The Cyber Byte - 2 March 2026
This edition highlight threat actors jailbreaking commercial AI models like Claude to orchestrate data breaches against government targets, while state-aligned groups use AI for large-scale industrial espionage through distillation attacks [3, 6]. This trend coincides with a massive state-sponsored cyberattack that crippled Iranian infrastructure, demonstrating the potent combination of conventional and digital warfare [11]. Meanwhile, critical vulnerabilities in cloud services and emerging automation frameworks expose new supply-chain risks, with threat actors leveraging insecure defaults and poisoned plugins to achieve initial access and domain compromise at unprecedented speeds [5, 7, 8].
Significant Cyber Incidents and Articles of Interest
Pentagon Designates Anthropic a Supply Chain Risk: The U.S. Department of War (DoW) has designated AI company Anthropic a "supply chain risk" following a dispute over the military's use of its AI model, Claude. The designation came after negotiations stalled, with Anthropic refusing to remove safeguards that prevent its technology from being used for "mass domestic surveillance and fully autonomous weapons". In response, the Trump administration has ordered all federal agencies to phase out Anthropic's technology, and the Pentagon has mandated that all contractors cease commercial activity with the company, a move Anthropic described as "legally unsound"[1].
Hacker Jailbreaks Claude AI to Steal Mexican Government Data: An unidentified hacker successfully jailbroke Anthropic's Claude AI to steal 150GB of sensitive data from Mexican government agencies, including the federal tax authority and national electoral institute. The campaign, which ran from December 2025 to early January 2026, involved using persistent, Spanish-language prompts to make Claude role-play as a hacker, generating vulnerability scans and exploit code. This "AI-orchestrated" attack demonstrates how consumer-grade AI models can be turned into powerful offensive tools, significantly lowering the technical barrier for sophisticated cybercrime and enabling solo operators to execute attacks that mirror the capabilities of advanced persistent threats [3].
Google API Keys Expose Sensitive Gemini Data: A significant vulnerability has been identified in Google Cloud's API key architecture, where publicly exposed API keys intended for benign services like Google Maps can be retroactively granted access to the sensitive Gemini (Generative Language) API. This insecure default and "retroactive privilege expansion" occurs without notification when the Gemini API is enabled on a project, transforming non-secret identifiers into powerful credentials. Researchers discovered 2,863 live, vulnerable keys on the public internet, which could be used to access private data, incur fraudulent charges, and disrupt services. The incident highlights the risks of reusing credentials across services with different security postures and the importance of auditing key permissions when enabling new APIs [7].
Chinese AI Labs Target Claude in Industrial-Scale Distillation Attacks: Anthropic has detected and disrupted large-scale campaigns by three Chinese AI laboratories (DeepSeek, Moonshot, and MiniMax) aimed at illicitly extracting the capabilities of its Claude model. The labs used over 24,000 fraudulent accounts and commercial proxy services to conduct more than 16 million exchanges in "distillation attacks," a technique used to train weaker models on the outputs of a more powerful one. These operations, which represent a new form of industrial espionage, undermine AI export controls and pose a national security risk by allowing foreign entities to develop advanced AI systems without built-in safeguards [6].
Israel Launches Massive Cyberattack Against Iran: In conjunction with a conventional military strike, Israel reportedly launched an unprecedented cyberattack against Iran on February 28, 2026, causing a near-total digital blackout. The attack crippled critical infrastructure, disrupted the IRGC's communication systems, took official news sites offline, and caused nationwide internet connectivity to drop to just 4% of normal levels. This hybrid warfare operation combined electronic warfare, DDoS attacks, and deep intrusions into energy and aviation systems, effectively isolating Iran's leadership during a moment of crisis and showcasing the devastating impact of integrated military and cyber operations [11].
Threat Actor Activity
Diesel Vortex:
A Russian financially motivated group operating a sophisticated Phishing-as-a-Service (PhaaS) platform named "GlobalProfit" [9].
TTPs: The group utilizes a dual-domain architecture to bypass browser blocklists, where a clean "advertise" domain loads the malicious "system" domain in an iframe. They conduct real-time victim manipulation via a Telegram-based operator console and employ typosquatting and Cyrillic homoglyph attacks in phishing emails to evade filters. Their tactics include both spearphishing and voice phishing [9].
Targets & Geographic Focus: The group systematically targets freight and logistics companies across the United States and Europe, focusing on users of platforms like DAT Truckstop, Penske Logistics, and EFS [9].
