and telehealth applications for Shai-Hulud or Mastra compromise indicators. </li> <li> <strong> EchoLeak: </strong> Healthcare staff using Copilot with access to PHI represent a high-consequence exfiltration target. Apply data classification restrictions to Copilot's context window. </li> </ul> <h3> <strong> Government (Executive Branch Agencies, Courts, Law Enforcement) </strong> </h3> <ul> <li> <strong> RoguePlanet (CVE-2026-50656): </strong> This is your most urgent endpoint risk. Every agency workstation is affected. Deploy detection rules immediately; prepare for emergency patching when Microsoft releases a fix. </li> <li> <strong> Murray County playbook: </strong> Brief agency heads on the county ransomware scenario. Validate that court management systems, law enforcement databases (CJIS), and DMV systems have tested offline backup restoration procedures. </li> <li> <strong> Credential theft: </strong> APT29's new credential harvester and the EchoLeak class both target government. Enforce phishing-resistant MFA (FIDO2) for all privileged accounts. Monitor for impossible-travel in Azure AD. </li> <li> <strong> WARLORD KITTEN: </strong> State agencies with defense or law enforcement functions should ingest the latest OtakuKit IOCs into detection platforms. </li> </ul> <h3> <strong> Aviation / Logistics (State DOT, Port Authorities, Airports) </strong> </h3> <ul> <li> <strong> DragonForce ransomware: </strong> This group recently targeted UK logistics and MSP infrastructure. State DOT and port authority systems connected via MSP relationships are potential lateral-movement targets. Verify MSP access controls and monitor for unauthorized RMM tool deployment. </li> <li> <strong> Cisco SD-WAN (CVE-2026-20262): </strong> Transportation agencies relying on Cisco SD-WAN for distributed site connectivity must patch immediately &mdash; this is on the CISA KEV with confirmed exploitation. </li> <li> <strong> ICS/SCADA: </strong> Traffic management systems and port automation using Rockwell controllers should apply the same mitigations as water/wastewater facilities. </li> </ul> <h2> <strong> Prioritized Defense Recommendations </strong> </h2> <h3> <strong> IMMEDIATE (Within 24 Hours) </strong> </h3> <table> <thead> <tr> <th> <p> <strong> Action </strong> </p> </th> <th> <p> <strong> Responsible Team </strong> </p> </th> <th> <p> <strong> Rationale </strong> </p> </th> </tr> </thead> <tbody> <tr> <td> <p> Deploy Chrome 149.0.7827.155+ and Firefox 152 to all state endpoints </p> </td> <td> <p> IT Ops / Endpoint Management </p> </td> <td> <p> <strong> 6 critical RCE flaws in Chrome and 13 high-severity bugs in Firefox enable sandbox escape </strong> </p> </td> </tr> <tr> <td> <p> Create EDR detection rule for SYSTEM-level process spawning from MsMpEng.exe </p> </td> <td> <p> SOC / Detection Engineering </p> </td> <td> <p> CVE-2026-50656 has no patch; detection is the only mitigation for RoguePlanet </p> </td> </tr> <tr> <td> <p> Verify M365 Copilot server-side patch status; restrict Copilot external email context access </p> </td> <td> <p> M365 Administration </p> </td> <td> <p> CVE-2025-32711 EchoLeak enables zero-click exfiltration from state tenant </p> </td> </tr> <tr> <td> <p> Block 23.254.164[.]92 and 23.254.164[.]123 at all perimeter firewalls </p> </td> <td> <p> Network Security / SOC </p> </td> <td> <p> Active C2 infrastructure for Mastra npm supply-chain attack </p> </td> </tr> <tr> <td> <p> Verify Joomla JCE patching on all state-hosted Joomla sites </p> </td> <td> <p> Web Application Team </p> </td> <td> <p> CVE-2026-48907 added to CISA KEV with confirmed active exploitation </p> </td> </tr> </tbody> </table> <h3> <strong> 7-DAY </strong> </h3> <table> <thead> <tr> <th> <p> <strong> Action </strong> </p> </th> <th> <p> <strong> Responsible Team </strong> </p> </th> <th> <p> <strong> Rationale </strong> </p> </th> </tr> </thead> <tbody> <tr> <td> <p> Audit all CI/CD pipelines for @mastra/* npm dependencies; block packages lacking SLSA provenance </p> </td> <td> <p> DevOps / AppSec </p> </td> <td> <p> 144 malicious packages with 918K weekly downloads; state build pipelines at risk </p> </td> </tr> <tr> <td> <p> Enable GPG/SSH commit signing and GitHub Vigilant Mode for all state repositories </p> </td> <td> <p> DevOps </p> </td> <td> <p> Shai-Hulud worm exploits unsigned commits and timestamp manipulation </p> </td> </tr> <tr> <td> <p> Assess Rockwell Automation deployments in water/wastewater; implement CIP traffic filtering and network segmentation </p> </td> <td> <p> OT/ICS Security </p> </td> <td> <p> 5 new CISA advisories + confirmed Iran-nexus intent against water sector </p> </td> </tr> <tr> <td> <p> Ingest WARLORD KITTEN OtakuKit IOCs into SIEM/EDR platforms </p> </td> <td> <p> SOC / Threat Intel </p> </td> <td> <p> Fresh hashes published 2026-06-17 indicate active Iranian APT operations </p> </td> </tr> <tr> <td> <p> Validate immutable/air-gapped backup status for all Tier-1 state systems </p> </td> <td> <p> IT Ops / BC/DR </p> </td> <td> <p> Murray County scenario demonstrates backup encryption as standard ransomware playbook </p> </td> </tr> </tbody> </table> <h3> <strong> 30-DAY </strong> </h3> <table> <thead> <tr> <th> <p> <strong> Action </strong> </p> </th> <th> <p> <strong> Responsible Team </strong> </p> </th> <th> <p> <strong> Rationale </strong> </p> </th> </tr> </thead> <tbody> <tr> <td> <p> Commission tabletop exercise: ransomware with backup encryption + month-long outage of court/law enforcement systems </p> </td> <td> <p> CISO / IR Team </p> </td> <td> <p> Murray County provides a real-world scenario template; validate state response capability </p> </td> </tr> <tr> <td> <p> Establish "AI Security" workstream separate from cloud security program </p> </td> <td> <p> CISO / Security Architecture </p> </td> <td> <p> EchoLeak class demonstrates that enterprise AI assistants create novel exfiltration channels requiring dedicated governance </p> </td> </tr> <tr> <td> <p> Evaluate centralized backup-as-a-service offering for county/municipal interconnections </p> </td> <td> <p> CIO / CISO </p> </td> <td> <p> Reduce systemic risk from under-resourced county IT programs that cannot maintain air-gapped backups independently </p> </td> </tr> <tr> <td> <p> Conduct proactive threat hunt for Volt Typhoon / Salt Typhoon living-off-the-land indicators </p> </td> <td> <p> SOC / Threat Hunting </p> </td> <td> <p> 3+ cycles of silence from primary China-nexus pre-positioning threat warrants active search, not passive monitoring </p> </td> </tr> <tr> <td> <p> Implement SLSA provenance requirements as policy for all state software procurement and development </p> </td> <td> <p> CISO / Procurement </p> </td> <td> <p> Both Shai-Hulud and Mastra attacks are defeated by provenance enforcement &mdash; this is a policy decision with technical enforcement </p> </td> </tr> </tbody> </table> <h2> <strong> IOC Blocking Table </strong> </h2> <p> The following indicators are confirmed from intelligence collection and should be added to blocking and detection platforms: </p> <table> <thead> <tr> <th> <p> <strong> Type </strong> </p> </th> <th> <p> <strong> Value </strong> </p> </th> <th> <p> <strong> Context </strong> </p> </th> </tr> </thead> <tbody> <tr> <td> <p> IPv4 </p> </td> <td> <p> 23.254.164[.]92 </p> </td> <td> <p> Mastra npm compromise &mdash; C2 dropper/loader </p> </td> </tr> <tr> <td> <p> IPv4 </p> </td> <td> <p> 23.254.164[.]123 </p> </td> <td> <p> Mastra npm compromise &mdash; C2 exfiltration </p> </td> </tr> <tr> <td> <p> npm package </p> </td> <td> <p> easy-day-js </p> </td> <td> <p> Malicious dependency injected into @mastra packages </p> </td> </tr> </tbody> </table> <p> Additional IOCs for the campaigns discussed in this report &mdash; including WARLORD KITTEN OtakuKit hashes, APT29 credential harvester samples, and DragonForce infrastructure &mdash; are available through Anomali ThreatStream Next-Gen and partner feeds. </p> <h2> <strong> Closing </strong> </h2> <p> The threat environment facing state government this week is defined by a single uncomfortable truth: <strong> your defensive tools are becoming your attack surface. </strong> Microsoft Defender &mdash; the endpoint protection agent on every state workstation &mdash; is now a privilege escalation vector with no patch. Microsoft 365 Copilot &mdash; deployed to boost productivity &mdash; is a zero-click exfiltration channel. Your developers' package managers &mdash; essential to building and maintaining state applications &mdash; are compromised by self-propagating worms. </p> <p> This is not a theoretical future state. These are active, confirmed vulnerabilities with public exploitation code and real-world victims. Murray County, Georgia is recovering from a month-long outage that cost $200,000 in ransom alone &mdash; to say nothing of the operational impact on courts, law enforcement, and citizen services. </p> <p> The decisions required are clear and time-bounded: </p> <ol> <li> <strong> Today: </strong> Deploy compensating detection controls for RoguePlanet. Restrict Copilot's external context. Block the Mastra C2 infrastructure. </li> <li> <strong> This week: </strong> Enforce supply-chain provenance. Segment OT networks. Validate backups. </li> <li> <strong> This month: </strong> Exercise your response plans against the Murray County scenario. Establish AI security governance. Hunt for what you cannot see. </li> </ol> <p> The window between public proof-of-concept and commodity exploitation is measured in days, not weeks. Act accordingly. </p> <p> <em> Anomali CTI Desk | 2026-06-17 </em> </p> <p> <em> For questions or additional context on any finding in this report, contact your Anomali intelligence team. </em> </p>