September 22, 2025 Cyber Threat Intelligence Briefing

kroll logo
Kroll
Sep 22, 2025
Kroll

This week’s briefing covers:

00:00 – Intro

00:38 [CAMPAIGN] ‘Shai-Hulud’ Spreads Across Developers in NPM Attack
A widespread supply chain attack has been discovered targeting developers and users of Node Package Manager (NPM). This follows on from a recent influx of reporting on social engineering campaigns against NPM through 2FA-related phishing emails.

4:17 [AI] North Korean APT Group Used DeepFake Images for False ID Papers
South Korean security company Genians released a report detailing the used of AI tooling by North Korean threat actors to target South Korean entities.

06:05 [MALWARE] UEFI Ransomware - HYBRIDPETYA
ESET Research found malware samples with filename similarities to the PETYA/NOTPETYA malware strains, named HYBRIDPETYA. The new sample incorporates capabilities for compromising unified extensible firmware interface (UEFI)-based systems via utilizing the CVE-2024-7344 vulnerability.

07:49 [AI] Villager AI Attack Automation Framework
A new AI-powered penetration testing tool called Villager, developed by a China-based group named Cyberspike, has appeared on the Python Package Index (PyPI).

09:39 [AI] Artificial Intelligence and Post-Exploitation
AI/ML offers significant advances for post-exploitation tasks, which are often manual and time-consuming. Traditional tools rely on limited regular expressions or require exfiltrating data. By leveraging modern Windows ML APIs and the Cobalt Strike postex-kit, it is now possible to build AI-augmented tools that execute entirely in-memory..

Dive deeper:

Kroll’s Monthly Threat Intelligence Spotlight Report: https://www.kroll.com/en/insights/publications/cyber/threat-intelligence-reports/cti-spotlight-trends-report

Kroll’s Q3 2024 Threat Landscape Report: https://www.kroll.com/en/insights/publications/cyber/threat-intelligence-reports/q3-2023-threat-landscape-report-social-engineering

Playlist of Kroll's Weekly Cyber Threat Intelligence Briefings: Cyber Threat Intelligence Briefings

Kroll Cyber Blog: https://www.kroll.com/en/insights/publications/cyber

Kroll Cyber Threat Intelligence: https://www.kroll.com/en/services/cyber-risk/managed-security/threat-intelligence-services

Kroll Threat Intelligence Reports: https://www.kroll.com/en/insights/publications/cyber/threat-intelligence-reports

Kroll Responder MDR: https://www.kroll.com/en/services/cyber-risk/managed-security/kroll-responder

#krollcyber #threatintelligence #cyberthreats

Copyright © 2026 OpsMatters™. All rights reserved.