Title: State-Sponsored Threats & Supply Chain Worms: WARP PANDA, React2Shell, and Shai-Hulud 2.0

Show Notes

This week, we dive deep into the sophisticated China-nexus threat WARP PANDA, which is relentlessly exploiting VMware vCenter environments with the BRICKSTORM malware, alongside urgent warnings about the actively exploited React2Shell vulnerability. We also analyze the destructive Shai-Hulud 2.0 supply chain attack that compromised thousands of repositories and review the latest defensive strategies unveiled at AWS re:Invent 2025.

Transcript

Mike Housch: Welcome back to Cyber Scoops & Digital Shenanigans. I’m your host, Mike Housch, bringing you the latest digital mayhem and crucial security updates you need to know about. We’ve got a massive show today, focusing heavily on nation-state activity, supply chain fallout, and critical vulnerabilities being exploited right now. This is not the week to skip patching, folks.

(0:45) Segment 1: The Rise of WARP PANDA and BRICKSTORM

Mike Housch: Let’s start with a major escalation in cloud-based cyberattacks, as detailed by CrowdStrike security researchers who identified and tracked a new sophisticated threat actor known as WARP PANDA. This China-nexus group is targeting critical infrastructure across the United States, specifically infiltrating VMware vCenter environments at legal, technology, and manufacturing organizations.

The evidence suggests some of these intrusions date back to late 2023. WARP PANDA demonstrates an advanced knowledge of cloud infrastructure and virtual machine environments, which allows them to move seamlessly through complex network topologies. They typically start by hitting internet-facing edge devices before pivoting to vCenter, exploiting known vulnerabilities or using compromised credentials.

Now, let's talk about their toolkit. WARP PANDA deploys three distinct tools: BRICKSTORM malware, JSP web shells, and two previously unknown implants named Junction and GuestConduit. BRICKSTORM is their primary backdoor, written in Golang and often masquerading as legitimate vCenter processes like updatermgr or vami-http.

This malware is incredibly stealthy. It communicates with command-and-control servers using WebSocket connections encrypted with TLS and employs sophisticated obfuscation. It also utilizes DNS-over-HTTPS for domain resolution and leverages public cloud services like Cloudflare Workers and Heroku for infrastructure hosting. In fact, CISA and the NSA have recently alerted on BRICKSTORM malware targeting VMware ESXi and Windows systems.

WARP PANDA’s persistence tactics are equally advanced. They use SSH and the privileged vpxuser account for lateral movement, utilize log clearing and file timestomping to cover their tracks, and even create unregistered malicious virtual machines that are shut down after use. The Junction implant listens on port 8090 to communicate with guest VMs through VM sockets, while GuestConduit facilitates network traffic tunneling within those virtual machines.

They aren't shy about leveraging known flaws either. The vulnerabilities exploited include critical issues in Ivanti Connect Secure VPN (CVE-2024-21887, CVE-2023-46805), VMware vCenter (CVE-2024-38812, CVE-2023-34048, CVE-2021-22005), and F5 BIG-IP devices (CVE-2023-46747). If you run any of these components, you need to ensure these patches are deployed yesterday.

(5:00) Segment 2: Supply Chain Security Under Attack

Mike Housch: Moving away from infrastructure and into the development pipeline, we have two major supply chain attack campaigns to discuss.

First, the Shai-Hulud 2.0 Cyberattack. This is being called one of the most persistent and destructive malware campaigns targeting the developer ecosystem, active since at least November 24, 2025. The attack’s scope is staggering: over 30,000 repositories were compromised, and Wiz researchers recovered approximately 24,000 unique environment.json files containing critical system and credential information.

Most alarmingly, over 500 GitHub usernames and tokens were exfiltrated. What makes Shai-Hulud 2.0 persistent is its ability to search for previously compromised accounts and use stolen credentials to upload repositories containing data from new victims, creating a cascading compromise effect.

While primarily leveraging the npm ecosystem through malicious packages like @postman/tunnel-agent and @asyncapi/specs, the malware also infected the AsyncAPI IDE extension, exposing an OpenVSX API key. Analysis shows that roughly 60 percent of the leaked npm tokens remain valid, representing an immediate, active threat vector for downstream attacks. This attack underscores the critical need for hardening GitHub Actions configurations and implementing comprehensive secret management.

Next up, we have the deceptive Evm-Units malicious Rust crate. Published by the author ‘ablerust,’ this package masqueraded as a standard utility for verifying Ethereum Virtual Machine (EVM) versions, accumulating thousands of downloads before removal.

Here’s the trick: the function get_evm_version() wasn't just returning a version number; it was decoding a Base64 string to retrieve a remote command-and-control URL. The attack was amplified because a secondary package, uniswap-utils, depended on evm-units, automatically invoking the malicious code during initialization.

The malware customized its execution based on the victim’s operating system using specific User-Agent headers like linux, darwin, or win32. On Windows, it demonstrates remarkable anti-detection logic by scanning for the Chinese antivirus Qihoo 360 (qhsafetray.exe). If the antivirus is present, it executes PowerShell with suppressed creation flags; if absent, it constructs a VBScript to launch a hidden PowerShell instance. This targeted approach suggests the threat actors are aiming to harvest cryptocurrency credentials, possibly from users in Asian markets. They even use self-signed certificates to bypass standard network security validation.

(10:30) Segment 3: The Vulnerability Patching Crisis

Mike Housch: Now, for the weekly vulnerability speed round. Patches are out, but active exploitation is high.

