January 12, 2026 Cyber Threat Intelligence Briefing

kroll logo
Kroll
Jan 12, 2026
Kroll

This week’s briefing covers:

00:00 – Intro

00:40 [MALWARE] Malicious LLM Chrome Extensions Exfiltrate Browser Data
Two malicious Chrome extensions that appear to mimic legitimate large language model (LLM) extensions. The two malicious extensions are as follows:

  • Chat GPT for Chrome with GPT-5, Claude Sonnet and DeepSeek AI
  • AI Sidebar with Deepseek, ChatGPT, Claude and more
  • Combined, the extensions have over 900,000 user downloads and claim to be from the developer AITOPIA, however, they are actually mimicking legitimate extensions from that company.

03:51 [MALWARE] DCRAT Deployed in BSOD Click-fix Campaign
A malware campaign mimicking branding from well-known companies to lure victims into installing the DCRAT.
The campaign starts with a lure pretending to be from the widely used hotel reservation site booking.com pretending to be a hotel reservation cancellation notification.

06:11 [THREAT ACTOR ACTIVITY] Recent Chinese Cyber Attacks on Taiwan
Taiwan has faced a surge in cyberattacks attributed to Chinese state-linked actors since the start of 2026. These campaigns are synchronized with military exercises and disinformation efforts, aiming to undermine Taiwan’s resilience without triggering open conflict. Daily intrusion attempts have exceeded previous records, continuing the trajectory observed in 2025 when attacks averaged over 2.6 million per day.

08:50 [RANSOMWARE] TRIDENTLOCKER Ransomware Attack on Sedgwick
TridentLocker is an emerging ransomware-as-a-service (RaaS) group that surfaced in late November 2025. The group employs double-extortion tactics, which involve encrypting victim systems while simultaneously threatening to release exfiltrated sensitive data on its dark web leak site.

Dive deeper:

Kroll’s Monthly Threat Intelligence Spotlight Report: https://www.kroll.com/en/reports/cyber/threat-intelligence-reports/cti-spotlight-trends-report

Kroll’s Q4 2024 Cyber Threat Landscape: https://www.kroll.com/en/reports/cyber/threat-intelligence-reports/q4-2024-threat-landscape-report-phishing

Kroll’s 2025 Cyber Threat Landscape Report: Cybercrime in the Crypto Era: https://www.kroll.com/Reports/Cyber/Threat-Intelligence-Reports/Threat-Landscape-Report-Lens-on-Crypto

Playlist of Kroll's Weekly Cyber Threat Intelligence Briefings: https://www.youtube.com/playlist

Kroll Cyber Blog: https://www.kroll.com/en/insights/cyber

Kroll Cyber Threat Intelligence: https://www.kroll.com/en/services/cyber/threat-intelligence-services

Kroll Threat Intelligence Reports: https://www.kroll.com/en/reports/cyber/threat-intelligence-reports

Kroll Responder MDR: https://www.kroll.com/en/services/cyber/kroll-responder

#krollcyber #threatintelligence #cyberthreats

Copyright © 2026 OpsMatters™. All rights reserved.