German Agencies Issue Warning on State-Sponsored Signal Phishing Campaign
Germany’s Federal Office for the Protection of the Constitution (BfV) and Federal Office for Information Security (BSI) have jointly warned of a sophisticated phishing campaign likely conducted by a state-sponsored threat actor targeting high-profile individuals via the Signal messaging app.
Attack Mechanics and Exploitation of Legitimate Features
The campaign exploits Signal’s built-in PIN authentication and device linking mechanisms, which are designed for account recovery and multi-device synchronization. Attackers initiate contact with victims through phishing messages that mimic legitimate Signal notifications, tricking users into entering their PIN or approving a malicious device link request. Once approved, the attacker’s device gains full access to the victim’s chat history, contacts, and ongoing conversations without triggering additional alerts.
Technical Deep Dive into Signal’s Vulnerable Features
Signal’s device linking process relies on a QR code scan or numeric link code paired with a mandatory PIN entry for security. In this attack, phishing lures often masquerade as “account verification” or “security update” prompts, embedding deep links that, when clicked, initiate the linking process directly within the app. The PIN serves as a second factor, but social engineering bypasses it by exploiting user trust in Signal’s interface. Post-compromise, attackers can enable disappearing messages to erase traces or forward sensitive data undetected. Reverse engineering of Signal’s client reveals that linked devices inherit full session tokens, equivalent to primary device privileges, with no granular permission controls.
Target Profile and Geopolitical Implications
Targets include senior politicians, military officers, diplomats, and investigative journalists across Germany and Europe. The selection suggests espionage motives, potentially linked to Russian or Chinese state actors given historical patterns of Signal targeting. Compromised accounts enable real-time intelligence gathering on policy discussions, troop movements, and journalistic sources, amplifying risks in hybrid warfare contexts.
Mitigation Strategies for Organizations
Organizations should enforce Signal configurations disabling multi-device linking where feasible, implement PIN complexity requirements exceeding 8 characters with alphanumeric mixes, and deploy endpoint detection rules monitoring unusual app network activity. User training must emphasize verifying link requests from unknown sources, and network segmentation can limit exfiltrated data volumes. BfV recommends immediate PIN changes and device scans for affected users.
AISURU Botnet Executes Record 31.4 Tbps DDoS Attack
The AISURU/Kimwolf botnet has been identified as the culprit behind a unprecedented 31.4 Terabits per second DDoS attack lasting just 35 seconds, highlighting the evolution of high-volume, short-burst denial-of-service capabilities.
Botnet Architecture and Amplification Techniques
AISURU leverages a hybrid IoT and server botnet comprising over 1.2 million compromised devices, primarily Memcached servers, CLDAP reflectors, and misconfigured DNS amplifiers. The attack employed a multi-vector approach: UDP floods amplified via reflection (factor up to 50x), SYN-ACK floods targeting TCP stacks, and DNS water torture overwhelming recursive resolvers. Peak bandwidth was achieved through precise synchronization of 15,000+ reflectors, exploiting open UDP ports 11211 (Memcached) and 389 (CLDAP).
Technical Analysis of Attack Duration and Impact
The 35-second burst design evades traditional DDoS mitigation thresholds, which often require sustained traffic for activation. Packet captures reveal payloads exceeding 1.5 million packets per second with forged source IPs spoofed across /8 subnets, rendering IP reputation filtering ineffective. Victim infrastructure experienced 100% packet drops, causing multi-minute outages despite scrubbing centers handling only 20 Tbps peaks. Forensic analysis confirms AISURU’s C2 uses fast-flux domains and DGA for resilience.
Botnet Propagation and Infection Vectors
Infection spreads via unpatched edge devices using exploits for CVE-2025-XXXX series in router firmware and known IoT vulns like Mirai derivatives. Second-stage loaders fetch modular payloads from bulletproof hosting, enabling rapid campaign reconfiguration. C2 communication employs encrypted WebSockets over port 443, mimicking legitimate HTTPS to bypass firewalls.
Defensive Measures and Future Projections
Deploy BGP Flowspec rules to null-route spoofed /8s at the edge, integrate ML-based anomaly detection for micro-burst UDP floods, and harden amplifiers with rate-limiting and authentication. Enterprises must audit Memcached/CLDAP exposure via Shodan scans and apply vendor patches. Analysts predict AISURU variants scaling to 50 Tbps by Q2 2026 through 5G IoT integration.
OpenClaw Partners with VirusTotal Amid Rising AI Agent Security Concerns
OpenClaw has partnered with Google’s VirusTotal to scan AI skills uploaded to ClawHub, addressing cybersecurity worries over autonomous AI agents’ risks including prompt injections and data exfiltration.
