The Cipher

Daily brief · Cyber · AI · Tech

Daily brief at 7am Melbourne. Unsubscribe any time.

← The Cipher

Thursday 28 May 2026

The Extortion Gang That Skips the Phishing Email and Walks Through the Front Door

Ransomware crews are now showing up at law firm offices in person — and Australia's court transcription offshore scandal shows the tactic isn't as far-fetched here as it sounds.

Lead story

The Extortion Gang That Skips the Phishing Email and Walks Through the Front Door

The FBI has issued a formal warning about the Silent Ransom Group, an extortion crew that has added a genuinely unusual tactic to its playbook: turning up at US law firms in person, impersonating tech support staff, and physically plugging in USB drives to steal data directly from workstations.

This isn't a theoretical attack scenario. The FBI says SRG operatives have successfully talked their way past reception desks, sat down at employees' computers, and exfiltrated sensitive legal files — all while pretending to be there to fix something. It's social engineering, except the "link" they're convincing you to click is a thumb drive, and the person asking is standing right next to you.

Why law firms? They sit on extraordinarily sensitive data — litigation strategy, M&A deal terms, client financial records, sealed court documents. They're also historically under-resourced on security relative to financial services or government, and their cultures tend to prize client access over friction. A visitor who looks plausibly like an IT contractor is often waved through.

SRG's hybrid approach combines conventional remote access techniques with in-person intrusion. Researchers at the Record note the group is not particularly prolific, but has demonstrated a focused, methodical approach to the legal sector. The FBI advisory specifically calls out "social engineering schemes to gain remote access" alongside the physical visits — suggesting the crew adapts its method to whatever gets them inside.

The Australian angle here is real. This week, separately, iTnews reported that Australian cyber teams are actively reviewing data security controls after court transcription work was offshored — raising concerns about what investigative and legal records are accessible outside Australian jurisdiction, and to whom. The two stories aren't connected, but together they paint a picture of the legal sector as genuinely underdefended territory, where the threat model now extends well beyond a phishing email.

What should legal organisations do? The basics matter more than ever: visitor management that actually checks credentials against a known list, workstation lockouts that activate in under a minute of inactivity, and USB port controls (most endpoint security platforms can block unauthorised removable media). But the harder fix is cultural — the instinct to be helpful to someone who says they're from IT needs to be trained out.

What to watch: Whether SRG activity spreads beyond US law firms. The group's tactics require physical proximity, which suggests they'll focus on high-value English-speaking common-law jurisdictions — the UK, Canada, and Australia are all plausible next targets. Australian law firms that handle government, defence, or resources-sector work would be particularly attractive.

The ACSC's published guidance on physical security controls for organisations handling sensitive data is a reasonable starting point for any firm that hasn't revisited its visitor policies lately.

Also today

GlassWorm Botnet Taken Down in Coordinated Three-Way Strike

CrowdStrike, Google, and the Shadowserver Foundation simultaneously severed all four command-and-control channels used by the GlassWorm malware, which has been targeting software developers through poisoned open-source packages and extensions since early 2025. What made GlassWorm unusually resilient was its C2 infrastructure — operators used Solana blockchain transactions and the BitTorrent DHT network alongside conventional servers, making it hard to kill any single channel without the others picking up the slack. The simultaneous strike was designed specifically to prevent failover. Australian developers using the affected open-source packages — many of which are globally deployed — should audit their environments for indicators of compromise.

CyberScoop

SymJack: How AI Coding Agents Can Be Tricked Into Installing Attacker-Controlled MCP Servers

Security researchers have disclosed a new attack technique called SymJack, in which malicious repositories use disguised symbolic links to trick AI coding agents into silently installing attacker-controlled Model Context Protocol (MCP) servers. Once installed, those servers can steal secrets, compromise CI/CD pipelines, and deploy malicious code — all without the developer realising anything unusual happened. The attack is particularly concerning because AI coding agents are increasingly granted broad filesystem and network permissions. With tools like Cursor, Copilot, and Devin becoming standard in developer workflows, supply-chain risk now flows through the agent layer as well as the package registry.

SecurityWeek

Iranian Intelligence Behind LA Metro Cyberattack, Researchers Say

A cyberattack on the Los Angeles Metro transit system was claimed by a group presenting itself as independent hacktivists, but researchers at Gambit Security have linked the operation's infrastructure directly to Iran's Ministry of Intelligence (MOIS). The finding fits a broader pattern: Iranian state actors have increasingly used front groups and hacktivist personas to provide deniability for attacks on Western critical infrastructure. LA Metro is a significant public transport operator serving millions of daily riders. Australian critical infrastructure operators — particularly those covered under the SOCI Act — should note that transport and utilities remain priority targets for state-sponsored disruption campaigns.

