Saas — CraftedSignal Threat Feed

SaaS Notification Pipeline Phishing and Medusa Ransomware Exploitation

hello@craftedsignal.io — Thu, 09 Apr 2026 18:00:20 +0000

This threat brief highlights two significant attack vectors observed by Cisco Talos. First, threat actors are exploiting legitimate SaaS notification pipelines (e.g., GitHub, Jira) to deliver phishing and spam, bypassing traditional email security measures by using a “Platform-as-a-Proxy” (PaaP) technique. This abuses the implicit trust placed in system-generated notifications from trusted enterprise tools, primarily targeting credential harvesting. Second, the Storm-1175 group is actively deploying Medusa ransomware, rapidly exploiting n-day vulnerabilities, including CVE-2026-1731, a critical remote code execution flaw in BeyondTrust Remote Support and older versions of BeyondTrust Privileged Remote Access. Defenders must adapt to these evolving tactics, as they bypass standard perimeter defenses and require more nuanced detection strategies.

Attack Chain

Attacker compromises a legitimate SaaS account (e.g., GitHub, Jira) or creates a malicious project.
Attacker configures the SaaS platform to send notifications (e.g., project updates, issue assignments).
The SaaS platform generates an email notification, appearing to originate from a trusted source.
The email bypasses traditional email security checks (SPF, DKIM, DMARC) due to its legitimate source.
The email contains a malicious link or attachment designed to harvest credentials or deliver malware.
The user clicks the link, leading to a phishing page or malware download.
If the user enters credentials, the attacker gains access to their account.
The attacker uses the compromised account for further malicious activities or lateral movement.

Impact

Successful exploitation of SaaS notification pipelines can lead to widespread credential compromise, potentially affecting numerous users within an organization. The “automation fatigue” associated with these notifications increases the likelihood of users falling victim to phishing attacks. Regarding Medusa ransomware, organizations face data encryption, system downtime, and potential financial losses from ransom demands, as Storm-1175 rapidly exploits vulnerabilities like CVE-2026-1731. The impact includes significant disruption to business operations and potential data breaches.

Recommendation

Ingest SaaS API logs into your SIEM to detect anomalous activities, such as suspicious project creation or mass invitations (see Overview).
Implement instance-level verification and cross-reference notifications against internal SaaS directories to detect PaaP attacks (see Overview).
Apply semantic intent analysis to identify notifications that deviate from a platform’s established functional baseline (see Overview).
Patch CVE-2026-1731 on all BeyondTrust Remote Support instances immediately to prevent Medusa ransomware deployment (see Overview).
Deploy the Sigma rule to detect Coinminer malware via SHA256 hash (see Rules).
Monitor network connections for VID001.exe to identify potential Coinminer infections (see IOCs).

CrowdStrike Innovations Secure AI Agents and Govern Shadow AI

hello@craftedsignal.io — Sat, 28 Mar 2026 21:52:45 +0000

CrowdStrike is addressing the emerging threat landscape created by the rapid adoption of AI tools and agents within organizations. The increasing use of personal AI agents, particularly on developer machines, introduces new attack vectors such as “living off the AI land” (LOTAIL) exploits, indirect prompt injection, and agentic tool chain attacks. The rise of shadow AI, where employees adopt AI tools without oversight, exacerbates the issue. CrowdStrike’s new innovations extend AI Detection and Response (AIDR) capabilities to cover desktop AI applications (ChatGPT, Gemini, Claude, DeepSeek, Microsoft Copilot, O365 Copilot, GitHub Copilot, and Cursor) and expand platform capabilities to secure AI workforce adoption and development across endpoints, SaaS environments, and cloud environments. Falcon AIDR will leverage the Falcon sensor to enable deployment of the Falcon AIDR browser extension from the Falcon console and obtain desktop application telemetry via the sensor’s container network interface capability.

Attack Chain

Initial Access (via AI Agent): An attacker gains initial access by compromising an AI agent running on an endpoint, potentially through prompt injection or other vulnerabilities in the agent’s design.
Privilege Escalation: The attacker leverages the compromised AI agent’s existing system permissions, which may be elevated, to gain further access to the system. AI agents often have high privileges to execute terminal commands, browse the web, and interact with files.
Living off the AI Land (LOTAIL): The attacker uses the compromised AI agent to perform malicious actions that appear as legitimate user behavior, such as executing terminal commands, browsing websites, or interacting with files.
Lateral Movement: The attacker utilizes the AI agent’s network connectivity to discover and access other systems within the network, including LLM runtimes, MCP servers, and IDE extensions.
Data Exfiltration: The attacker uses the AI agent to exfiltrate sensitive data from the compromised systems, such as source code, credentials, or other confidential information.
Supply Chain Compromise: The attacker uses access to development environments via compromised AI tools to introduce malicious code into the software supply chain.
Policy Violation: The attacker manipulates the AI agent to violate content policies or access control rules, potentially leading to unauthorized access to sensitive data or systems.

