Weekly Threat Advisory: Cluster Analysis & Top IOCs, June 15 – 21, 2026

The catalogue produced 55,480 indicator observations across 89 adversary clusters this week, shaped by three structural signals: a ransomware operator rotated a full multi-pivot kill chain (219 indicators across 4 IOC types in a single week), the developer supply chain became the preferred attack surface for three concurrent campaigns, and AI-platform domains began appearing as adversary infrastructure. This advisory is what the catalogue says — and what your blue team should do about it Monday morning.

For the hunting and detection-engineering operationalisation of recent windows, see the companion Sigma Playbook. For previous weekly advisories, see the Threat Intelligence archive. For the AWS-specific hunt library, see the AWS Threat Hunting Library.

01 · This week in numbers

The catalogue produced 55,480 indicator observations this cycle, down from last week’s 76,205 — a 27 percent reduction in topline volume but with a measurably denser high-confidence layer. Three structural shifts matter more than the topline. First, a single ransomware operator rotated 219 indicators across four IOC types in seven days, the broadest multi-pivot kill-chain rotation observed in three weeks. Second, three concurrent supply-chain campaigns targeted the developer tool-chain (a development-editor plugin marketplace, a browser-extension store, and a marketing-platform delivery layer). Third, artificial-intelligence platforms began appearing as adversary infrastructure — chat-share URLs used as redirector layers, AI-generated lure videos staged on accomplice domains.

02 · Headlines — the three things that defined this week

If you read nothing else, read these three.

Headline 01 · A ransomware operator rotated a full multi-pivot kill chain

A single ransomware cluster — one that combines a recently merged double-extortion brand and an affiliate-driven distribution layer — rotated 219 unique indicators in seven days, distributed across all four primary IOC types (83 domains, 72 hashes, 61 IP addresses, 3 URLs). Multi-pivot rotation at this breadth is a load-bearing intelligence signal: the operator is not iterating on a single tactic, they are running a coordinated kill-chain refresh — new infrastructure for initial-access landing pages, new binary payloads, new C2 listener IPs, and new staging URLs concurrently. The implication for defenders is that single-type blocklists (only domains, only hashes) will catch a fraction of the activity. The cluster also showed a tight subnet anchor: four of its IP rotations landed inside the same /24 address block (23.227.202.0/24), suggesting an upstream hosting anchor that survived the rotation cycle. Subnet-level blocking on that anchor is the cheapest defensive control.

Headline 02 · Developer supply chain became the preferred attack surface

Three concurrent supply-chain campaigns hit the developer tool-chain this week, contributing 42 unique indicators across the OTHERS (package names), DOMAIN, EMAIL, and IP types. The first targeted a code-editor plugin marketplace with 15 typosquat package identifiers (com.coder.ai.dpt, com.dev.ai.toolkit, org.bug.find.tools, etc.) designed to look like legitimate AI-coding helpers. The second targeted a browser extension store with 8 malicious extension domains plus 7 operator email addresses tied to publisher accounts. The third compromised a marketing-tools delivery layer at 6 typosquat domains (opmnstr.com, optnmstr.com, etc.). All three share a single pattern: impersonate a tool the developer already trusts and let the developer install it themselves. None of the three required exploitation of a vulnerability. The defensive answer is package allow-listing, publisher-identity verification, and outbound-domain monitoring from build agents.

Headline 03 · AI platforms appeared as adversary infrastructure

For the first time at observable scale in this catalogue, artificial-intelligence platform URLs are being used as adversary infrastructure. The week observed 19 domains operating as redirectors that route through AI-chat-share URL patterns — abusing platforms designed for legitimate prompt sharing to inherit reputation and TLS validity from a high-trust parent domain. Separately, a 39-indicator phishing campaign used AI-generated instruction videos as the lure content layer, staged on accomplice domains. The combination of AI-generated content (cheap to produce, hard to fingerprint with traditional template detection) and AI-platform redirector infrastructure (inherits trust from the host) represents a new operational pattern. Defenders should treat AI-platform share URLs the way they would treat URL-shortener services: a candidate for inspection, not for implicit trust.

03 · Indicator-type and severity breakdown

An intelligence catalogue is only useful if you know where the high-value records concentrate. The IP-address layer dominates this week’s topline volume — 96 percent of all observations — because the largest contributing feed is a C2-infrastructure flood feed that produces dense IP-only output. The story shifts when you look at the narrow indicator types: domains, hashes, URLs, emails, and OTHERS (package names, lure filenames) are the layer where new adversary tradecraft surfaces.