First, the critical React2Shell vulnerability, CVE-2025-55182, allows unauthenticated remote code execution on affected servers using specially crafted HTTP requests. This is a huge deal, as React powers millions of websites, and cloud security experts estimate 39% of cloud environments contain vulnerable React instances.

AWS reported that within hours of public disclosure, China-linked threat groups, specifically Earth Lamia and Jackpot Panda, started exploitation attempts. While some threat actors were struggling with fake Proof-of-Concept exploits, AWS observed others systematically troubleshooting and refining their exploitation techniques against live targets. This indicates active, dedicated attackers are trying to monetize this flaw fast. You must patch React version 19, specifically instances that use a new server feature.

Next, the WordPress ecosystem is under siege. Threat actors are actively exploiting a critical-severity privilege escalation flaw (CVE-2025-8489, CVSS 9.8) in the King Addons for Elementor plugin. This bug allows unauthenticated attackers to grant themselves administrator privileges, leading to full site compromise. Exploitation attempts have been seen since late October 2025, with mass exploitation ramping up in November. Thousands of websites are still running a vulnerable version, and users need to update to version 51.1.35 or newer immediately.

On the endpoint front, Google promoted Chrome 143 to the stable channel, patching 13 vulnerabilities, including four high-severity flaws. This includes a type confusion issue in the V8 JavaScript engine (CVE-2025-13630) and inappropriate implementation bugs in Google Updater and DevTools. While not currently exploited in the wild according to Google, Chrome vulnerabilities are popular targets, so update your browsers now.

Finally, a quick note on system privilege elevation: A serious flaw was found in K7 Ultimate Security antivirus. This vulnerability allows low-privileged users to achieve SYSTEM-level access by abusing named pipes with overly permissive access control lists. Researchers demonstrated how to bypass multiple patches issued by K7, relying on the use of unsigned or relocated signed binaries to evade protection hooks and gain privileges.

(14:00) Segment 4: Advanced Phishing and Ransomware Infrastructure

Mike Housch: Let’s switch gears to how initial access is being gained in the enterprise, starting with a frighteningly effective phishing campaign.

A long-running phishing operation is abusing Calendly-branded job invitations to compromise Google Workspace and Facebook Business accounts. This campaign is highly targeted, often impersonating recruiters at major brands like LVMH, Lego, Mastercard, and Uber. The goal is to seize control of accounts used to manage digital advertising.

The attacks use a multi-stage choreography: victims are first lured into a back-and-forth conversation, and only then is the malicious link delivered, disguised as a Calendly-style link to "book time for a call".

The attackers utilize sophisticated techniques like Attacker-in-the-Middle (AiTM) and Browser-in-the-Browser (BITB). The BITB pop-up masks the actual phishing server behind a fake, attacker-controlled URL bar, making it much harder for users to spot the deceit. They also employ conditional loading and domain-based checks, ensuring only the intended organization’s email domains can proceed, thus blocking security analysts and automated scanners. Compromised ad management accounts are incredibly valuable, allowing criminals to run malvertising campaigns or sell footholds to other groups.

On the ransomware side, threat actors are heavily abusing the Matanbuchus malicious downloader. Matanbuchus is a C++ downloader/backdoor offered as Malware-as-a-Service (MaaS) and is now a key enabler for hands-on-keyboard ransomware operations.

Version 3.0, observed in July 2025, is highly advanced, using the ChaCha20 stream cipher to encrypt strings, dynamic API resolution via MurmurHash, and interspersed junk instructions to frustrate analysis. It establishes persistence via a scheduled task named “Update Tracker Task” and is used to deploy major secondary payloads, including the Rhadamanthys information stealer and the NetSupport RAT. Matanbuchus significantly lowers the barrier for conducting complex intrusion and extortion operations.

(17:30) Segment 5: CISO Corner and Strategic Takeaways

Mike Housch: Finally, let’s wrap up with some positive news coming out of AWS re:Invent 2025 and some strategic takeaways for our security leaders.

AWS announced several major product enhancements, focusing on security posture and incident response. This includes the preview of the AWS Security Agent, which is designed to proactively secure applications by conducting automated security reviews and context-aware penetration testing throughout the development process. They also announced the general availability of AWS Security Hub, providing a central panel to view, aggregate, and prioritize security risks.

Key vendor announcements also centered on agentic AI capabilities. ZEST Security is introducing AI-driven features to automatically reduce over 90% of vulnerabilities, while Skyhawk Security added agentic AI red teaming capabilities to check if a customer’s security stack—SIEM, EDR, WAF—can actually catch imminent threats.

If we look across the landscape this week, three themes dominate:

1. Supply Chain and Developers are Primary Targets: The Shai-Hulud 2.0 and Evm-Units attacks prove that compromised developer tools and accounts are being weaponized for cascading compromises. Secure code review is a critical security practice.
2. Virtualized Environments are High-Value Targets: WARP PANDA’s focus on VMware vCenter environments reinforces the need to prioritize hypervisor security and review best practices for virtualized environments.
3. Phishing Sophistication is Outpacing Detection: The Calendly AiTM/BITB campaign shows that threat actors are actively debugging and refining their exploitation techniques, even using domain checks to evade scanners. We need better behavioral detection (TTP-based defenses) that can recognize activity patterns like privilege escalation and lateral movement, often ahead of encryption.

Mike Housch: That’s all the scoops and shenanigans we have time for this week. Stay safe out there, stay patched, and never trust a link promising a job interview with Lego.