Impact

Successful attacks targeting AI agents and shadow AI can lead to significant data breaches, intellectual property theft, and supply chain compromises. The lack of visibility and governance over AI deployments creates a growing attack surface that traditional security controls are ill-equipped to handle. Compromised AI agents can be used to perform a wide range of malicious activities, including data exfiltration, lateral movement, and the introduction of malicious code into the software supply chain. The impact can range from financial losses and reputational damage to the compromise of critical infrastructure and sensitive government systems.

Recommendation

Deploy the Sigma rule “AI Desktop Application Usage Detected” to identify and monitor the use of AI desktop applications such as ChatGPT, Gemini, and others within your environment. This rule uses process_creation logs to detect the execution of these applications (see rule below).
Enable and configure AI Discovery in CrowdStrike Falcon Exposure Management to gain visibility into AI-related components running across endpoints, including AI apps, LLM runtimes, MCP servers, and IDE extensions. This leverages Falcon for IT telemetry as described in the overview.
Implement Falcon AIDR policies to monitor and protect agents built in Microsoft Copilot Studio against prompt injection attacks, data leaks, and policy violations.
Review and update access control policies for AI agents to minimize the potential impact of a compromise, focusing on the principle of least privilege.

M-Trends 2026: Evolving Threat Landscape

hello@craftedsignal.io — Wed, 25 Mar 2026 10:45:30 +0000

The Mandiant M-Trends 2026 report analyzes over 500,000 hours of incident investigations, revealing significant shifts in the cyber threat landscape. Cybercriminal groups are optimizing for immediate impact and recovery denial, while cyber espionage groups and insider threats prioritize extreme persistence, leveraging unmonitored edge devices and native network functionalities to evade detection. Voice phishing has surged, replacing email as a primary initial access vector, particularly targeting SaaS environments. The time between initial access and the hand-off to secondary actors deploying ransomware has collapsed dramatically. Targeted industries include the high-tech sector (17%) and the financial sector (14.6%). Ransomware groups are now actively targeting backup infrastructure, identity services, and virtualization management planes to ensure recovery is impossible without paying a ransom. Espionage groups are exploiting zero-day vulnerabilities in edge devices for long-term persistence.

Attack Chain

Initial Access: Attackers use voice phishing (vishing) to target IT help desks, bypassing MFA and gaining initial access to SaaS environments. Malicious advertisements or the ClickFix social engineering technique are also used to gain a foothold.
Privilege Escalation: Exploitation of misconfigured Active Directory Certificate Services templates to create admin accounts that bypass password rotation.
Credential Access: Harvesting long-lived OAuth tokens and session cookies to bypass standard defenses. Stealing hard-coded keys and personal access tokens from compromised third-party SaaS vendors. Leveraging native packet-capturing functionality on network appliances to intercept sensitive data and plaintext credentials.
Lateral Movement: Using stolen credentials and tokens to pivot into downstream customer environments. Exploiting the “Tier-0” nature of hypervisors to bypass guest-level defenses.
Defense Evasion: Deploying custom, in-memory malware like BRICKSTORM directly onto network appliances to establish deep persistence that survives standard remediation efforts. Targeting edge and core network devices lacking EDR telemetry.
Impact: Encrypting hypervisor datastores to render all associated virtual machines inoperable simultaneously. Deleting backup objects from cloud storage.
Exfiltration: Large-scale data theft from SaaS environments.

Impact

M-Trends 2026 highlights that ransomware groups are actively destroying the ability to recover data, impacting organizations across more than 16 industry verticals. The high-tech and financial sectors are particularly targeted. The collapse of the hand-off window from hours to seconds means organizations have less time to respond to initial intrusions before ransomware is deployed. The increasing dwell time of threats like BRICKSTORM, reaching nearly 400 days, leaves organizations blind to the full scope of the intrusion due to standard log retention policies.

Recommendation

Deploy the Sigma rule for detecting PowerShell commands from uncommon locations to identify potential malicious activity related to post-compromise actions (reference: Sigma rule “Detect PowerShell from Uncommon Location”).
Implement network monitoring on edge devices and VPNs to detect unauthorized packet capturing and credential interception attempts (reference: overview section about edge devices).
Review and harden Active Directory Certificate Services configurations to prevent the exploitation of misconfigured templates (reference: attack chain step 2).
Monitor for modifications to cloud storage backup objects, especially deletion attempts, to detect ransomware groups attempting to destroy recovery capabilities (reference: attack chain step 6).
Increase log retention policies beyond 90 days to improve visibility into long-term persistent threats like BRICKSTORM (reference: Overview section).