By indicator type

By severity

Reading the severity distribution. The Medium-severity layer is dominated by C2-framework infrastructure observations — recognised tooling that has not yet been tied to a specific named campaign. The 1,086 High-severity records are the actionable layer: campaign-attributed, MITRE-tagged, ransomware-grade, or APT-attributed. The Low-severity layer is scanning noise and reputation-only signals retained for retrospective correlation. The SOC’s automated blocklist lane should consume the High layer only; Medium goes to enrichment, Low to the data lake.

04 · Category mix — where the catalogue concentrates

Command-and-control infrastructure remains the dominant category at 99 percent of records — an expected weighting given C2 listener IPs are the highest-volume class of indicator produced by passive collection. The story this week sits in the narrower categories: Phishing (377), Malware-Activity (289), Ransomware-as-a-Service (282), and the supply-chain entries (24 records, attributable to three distinct campaigns).

The 54 APT records cover six distinct named threat actors — the most diverse APT footprint observed in eight weeks. Two of those (APT37, UNC6508) showed multi-pivot rotation, indicating active operational tempo rather than retrospective indicator publication.

05 · Top 30 adversary clusters by indicator footprint

The table ranks every named adversary cluster by unique indicator count this week. The dominant entry — an open-source C2 framework family with 52,633 observations — reflects infrastructure-monitoring feed output and is shown in grey to preserve readability of the other 29 entries. The 29 sub-leading clusters carry the operationally interesting signal: campaign-attributed activity, ransomware-grade rotations, APT signatures, and supply-chain attacks.

How to read this table. Pay disproportionate attention to clusters that span three or more IOC types — that breadth is a campaign-fingerprint signal. Clusters with only IP indicators (VShell, meshagent, metasploit, mythic, havoc, AsyncRAT, Remcos, AdaptixC2, Cobalt Strike, DCRat, AdaptixC2) are typically open-source C2 framework infrastructure; useful for perimeter blocking but limited as an attribution anchor. Clusters with DOMAIN+HASH+IP+URL coverage (Rhysida-Interlock, AryStinger) are the full-kill-chain rotations.

06 · Cluster deep-dives — the five that matter most

06.1 · Rhysida-Interlock — the full-kill-chain rotation

This cluster represents the merged operational signature of two named ransomware brands that have demonstrated overlapping affiliate networks and infrastructure handoff in recent quarters. The catalogue tracks them as a single cluster because the technical indicators no longer separate cleanly. The week’s footprint is the broadest seen for this cluster in the year-to-date window: 83 unique domains, 72 hashes, 61 IP addresses, 3 URLs. The 61 IPs include a tight subnet anchor (four IPs in 23.227.202.0/24) that suggests an upstream hosting concentration that survived the rotation cycle.

Tradecraft profile. Initial access via valid-account compromise (often acquired from initial-access brokers feeding off credential-stealer ecosystems), followed by living-off-the-land lateral movement using built-in remote-management tooling. Encryption is partial-file and threaded for speed. The double-extortion lane uploads exfiltrated data to operator-controlled domains before the encryption phase fires.

Defensive actions:

• Block the subnet anchor 23.227.202.0/24 at the perimeter. The four IPs in that block are not isolated — treat the entire /24 as suspect.
• Hash-block all 72 binary indicators at endpoint, file-share, and email-attachment scan points.
• Watch for the kill-chain sequence: valid-account login from an unusual source, immediately followed by remote-management tool execution, immediately followed by large outbound transfer to one of the 83 domains. The sequence is the signature; any single step is noisy alone.

06.2 · ClickFix — the deterministic domain-URL pivot

This phishing/malware-campaign cluster contributed 215 indicators with a striking 1:1 domain-to-URL pivot pattern (107 domains, 107 URLs). The domain naming convention is algorithmic — alphanumeric strings that look like license keys (5v12-3my5908y1.com, 8790tn5c190y51v7n2.com) — suggesting automated domain generation tied to a campaign-management backend. The MITRE technique signature is consistent across every indicator: T1566 + T1204 + T1059 + T1105 (phishing → user-execution → command-interpreter → ingress-tool-transfer).

What the algorithmic naming tells you. The operator is running a domain-generation algorithm with a low character entropy profile (mixed letters and digits, no English wordlist source). DGA detection rules tuned on entropy will catch these; rules tuned on dictionary deviation will miss them.

