Timeline
UNC6780
Financially motivated supply-chain cluster that stole Cisco AI Defense source code and breached LiteLLM in 36 hours.
6 of 6 entries (6 events, 0 interactions)
Filters
#411 May
Cloned over 300 private Cisco GitHub repositories using SANDCLOCK-stolen credentials
Cybersecurity: Threats and Defences: UNC6780 takes Cisco AI Defense source code#48 May
Exploited CVE-2026-42208 within 36 hours of KEV addition, using SANDCLOCK-stolen AWS keys and GitHub tokens
Cybersecurity: Threats and Defences: LiteLLM SQL injection hits in 36 hours#37 May
Provided the operational backdrop for CSIS paper published six days after the Axios compromise
Cybersecurity: Threats and Defences: CSIS calls for operational US-ROK cyber alliance#35 May
Phished an Axios npm maintainer and planted WAVESHAPER.V2 in versions v1.14.1 and v0.30.4
Cybersecurity: Threats and Defences: UNC1069 planted WAVESHAPER.V2 in Axios via maintainer phishing#229 Apr
Mentioned in: Three supply-chain hits in thirteen days
Cybersecurity: Threats and Defences#223 Apr