RST TI Report Digest: 02 Mar 2026

**GrayCharlie hijacks WordPress sites (notably U.S. law firms) in supply-chain attacks to inject JavaScript that redirects visitors to NetSupport RAT payloads via fake browser updates or CAPTCHA lures; the Insikt Group report catalogs exploitation methods, persistence tactics, extensive control infrastructure, and a long list of IOCs (IPs, domains, URLs, SHA-256 hashes) and attributes the activity to data theft and financial fraud.**