Defensive actions:

• DGA detector tuned to character-class entropy (not dictionary distance) will flag the naming pattern.
• Block all 107 domains at the DNS resolver layer. The 107 corresponding URLs become unreachable as a side effect.
• Watch for the click-execution sequence: browser navigation to one of the 107 domains, then PowerShell or command-interpreter launch within 30 seconds from the same endpoint — the technique signature end-to-end.

06.3 · AryStinger — full-kill-chain stealer

This malware cluster contributed 66 indicators across all four primary IOC types (53 hashes, 9 URLs, 3 domains, 1 IP). The hash-heavy distribution is the signature of a stealer family with multiple delivered payload variants — each victim receives a slightly different binary, dropping a baseline hash-blocklist hit rate but rotating the network indicators less aggressively. The cluster’s stealer functionality maps to T1056.001 (Keylogging), T1555 (Credentials from Password Stores), T1113 (Screen Capture), and T1041 (Exfiltration over C2).

Defensive actions:

• Don’t rely on hash-only detection for this cluster — the 53 variants suggest a polymorphic build pipeline. Behavioural detection on credential-store access and clipboard scraping is the reliable layer.
• Watch the network anchor: the single IP (107.150.106.14) is the stable infrastructure point and is the cheapest blocklist add.

06.4 · Developer supply-chain attack trio

Three concurrent campaigns hit the developer tool-chain this week, and they belong in the same analysis because they share the same operating principle: impersonate a tool the developer trusts.

• Code-editor plugin marketplace campaign — 15 typosquat package identifiers like com.coder.ai.dpt, com.dev.ai.toolkit, com.json.simple.kit, org.bug.find.tools. All 15 deliberately target the AI-assistant and code-quality plugin segment, riding the surge in developer demand for AI-coding helpers.
• Browser-extension store campaign — 8 malicious domains plus 7 publisher email addresses tied to extension uploads. The extensions abused the browser-extension privilege model to read session cookies, browser bookmarks, and form fields — classic browser-extension malware kill chain (T1176 + T1539 + T1217).
• Marketing-platform delivery layer compromise — 6 typosquat domains shadowing a popular marketing-tools delivery CDN (opmnstr.com, optnmstr.com, trstplse.com). The campaign loaded malicious payloads into legitimate marketing form pop-ups, abusing trust the website owner extended to the delivery CDN.

The combined lesson. Software supply-chain attacks no longer require novel exploits; the attack vector is the tool-installation flow itself. Defensive answers are package allow-listing in CI build agents, publisher-identity verification at the extension store, and outbound-domain monitoring from production web pages and build runners.

06.5 · AI platforms as adversary infrastructure

Two separate campaigns this week made operational use of artificial-intelligence platform domains — the first publicly observable pattern of this kind at scale in our catalogue.

• Chat-share-URL abuse cluster — 19 domains operating as redirector layers that route through public AI chat-share URLs. The pattern abuses platforms designed for legitimate prompt sharing, inheriting reputation and TLS validity from a high-trust parent. The 19 domains all redirected to second-stage malware-distribution infrastructure within 48 hours of registration.
• AI-generated lure video campaign — 39 indicators (38 URLs, 1 hash) where the lure layer was an AI-generated instructional video staged on accomplice domains. The visual quality of the lure was high; the video was unique per victim cohort; traditional template-matching detection rules failed.

What this means for defenders. Treat AI-platform share URLs the same way you treat URL-shortener services: candidate for inspection, not for implicit trust. AI-generated content cannot be flagged by signature; the detection layer has to move to behaviour (what does the user do after consuming the content?) and to context (does the inbound source claim a reasonable provenance?).

06.6 · APT cluster appearances — APT37 and UNC6508

Two named state-aligned threat-actor clusters appeared in this week’s catalogue with multi-pivot indicator rotations.

• APT37 — 15 indicators across DOMAIN (5), HASH (4), IP (6). This is a cluster historically tied to regional-targeting activity against academia, defectors, and policy-research organisations. The IPs landed in a tight pair (121.254.222.10 and 121.254.222.80), suggesting infrastructure concentration.
• UNC6508 — 19 indicators across DOMAIN (11), HASH (7), IP (1). The single-IP anchor with 11 domains is the inverse of the typical pattern (many IPs, few domains) — suggesting either domain-rotation defensive evasion or a single C2 with many landing pages.

