Project Compass, AI-Augmented Pipelines, and the Air-Gap Jumpers

This week, the Dragon News Bytes team dives into a major international crackdown on "The Com," a decentralized cybercrime network. They also break down how AI is being used as a force multiplier for automated exploitation, a series of critical vulnerabilities in edge networking gear, and sophisticated new tactics from North Korean threat actors targeting air-gapped systems.

Topics & References: 

Part 1: Law Enforcement Strikes Back with Project Compass: Europol led a year-long operation against "The Com" (also known as Scattered Spider or 764), resulting in 30 arrests and the identification of nearly 200 suspects across 28 countries.

• Victim Safeguarding: Beyond arrests, the operation prioritized safeguarding victims—many of whom are minors—from the group’s brutal tactics of sextortion, harassment, and physical violence.

Part 2: The Edge Under Fire and AI-Augmented Pipelines: Amazon’s threat intelligence team recently detailed a Russian-speaking actor using commercial GenAI to automate a mass-exploitation pipeline targeting FortiGate. This targeting comes as multiple edge devices are suffering vulnerabilities: 

• Cisco Catalyst SD-WAN: A critical zero-day (CVE-2026-20127) was revealed to have been exploited in the wild for over three years, allowing attackers to establish rogue peers and maintain long-term persistence.
• Juniper PTX Series: A 9.8 CVSS vulnerability in Junos OS Evolved’s anomaly detection framework has emerged, potentially allowing unauthenticated root-level takeover of core ISP routers.

Part 3: Advanced Persistent Threats (APTs), Ruby Jumper Campaign: North Korean group APT37 (ScarCruft) has introduced a new toolkit, including the "FootWine" and "ThumbSBD" implants, specifically designed to bridge air-gapped networks via infected USB drives.

• Dohdoor & UAT-10027: Cisco Talos identified a new campaign targeting U.S. healthcare and education sectors using a novel DNS-over-HTTPS (DoH) backdoor to evade traditional detection.

Events & Community:

• FS-ISAC Spring Summit (Orlando): March 1–4 presentations on the latest fintech threats and CLOP ransomware.
  
  • 🔗 to register: https://www.fsisac.com/events/2026-americas-spring
• NCAA March Madness Watch Party:  March 27th in Atlanta
  
  • 🔗 to register: https://go.team-cymru.com/march-madness-atlanta-2026
• RISE Ireland (Dublin): April 14–15 at Stripe Dublin. 
  
  • 🔗 to register: https://go.team-cymru.com/rise-ireland
• RISEx Frankfurt: May 28th - Registrations will open March 6th

Connect with Us:

• Follow us on LinkedIn: https://www.linkedin.com/company/team-cymru
• Subscribe to the Dragon News Bytes feed: https://www.team-cymru.com/dnb