Cyber Security News

Hacking Editorial Brief – April 8, 2026

State-Sponsored Threat Groups Target Critical Infrastructure and Supply Chains

Iranian-affiliated APT actors are actively targeting internet-facing operational technology devices across U.S. critical infrastructure, including government facilities, water systems, and energy infrastructure. The campaign focuses on exploiting programmable logic controllers (PLCs), according to a CISA advisory. Separately, Russian military intelligence unit APT28 (Fancy Bear/Forest Blizzard) has compromised hundreds of small office/home office routers worldwide—primarily insecure MikroTik and TP-Link devices—to conduct DNS hijacking and man-in-the-middle attacks aimed at stealing Microsoft Outlook credentials from military and government targets. The FBI's Boston office led a national disruption operation against the Russian router compromise campaign, which affected devices across the United States.

North Korean state-sponsored group UNC1069 successfully compromised the Axios NPM package through sophisticated social engineering targeting the maintainer's account. The attackers distributed malicious packages containing a remote access Trojan to millions of downloads, representing a significant supply chain attack against the JavaScript ecosystem. The incident underscores the continued evolution of North Korean cyber operations targeting software supply chains. Additionally, a major data breach affecting the Los Angeles city attorney's office exposed 7.7 terabytes of sensitive LAPD records, including officer personnel files and internal affairs documents. Separately, a new Access Now report documents a cross-border hack-for-hire campaign targeting Egyptian journalists, while cybersecurity researchers have identified Telegram-based marketplaces where thousands of users purchase surveillance and hacking tools for domestic harassment.

Sources: CISA · Dark Reading · POLITICO · Microsoft Security · Boston Globe · Los Angeles Times · Access Now