Both clusters carry the APT category tag with High severity. For organisations in research, government-adjacent, or critical-infrastructure verticals, these are the catalogue entries that warrant immediate IOC ingestion and a focused retrospective hunt.

07 · MITRE ATT&CK technique pressure

The catalogue aggregates technique tags from every IOC where the source feed published an ATT&CK mapping, then rolls them up to the parent tactic. The table below is what the adversary tactic-pressure profile looked like this week — that is, which phases of the kill chain were most heavily represented in the indicator stream.

How the adversary-to-MITRE mapping was built

Each catalogued indicator carries a ttp field populated either by the source feed or by the catalogue’s enrichment layer. For the deep-dive clusters above, here is the per-adversary MITRE mapping that drove the technique-pressure roll-up:

08 · Subnet clustering — the shared-infrastructure signal

One of the cheapest correlation passes in catalogue analytics is the /24 subnet group-by: take every IP indicator from the week, drop the host octet, and count distinct subnets with 3 or more indicators. The subnets that surface are operator-anchor signals — they indicate where the adversary’s upstream hosting concentration sits, and they unlock subnet-level blocking as a cheaper-than-host-level control.

Why subnet-level blocking is asymmetric in defenders’ favour. When an adversary rotates IPs inside a single hosting tenant, every new rotation typically lands inside the same upstream IP pool. The /24 anchor outlasts individual host rotations by days to weeks. The false-positive cost of blocking a /24 is bounded (you lose ~256 addresses); the operational gain is amortised across every future rotation inside the block. For non-cloud-CDN subnets — which all of the table above are — the trade-off favours subnet-blocking by an order of magnitude.

09 · Top 15 IOCs per indicator type

The tables below are operator-grade extractions from this week’s catalogue — 15 indicators per IOC type, each with adversary attribution, category, and severity. Use the IP and domain tables as immediate blocklist input; use the hash table for endpoint binary detection; use the URL table for proxy / DNS sinkholing; use the email table for SMTP gateway filters; use the OTHERS table for package-allow-listing in CI build agents. All indicators have been defanged in this advisory per the catalogue’s publish-safe formatting convention — re-fang on import (replace [.] with . and hxxp with http).

Top 15 · IP addresses (High severity)

Top 15 · Domains

Top 15 · File hashes

Top 15 · URLs

Top 15 · Email addresses (operator / publisher)

Top 15 · Other artefacts (package IDs + lure filenames)

10 · Sigma detection rules — four for this week’s standout patterns

Each rule below addresses a distinct technique cluster from this week’s catalogue. Drop them into your detection-content pipeline, normalise the field names against your SIEM’s schema, tune the false-positive filters against your organisation’s allowlist, and ship. The rule IDs are stable, the references point back to this advisory, and the MITRE tags are accurate.

Sigma 01 · ClickFix algorithmic-domain beacon

Detects the algorithmic domain-naming pattern observed in the 107-domain ClickFix campaign. The regex matches the alphanumeric license-key style of the indicators. Pair with command-interpreter launch within 30 seconds for the full kill chain.

title: ClickFix Algorithmic Domain Beacon
id: 9c4d1a2e-15e7-4b9f-bc11-d4a9f6c2e371
status: experimental
description: Detects browser navigation to domains that match the ClickFix algorithmic-naming pattern (alphanumeric strings 12-22 chars, mixed letters + digits, .com TLD) followed by command-interpreter launch within 30 seconds. Combines DNS, web-proxy, and process-create events.
references:
  - https://hackforlab.com/weekly-threat-advisory-june-15-21-2026/
author: HackForLab Threat Intelligence
date: 2026/06/22
tags:
  - attack.initial_access
  - attack.t1566
  - attack.execution
  - attack.t1204
  - attack.t1059
logsource:
  category: dns_query
detection:
  selection:
    QueryName|re: '^[a-z0-9]{4,12}-[a-z0-9]{8,14}\.com$'
  condition: selection
falsepositives:
  - Legitimate sites with short alphanumeric hostnames (rare; typically internal tools)
level: high

Sigma 02 · Multi-pivot ransomware operator subnet beacon

Detects outbound connections to the subnet anchors that hosted ransomware C2 this week. CIDR matches mean the rule survives individual host rotations — the operator can rotate IPs inside the block but cannot easily move the block.

