JSAC2026 -Day 1-

This JSAC2026 Day 1 highlights briefing summarizes multiple active threats and incident analyses presented by researchers: a supply-chain-style compromise via DNS poisoning redirecting legitimate app updates; gateway/edge device surveillance frameworks; campaigns attributed to Chinese-linked groups (Earth Lusca/Krahang, Tianwu), North Korea-linked Konni with GSRAT, and Earth Kurma; large-scale exploitation of Ivanti Connect Secure devices with SPAWN/TextDoor and credential theft; and infrastructure-less C2 techniques abusing Microsoft Graph API, cloud services, and dead-drop resolvers. Presentations emphasize detection-evasion methods, use of legitimate services for C2 and exfiltration, investigative challenges on edge devices, and recommended mitigations including encrypted DNS, endpoint monitoring, cloud API traffic inspection, and sharing YARA/Sigma rules.