Supply-Chain Attacks, TP-Link devices & a pair of socks
ID: 8b216d70-3652-5870-9064-1e3c1d99f5d6
STIX ID: report--8b216d70-3652-5870-9064-1e3c1d99f5d6
Feed Name: Ctrl-Alt-Int3l
Threat Score
# Executive Summary In March 2026, a single ShadowLink beaconing protocol and auth secret were observed across a supply-chain compromise of a GitHub Action (Xygeni) and an IoT-focused campaign that deployed microsocks-based residential SOCKS5 proxies on TP-Link and ASUS routers (exploiting CVE-2024-21833), with active C2 infrastructure (e.g., 108.129.153.172, 91.214.78.178) and numerous IOCs provided; attribution to TeamPCP is discussed but remains inconclusive.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.