Cyber Rangers
Blog

The week when attacks came in through someone else's trust

This past week shares a single theme: attackers are not breaking in through a frontal assault on your company, but through something or someone you already trust. The D1R group used an older Synopsys data leak as a map to reach Bosch and ARM, actors linked to ShinyHunters spent a year pulling data out of Salesforce through legitimate OAuth connections, and 148 npm packages abused the trust placed in a package registry.

On top of that came a new type of attack on AI assistants that plants a persistent false memory with a single email, and here at home three Czech companies showed up on the leak site of the Titan ransomware group. For the period covered, the source data held 43 articles, 258 vulnerabilities, 20 ransomware victims, and 11 dark web items.

1. One leak as a stepping stone to Bosch and ARM

The D1R group announced that it turned an earlier data leak from Synopsys into a road map. By its own account it cross-referenced the Synopsys database against a target list and against leaks from other groups, and through the access it gained it reached internal materials of two technology giants, Bosch in Germany and ARM in the United Kingdom.

An interesting technical detail: with ARM the group notes that two-factor authentication required at practically every step slowed the effort down significantly, yet it still managed to download part of the data. That nicely shows two things at once, how strongly 2FA complicates an attacker's life, and how a single older leak can serve as an entry point for a whole range of further targets even months after the incident.

What to do:

  • Treat leaks at your suppliers as your problem, not just theirs. The data can be combined and pointed back at you.
  • Deploy 2FA on every sensitive step, not just on login. It genuinely slows attackers down.

2. ShinyHunters: a year of Salesforce theft without a single vulnerability

Microsoft mapped how actors whose methods match the ShinyHunters group spent roughly a year extracting data from corporate Salesforce environments without exploiting a single flaw in the platform itself. The way in was trust the organizations had already granted to someone, typically through OAuth connections that tie Salesforce to surrounding apps and vendors.

Microsoft describes three different paths the attackers used to get inside. What they share is that this was not an exploit, but abuse of legitimate access. That is unpleasant mainly because such traffic looks like a normal integration and classic vulnerability detection will not catch it.

What to do:

  • Take an inventory of your OAuth connections and revoke anything no longer in use.
  • Watch how much data each integration actually pulls. A sudden spike is a warning sign.

3. 148 npm packages turned browsers into a DDoS botnet

According to research from JFrog, a campaign of 148 npm packages posing as student web proxies appeared in May. The interesting twist is who the victim was. It was not the developers who might install the package, but the visitors. The operators abused npm as free hosting for the booby-trapped proxy sites, and for about two weeks they folded the browsers of students trying to bypass blocks into a distributed DDoS botnet.

It is a reminder that a package registry is not just a source of dependencies for developers, but also infrastructure an attacker can abuse in a completely different way than you expect, reaching the victim through ordinary web browsing.

What to do:

  • Do not treat public registries as safe just because they are well known and widely used.
  • Teach people that proxies and block bypassing are a classic lure through which foreign code reaches the browser.

4. MemGhost: a false memory into an AI assistant with one email

The new MemGhost attack targets AI assistants that have persistent memory and access to email. A single spoofed email can get the assistant to save an untrue fact about the user, hide that change, and then quietly adjust its answers in later conversations based on it. The user then reads an ordinary-looking reply and has no idea that someone tampered with their assistant's memory.

This is a new class of risk. Where classic phishing is a one-off action, here the attacker stores a persistent influence in the system that survives across sessions. The more authority and memory we give assistants, the greater the impact of such an attack.

What to do:

  • With AI assistants, control who and what may write into their persistent memory.
  • Treat incoming content, including emails, as potential input that can change an agent's behavior.

5. At home: Titan claimed three Czech companies

The week was not calm here at home either. On the leak site of the Titan ransomware group, three Czech entities appeared during the period covered, DataOstrov s.r.o., Ozmit s.r.o., and Cooperate consulting CZ s.r.o. On top of that came the company Jakub A.S. under the Qilin group. The source data does not give specific incident details, but the concentration of Czech victims in a single week is a reminder that domestic companies are not a marginal target for these groups.

What to do:

  • Verify that you have working, tested backups separated from production.
  • Do not count on being too small for an attacker. Leak sites show the opposite.

Key takeaways from this week

  • Map who and what you are connected to. Suppliers, OAuth apps, and packages from registries are all part of your attack surface.
  • Take old leaks seriously. The data from them gets recycled and combined for years after the incident.
  • Deploy multi-factor authentication on sensitive steps, not just on login. It demonstrably slows attackers down.
  • With AI assistants, control who may write into their memory and what content can change their behavior.
  • Verify what actually gets installed into your systems and browsers, not just where it formally came from.
  • Keep tested backups separated from production and a plan for what to do when your company shows up on a leak site.