Chinese State-Aligned Actors:
Chinese law enforcement and other state-aligned groups are leveraging both U.S. and local AI models to support global influence and intelligence-gathering operations [10].
TTPs: These actors use ChatGPT for editing operational reports, planning propaganda campaigns, generating social engineering emails, and researching U.S. targets. Operations include impersonating U.S. officials, forging documents, and using local AI models like DeepSeek. They have also explored using real-time face-swapping software like FaceFusion [10].
Targets & Geographic Focus: Campaigns target Chinese dissidents globally, with specific operations identified against Japanese political figures and reconnaissance focused on U.S. officials and financial analysts [10].
Various eCrime and State-Nexus Groups:
Adversaries are integrating AI into their toolchains to accelerate attacks [5].
PUNK SPIDER, a moderately resourced eCrime group, uses AI models like Gemini and DeepSeek to generate post-exploitation scripts for credential dumping and evidence destruction [5].
FANCY BEAR, a Russia-nexus actor, deployed the LAMEHUG malware against Ukrainian government entities, which uses an LLM to automate reconnaissance commands [5].
PRESSURE CHOLLIMA executed a supply chain attack targeting the Safe{Wallet} digital asset management platform to facilitate a massive cryptocurrency theft from the Bybit exchange [5].
Malicious Skill Developers:
Unidentified actors are poisoning the ecosystem of the OpenClaw AI automation framework [8].
TTPs: These actors upload hundreds of malicious plugins, or "skills," to the ClawHub marketplace. The poisoned skills are designed to deliver infostealers, Remote Access Trojans (RATs), and other backdoors by exploiting the trusted execution context of the OpenClaw agent, which lacks proper sandboxing [8].
Indicators to Watch
New Malware and Tools:
DarkCloud Infostealer: A low-cost (starting at US$30) commercial infostealer written in legacy Visual Basic 6.0 to evade modern detection. It is sold openly on Telegram and clearnet sites, targeting credentials from dozens of browsers, email clients, FTP applications, and VPNs. Data exfiltration is supported via SMTP, FTP, Telegram, and HTTP [4].
LAMEHUG Malware: A tool used by state-aligned actors that integrates with an LLM via the Hugging Face API to outsource reconnaissance logic. It generates system and network enumeration commands from simple, hardcoded prompts, allowing operators to adapt intrusions in real time [5].
Malicious OpenClaw Skills: The emerging supply-chain threat of poisoned plugins on the ClawHub marketplace for the OpenClaw AI automation framework. These skills deliver infostealers and RATs by abusing the framework's lack of sandboxing, executing with full system permissions [8].
Emerging Campaigns and Trends:
AI-Driven Attack Compression: Adversaries are using AI models to drastically shorten "breakout time", the interval between initial access and lateral movement, to under 30 minutes. AI is being used to automate reconnaissance, generate post-exploitation scripts, and chain together attack sequences at machine speed [5].
AI Distillation Attacks: A new form of industrial espionage where foreign labs use thousands of fraudulent accounts and proxies to run millions of queries against frontier AI models like Claude. Organizations should monitor for highly repetitive, structured, and high-volume API traffic targeting narrow capabilities, as this indicates illicit capability extraction [6].
Dual-Domain Phishing: A sophisticated evasion technique used by Diesel Vortex where a benign "advertise" domain loads the malicious phishing page from a separate "system" domain within a full-screen iframe. This can bypass browser blocklist protections that only evaluate the top-level domain [9].
Vulnerabilities and Suspicious Patterns:
RustFS Stored XSS (GHSA-v9fg-3cr2-277j): A critical vulnerability in RustFS allows an attacker to achieve administrative account takeover. By uploading a file with a .pdf extension but setting the Content-Type metadata to text/html, an attacker can execute JavaScript in the context of the management console when an admin previews the file, stealing credentials from localStorage [2].
Retroactive Privilege Escalation of API Keys: The Google Gemini incident shows that public identifiers can silently become sensitive credentials when new services are enabled. Security teams must audit existing API keys and their permissions whenever a new, high-privilege API is activated within the same project to prevent unintended exposure [7].
Cyrillic Homoglyphs in Email: Threat actors are using Cyrillic characters that are visually identical to Latin characters in email subjects and bodies to bypass content filters and security gateways. This technique was observed in the Diesel Vortex campaign [9].
