Skip to content
You can now search across every topic, entity and event.What's new
Timeline

UNC6780

Financially motivated supply-chain cluster; open-sourced its Shai-Hulud worm kit with a Monero bounty, franchising industrial repository poisoning.

9 of 9 entries (9 events, 0 interactions)

Filters
#73 Jun

Released Shai-Hulud 3.0 as open-source under MIT licence with Monero bounty on 12 May

Cybersecurity: Threats and Defences: Attack worm kit now open-sourced freely
#521 May

Mentioned in: AI orchestration flaw joins CISA's KEV

Cybersecurity: Threats and Defences
#518 May

Deployed trojanised Nx Console extension and cloned ~3,800 GitHub internal repositories

Cybersecurity: Threats and Defences: GitHub's own code cloned via add-on
#411 May

Cloned over 300 private Cisco GitHub repositories using SANDCLOCK-stolen credentials

Cybersecurity: Threats and Defences: UNC6780 takes Cisco AI Defense source code
#48 May

Exploited CVE-2026-42208 within 36 hours of KEV addition, using SANDCLOCK-stolen AWS keys and GitHub tokens

Cybersecurity: Threats and Defences: LiteLLM SQL injection hits in 36 hours
#37 May

Provided the operational backdrop for CSIS paper published six days after the Axios compromise

Cybersecurity: Threats and Defences: CSIS calls for operational US-ROK cyber alliance
#35 May

Phished an Axios npm maintainer and planted WAVESHAPER.V2 in versions v1.14.1 and v0.30.4

Cybersecurity: Threats and Defences: UNC1069 planted WAVESHAPER.V2 in Axios via maintainer phishing
#229 Apr
#223 Apr

Deployed SNOW malware via Microsoft Teams IT-support impersonation against law firms and BPOs

Cybersecurity: Threats and Defences: UNC6692 runs SNOW through Microsoft Teams