title: Multi-Pivot Ransomware Operator Subnet Beacon
id: 1f3e8b4d-7c92-4f10-a8b3-9d2a1c4e8f6b
status: experimental
description: Detects outbound connections to known ransomware operator subnet anchors (e.g. 23.227.202.0/24, 144.172.94.0/24, 140.82.6.0/24). Triggers on first-seen pairing of internal host + external IP in the listed CIDR.
references:
  - https://hackforlab.com/weekly-threat-advisory-june-15-21-2026/
author: HackForLab Threat Intelligence
date: 2026/06/22
tags:
  - attack.command_and_control
  - attack.t1071
  - attack.impact
  - attack.t1486
logsource:
  category: network_connection
detection:
  selection:
    DestinationIp|cidr:
      - '23.227.202.0/24'
      - '144.172.94.0/24'
      - '140.82.6.0/24'
      - '128.140.55.0/24'
      - '107.21.138.0/24'
  filter:
    DestinationPort: [80, 443, 8080, 8443]
  condition: selection and filter
falsepositives:
  - Unlikely — these CIDRs have no documented business use
level: critical

Sigma 03 · Malicious code-editor plugin package install

Detects installation of any of the 15 typosquat AI-coding-helper packages confirmed malicious this week. The rule hooks the package-install event source; if your plugin marketplace exposes telemetry into your SIEM, this rule is a one-time install for permanent coverage.

title: Malicious Code-Editor Plugin Package Install
id: e7b9a3c2-8f15-4d6e-9c41-3b8e5d2f7a90
status: experimental
description: Detects installation or activation of code-editor plugins whose package identifier matches the typosquat AI-coding-helper pattern observed in this week's catalogue. Hooks the plugin-marketplace package-install event source.
references:
  - https://hackforlab.com/weekly-threat-advisory-june-15-21-2026/
author: HackForLab Threat Intelligence
date: 2026/06/22
tags:
  - attack.initial_access
  - attack.t1195
  - attack.t1195.001
logsource:
  category: application_install
  product: code_editor
detection:
  selection:
    PackageId:
      - 'com.coder.ai.dpt'
      - 'com.dev.ai.toolkit'
      - 'com.dp.git.ai.tool'
      - 'com.json.simple.kit'
      - 'com.json.view.simple'
      - 'com.my.code.tools'
      - 'com.my.git.ai.kit'
      - 'com.review.tool.code'
      - 'com.yy.test.ai.simple'
      - 'ord.cp.code.ai.kit'
      - 'org.bug.find.tools'
      - 'org.check.ai.ds'
      - 'org.code.assist.dev.tool'
      - 'org.sm.yms.toolkit'
  condition: selection
falsepositives:
  - None — all listed package IDs are confirmed malicious
level: critical

Sigma 04 · Suspect-publisher browser extension

Detects browser-extension installs by any of the 7 publisher email addresses tied to this week’s malicious-extension cluster, OR with the high-trust permission profile (cookies + tabs + webRequest) that the cluster’s extensions request. Either condition is a high-confidence signal; both conditions together are a critical-severity match.

title: Browser Extension With High-Trust Permissions From Suspect Publisher
id: 3a5f9e1b-6c87-4e30-a7d2-9f4b1e8c3d52
status: experimental
description: Detects browser-extension installations where the extension requests cookies / tabs / webRequest permissions AND the publisher email or extension-distribution domain matches the malicious-extension cluster observed this week.
references:
  - https://hackforlab.com/weekly-threat-advisory-june-15-21-2026/
author: HackForLab Threat Intelligence
date: 2026/06/22
tags:
  - attack.persistence
  - attack.t1176
  - attack.credential_access
  - attack.t1539
logsource:
  category: extension_install
  product: browser
detection:
  publisher_email:
    PublisherEmail:
      - '[email protected]'
      - '[email protected]'
      - '[email protected]'
      - '[email protected]'
      - '[email protected]'
      - '[email protected]'
      - '[email protected]'
  high_trust_perms:
    PermissionsRequested|contains:
      - 'cookies'
      - 'tabs'
      - 'webRequest'
  condition: publisher_email or high_trust_perms
falsepositives:
  - Legitimate cookie-aware extensions from verified publishers (verify publisher reputation independently)
level: high

11 · Hunt queries — SIEM-agnostic pseudo-syntax

Translate each query into your platform’s query language (KQL, SPL, ESQL, OpenSearch DSL). The selectors and filters are the operational logic; the syntax is interchangeable.