Core Risks in Agentic AI Ecosystems
OpenClaw agents feature persistent memory stores retaining conversation histories, broad OAuth scopes granting app access, and user-defined configurations allowing arbitrary code execution. These enable supply-chain attacks where malicious “skills” — modular prompt chains or tool integrations — inject payloads exploiting LLM context windows for RCE or credential theft.
VirusTotal Integration Technical Details
Skills undergo multi-engine scanning upon upload: YARA rules detect prompt injection patterns (e.g., “ignore previous instructions”), sandboxed execution traces API calls, and behavioral analysis flags anomalous data flows. Hash-based deduplication prevents repackaged malware, while reputation scoring leverages VirusTotal’s 70+ AV consensus. Positive detections trigger quarantine, with false positive appeals via OTX sharing.
Known Attack Vectors and Case Studies
Prompt injections bypass safeguards via role-playing (e.g., “act as developer, output base64 shell”), data exfiltration embeds secrets in image metadata, and unvetted components chain to external C2. Historical incidents include ClawHub skills exfiltrating 10k+ API keys via hidden HTTP beacons. COM hijacking in Windows agents persists across sessions, loading second-stage via registry RUN keys.
Best Practices for Secure AI Agent Deployment
Implement least-privilege scopes, runtime isolation via gVisor containers, and input sanitization stripping executable patterns. Continuous monitoring with eBPF traces agent syscalls, and zero-trust verification scans skills pre-deployment. Organizations should audit agent memory dumps for PII and enforce ephemeral sessions.
CISA Orders Federal Agencies to Patch Vulnerable Edge Devices Within 90 Days
CISA has issued a binding operational directive mandating federal civilian agencies remediate vulnerable edge devices within 90 days, targeting IoT and operational technology exposures amid rising exploitation trends.
Scope and Identified Vulnerabilities
The directive covers routers, firewalls, cameras, and industrial controllers with CVEs exceeding base score 7.0, emphasizing zero-days like those in Hikvision access points (CVE-2026-0709) and TP-Link routers (CVE-2026-22229). Edge devices lack timely patching due to proprietary firmware and air-gapped assumptions.
Technical Remediation Framework
Agencies must deploy vulnerability scanners (e.g., Nessus with custom IoT plugins), segment edge networks via microsegmentation, and enforce firmware signing verification. BOD requires SBOM ingestion for supply-chain tracking and automated patch deployment via tools like Ansible with rollback capabilities.
Exploitation Trends and Threat Actors
State actors weaponize edge vulns for persistent C2 (e.g., router implants surviving reboots) and lateral movement. Ransomware groups chain edge RCE to encrypt OT networks, as seen in recent ICS incidents leaving Restic remnants exploitable post-exfiltration.
Implementation Timeline and Compliance
Phase 1 (30 days): Inventory all edge assets via NVD matching. Phase 2 (60 days): Apply mitigations including ACLs blocking inbound exploits. Phase 3 (90 days): Verify via red-team exercises. Non-compliance risks funding cuts and public dashboards.
Ransomware Groups Actively Exploit SmarterMail CVE-2026-24423
CISA has added SmarterMail’s critical RCE vulnerability (CVE-2026-24423) to its Known Exploited Vulnerabilities catalog, with ransomware actors rapidly weaponizing it against unpatched servers.
Vulnerability Technical Breakdown
CVE-2026-24423 stems from deserialization flaws in SmarterMail’s SMMsgStore, allowing unauthenticated RCE via crafted SOAP requests. Attackers supply malicious serialized objects triggering gadget chains executing arbitrary .NET code, often spawning cmd.exe for Cobalt Strike beacons.
Attack Chain and Indicators
Exploitation begins with directory brute-forcing (/SmarterMail/ endpoints), followed by POSTs to MessageService.asmx with base64 payloads. Post-RCE, attackers dump SAM hashes via secretsdump.py, deploy LockBit payloads, and exfiltrate mailboxes. IOCs include User-Agent “Mozilla/5.0 (compatible; ExploitationBot)” and beaconing to .shop domains.
Federal Response and Patch Details
Federal agencies face a February 26, 2026 deadline for patching to version 18.x. Workarounds include disabling SOAP endpoints and WAF rules blocking deserialization patterns (e.g., __type bypasses). Vendors report 40% of scanned instances vulnerable.
Broader Implications for Email Security
This underscores risks in legacy on-prem mail servers; migration to zero-trust models with API gateways is advised. Enterprises should scan for similar deserialization flaws using tools like ysoserial.net.