Find notable cyber news and cases, enriched with sources, timelines, and signals.

Konni blockchain developer targeting campaign with AI-generated PowerShell malware

Campaign
First reported
Last updated
Happening score
H score 33
1 unique sources, 1 articles

Summary

Hide ▲

Konni (Opal Sleet, TA406) is running an active campaign that uses AI-generated PowerShell malware to target developers and engineers in the blockchain sector, with an apparent Asia-Pacific focus. The operation matters because the lure is designed to compromise development environments and reach infrastructure, API credentials, wallet access, and cryptocurrency holdings. The intrusion chain uses a Discord-hosted link, a ZIP archive, a malicious LNK, and a PowerShell backdoor to establish access and persistence.

Related Happenings

Cavern Manticore campaign targeting Israeli government and IT organizations

Campaign
H score30 First: 06.07.2026 19:00 Last: 06.07.2026 19:00 Sources 1

About this happening: The **Cavern Manticore** campaign is **targeting Israeli government and IT organizations** since **early 2026**, increasing the risk of **unauthorized access** and **data theft**...

Ghost Networks crypto-clipper promotion campaign

Campaign
H score15 First: 17.06.2026 21:14 Last: 17.06.2026 21:14 Sources 1

About this happening: **Unknown threat actor** is running an **active June 2026** campaign that fakes legitimacy to distribute a **Rust-based clipboard hijacker**. The operation uses **bogus GitHub sta...

Webworm EchoCreep and GraphWorm backdoor expansion

Malware Activity
H score28 First: 20.05.2026 15:51 Last: 20.05.2026 15:51 Sources 1

About this happening: **Webworm** expanded its malware arsenal in **2025** with the custom backdoors **EchoCreep** and **GraphWorm**, increasing its ability to run stealthy **command-and-control** oper...

Hugging Face shared-loader supply chain campaign

Campaign
H score79 First: 11.05.2026 10:05 Last: 11.05.2026 10:05 Sources 1

About this happening: A **Hugging Face** repository cluster appears to be part of a **broader supply chain campaign** that used **shared loaders** to push a stealer through open-source model downloads....

PCPJack worm-like credential theft framework

Malware Activity
H score27 First: 07.05.2026 20:45 Last: 07.05.2026 20:45 Sources 1

About this happening: The **PCPJack** malware framework now conducts **credential theft** across exposed cloud infrastructure, raising the risk of account takeover and follow-on intrusion. It matters b...

Timeline

  1. 24.01.2026 17:23 2 articles · 5mo ago

    Konni targets blockchain developers with AI-generated PowerShell malware

    Initial Disclosure

    A Konni (Opal Sleet, TA406) campaign targets blockchain-sector developers and engineers in the Asia-Pacific region with AI-generated PowerShell malware delivered through a Discord-hosted link that drops a ZIP archive containing a PDF lure and a malicious LNK shortcut. The execution chain deploys an obfuscated PowerShell backdoor that performs environment checks, generates a unique host ID, creates persistence through an hourly scheduled task masquerading as a OneDrive startup task, and polls a C2 server for host metadata and additional PowerShell code. The lure is framed to gain access to infrastructure, API credentials, wallet access, and cryptocurrency holdings.

    Show sources