Hunt 01 · First-seen contact with ransomware subnet anchors

// Pseudo-query
FROM network_flows
WHERE dest_ip IN ('23.227.202.0/24', '144.172.94.0/24', '140.82.6.0/24', '128.140.55.0/24')
  AND first_seen_pair(src_ip, dest_ip) WITHIN 7d
  AND dest_port IN (80, 443, 8080, 8443)
| AGGREGATE BY src_ip, dest_subnet
| SORT BY flow_count DESC
| LIMIT 100

This hunt surfaces every internal host that contacted a ransomware operator subnet anchor for the first time in the last seven days. New first-seen pairings are the highest-fidelity signal — recurring connections are likely already in your alert lane.

Hunt 02 · ClickFix DGA pattern + command interpreter

// Pseudo-query
FROM (
  FROM dns_queries
  WHERE query_name MATCHES regex '^[a-z0-9]{4,12}-[a-z0-9]{8,14}\.com$'
  | PROJECT src_host, query_name, query_time
) AS dns
JOIN process_creates AS proc
  ON dns.src_host = proc.host_name
WHERE proc.process_name IN ('powershell.exe', 'cmd.exe', 'wscript.exe', 'cscript.exe', 'mshta.exe')
  AND proc.create_time BETWEEN dns.query_time AND dns.query_time + 30s
| PROJECT dns.src_host, dns.query_name, proc.process_name, proc.command_line

This hunt detects the ClickFix technique end-to-end: algorithmic domain query followed by command-interpreter launch on the same host within 30 seconds. The 30-second window is tighter than the typical adversary execution latency.

Hunt 03 · Browser extension cookie-access spike

// Pseudo-query
FROM browser_events
WHERE event_type = 'extension_cookie_access'
  AND extension_id NOT IN (allowlisted_extension_ids)
| AGGREGATE BY extension_id, src_host
  COUNT(cookie_reads) AS reads_24h
  COUNT(DISTINCT domain) AS domains_touched
WHERE reads_24h > 50 OR domains_touched > 10
| SORT BY reads_24h DESC

This hunt surfaces browser extensions that are reading cookies aggressively — the behavioural signature of session-cookie theft. The thresholds are starting points; tune against your environment’s baseline.

Hunt 04 · CI build agent outbound to unknown package registries

// Pseudo-query
FROM network_flows
WHERE src_host IN (ci_build_agent_pool)
  AND dest_port IN (443, 80)
  AND dest_domain NOT IN (allowlisted_package_registries)
| AGGREGATE BY src_host, dest_domain
  COUNT(*) AS flows
  MIN(flow_time) AS first_seen
WHERE flows > 5
| SORT BY first_seen DESC

This hunt surfaces CI build agents pulling from package registries that aren’t on the organisation’s allowlist — the highest-leverage detection for supply-chain compromise. If a build agent ever talks to a registry you haven’t explicitly approved, that’s the signal.

12 · How to operationalise this advisory in one hour

The advisory is only useful if Monday morning produces concrete defensive actions. Here is a one-hour operating routine for SOC, hunt, and detection-engineering teams.

Minute 00 – 15 · Block + sinkhole

• Add subnet blocks at the perimeter for the eight /24 anchors in Section 08. Cost: zero. Operational risk: none.
• Sinkhole or DNS-deny the 15 ClickFix domains and 19 claude.ai-share redirector domains. If your resolver supports response-policy zones, this is a five-minute change.
• Push the 15 Top hashes to the endpoint scan lane as a one-shot detection rule with quarantine action.

Minute 15 – 30 · Detection content deployment

• Deploy the four Sigma rules from Section 10 into your detection-content pipeline. The two CIDR-based rules will fire immediately on any existing connections; the two install-event rules will fire on next install attempt.
• Tune the falsepositive filter against your organisation’s allowlisted extensions and CI build agents.

Minute 30 – 45 · Retrospective hunt

• Run Hunt 01 (subnet anchor first-seen) across the last 30 days of network flows. Any historical match is an in-progress incident, not a past one.
• Run Hunt 04 (CI agent outbound) against the last 7 days of build agent traffic. Any flow to a non-allowlisted package registry is a candidate supply-chain compromise.

Minute 45 – 60 · Awareness + policy

• Brief developers on the malicious-plugin package IDs and the typosquat patterns. Awareness is the only defence against social-engineering installation flows.
• Update the extension-installation policy to require publisher-identity verification for any extension requesting cookies + tabs + webRequest permissions.
• Verify the marketing-tool integration on production web pages — the marketing-platform compromise this week loaded payloads via a typosquat CDN. Re-pin your delivery URLs.

13 · Frequently asked questions