The Good, the Bad and the Ugly in Cybersecurity – Week 15

This intelligence note covers three active threats: a US-authorized disruption of a GRU (APT28) DNS-hijacking network that abused TP-Link routers to intercept credentials and insert GRU-controlled infrastructure; macOS-focused ClickFix social-engineering campaigns using Script Editor to deliver AMOS/Atomic Stealer and exfiltrate browser data and wallets; and Iran-affiliated actors exploiting internet-facing PLCs (Rockwell/Allen-Bradley and others) to manipulate HMI/SCADA data and cause operational disruption across critical infrastructure sectors.