Timeline
UNC6780
Financially motivated supply-chain cluster; open-sourced its Shai-Hulud worm kit with a Monero bounty, franchising industrial repository poisoning.
9 of 9 entries (9 events, 0 interactions)
Filters
#73 Jun
Released Shai-Hulud 3.0 as open-source under MIT licence with Monero bounty on 12 May
Cybersecurity: Threats and Defences: Attack worm kit now open-sourced freely#521 May
Mentioned in: AI orchestration flaw joins CISA's KEV
Cybersecurity: Threats and Defences#518 May
Deployed trojanised Nx Console extension and cloned ~3,800 GitHub internal repositories
Cybersecurity: Threats and Defences: GitHub's own code cloned via add-on#411 May
Cloned over 300 private Cisco GitHub repositories using SANDCLOCK-stolen credentials
Cybersecurity: Threats and Defences: UNC6780 takes Cisco AI Defense source code#48 May
Exploited CVE-2026-42208 within 36 hours of KEV addition, using SANDCLOCK-stolen AWS keys and GitHub tokens
Cybersecurity: Threats and Defences: LiteLLM SQL injection hits in 36 hours#37 May
Provided the operational backdrop for CSIS paper published six days after the Axios compromise
Cybersecurity: Threats and Defences: CSIS calls for operational US-ROK cyber alliance#35 May
Phished an Axios npm maintainer and planted WAVESHAPER.V2 in versions v1.14.1 and v0.30.4
Cybersecurity: Threats and Defences: UNC1069 planted WAVESHAPER.V2 in Axios via maintainer phishing#229 Apr
Mentioned in: Three supply-chain hits in thirteen days
Cybersecurity: Threats and Defences#223 Apr