The Record

Gitea Flaw Lets Anyone Pull Private Container Images — No Login Required

A newly disclosed vulnerability in Gitea (CVE-2026-27771) allows unauthenticated remote attackers to pull private container images from any affected deployment, with no account, password, or credential required. All versions prior to 1.26.2 are affected. Gitea is a popular self-hosted alternative to GitHub, widely used by teams that want to keep their code on their own infrastructure — often for exactly the kind of privacy the flaw now undermines. If your organisation runs a self-hosted Gitea instance, upgrading to 1.26.2 should be treated as urgent. The vulnerability is particularly dangerous for organisations storing proprietary code or internal tooling in container registries.

The Hacker News

Malicious npm Package Targeted Claude AI's File Directory

Researchers at OX Security discovered a malicious npm package named "mouse5212-super-formatter" designed to exfiltrate files from the directory Anthropic's Claude AI tool uses to handle uploads and outputs. It's a targeted attack that assumes the victim is a developer actively using Claude — a reasonable assumption given how broadly the tool has been adopted in software development workflows. The package is another example of supply-chain attacks becoming increasingly context-aware, moving beyond generic credential theft toward harvesting AI tool artifacts, which can include proprietary code, documents, and API keys.

The Hacker News

AI-Assisted Exploit Development Is Now Outrunning Vulnerability Scanners

New research shows that attackers are using AI to dramatically compress the time between a CVE being published and a working exploit being available — in some cases moving faster than enterprise vulnerability scanners can update their signatures. The practical implication is that the traditional window between disclosure and exploitation, which defenders have historically used to patch, is shrinking toward zero for high-value targets. India's CERT-In this week responded to a similar concern by mandating that internet-facing or critical systems must be patched, mitigated, or isolated within 12 hours of a known exploited vulnerability being confirmed — a timeline that will stress most organisations' patch management processes.

Dark Reading

GCHQ Chief: AI Is an 'Unstoppable Force' — and Russia Isn't Slowing Down

Anne Keast-Butler, director of the UK's GCHQ, delivered a blunt public address warning that AI represents a fundamental shift in the cyber threat landscape — both as a tool for attackers and as a potential defensive shield. She announced GCHQ is developing an AI-powered cyber defence capability and renewed warnings about Russian grey-zone operations that fall just below the threshold of open conflict. The speech is part of a coordinated push by Five Eyes intelligence agencies to publicly acknowledge the AI-enabled threat shift. Australia's ASD has made similar noises in its annual Cyber Threat Report, though a dedicated AI-powered cyber shield equivalent to what GCHQ described has not been publicly announced.

CyberScoop

Australian Parliamentary WhatsApp Breach Surfaced at Senate Estimates

A cybersecurity incident involving WhatsApp at the Department of Parliamentary Services was disclosed during Senate estimates hearings this week, with officials confirming it occurred on 9 March 2026. Details remain sparse — the department has not publicly confirmed what data was accessed or how the breach occurred — but the fact it was revealed under questioning rather than proactively disclosed will raise eyebrows. Parliamentary systems are a high-value target for foreign intelligence services given the sensitivity of communications between ministers, staffers, and advisers. The incident adds weight to calls for stricter controls on consumer messaging apps in sensitive government environments.

The Mandarin

Cognition Raises $1B at $25B Valuation — AI Coding Is Now Serious Money

Cognition, the startup behind the Devin AI software engineer, has raised $1 billion at a $25 billion pre-money valuation — more than doubling its valuation in eight months. The company says it's now running at $492 million in annualised revenue. The raise cements AI-assisted coding as one of the hottest verticals in enterprise software, with Cognition competing against GitHub Copilot, Cursor, and a growing field of agentic coding tools. The valuation is striking given Cognition's revenue multiple, though investors appear willing to pay for category leadership in a market they believe will reshape software development economics over the next decade.

TechCrunch

YouTube Will Start Automatically Labelling AI-Generated Videos

YouTube is moving away from relying solely on creator self-disclosure for AI-generated content, announcing it will now automatically detect and label videos that feature significant photorealistic AI imagery. The labels will also become more visually prominent. There are carve-outs — animated content and videos with only minor AI use may not be flagged — which means the system will have gaps, but it still represents a meaningful shift toward platform-level accountability for synthetic media. This is relevant to Australia's Online Safety Act framework, which the eSafety Commissioner has flagged as a potential avenue to address AI-generated harmful content, including deepfakes.

TechCrunch

Websites Can Now Fingerprint You by Watching Your SSD

Researchers have demonstrated a new browser-based side-channel attack that can fingerprint individual visitors by measuring the timing patterns of their SSD's read/write activity — using nothing more than standard JavaScript, no special permissions required. The technique works because different files, browser caches, and usage patterns produce distinctive storage I/O signatures that are hard to spoof. It won't replace cookies overnight, but it offers a tracking mechanism that survives private browsing, cookie deletion, and VPN use. The research highlights how fingerprinting techniques continue to evolve well ahead of browser privacy protections — and why Australia's Privacy Act reforms around tracking deserve close attention from web developers.

Ars Technica

Sources consulted