← Back to Blog
Security Briefing5 min readApril 9, 2026

Security Briefing, April 9 2026: Chaos Cloud Malware, APT28 PRISMEX, Contagious Interview Packages, Iran PLC Attacks, and the Eurail Breach

Today's security briefing tracks Chaos malware pivoting into misconfigured cloud deployments, APT28's new PRISMEX espionage chain, North Korea's 1,700-package supply chain spread, Iran-linked attacks on exposed PLCs, and the Eurail breach that exposed 300,000+ passport numbers.

Executive Summary

The pattern today is not subtle. Attackers are still winning where teams leave control planes exposed, trust open software ecosystems too easily, and assume critical systems are too niche to be targeted. From cloud workloads and package registries to industrial controllers and travel data, weak trust boundaries keep turning into headline-grade incidents.

1. Chaos malware is moving from edge devices into misconfigured cloud environments

Darktrace says a new Chaos variant is now targeting misconfigured cloud deployments, extending a botnet previously associated with routers, edge devices, and poorly secured Docker environments. That matters because the attack path is brutally familiar: exposed services, weak hardening, and internet-facing management surfaces still make cloud workloads easy to bend into cryptomining and DDoS infrastructure.

2. APT28 is using PRISMEX to hit Ukraine and NATO-linked targets

Trend Micro linked APT28 to a spear-phishing campaign deploying a newly documented malware suite called PRISMEX across Ukrainian institutions and allied logistics, transport, and defense partners. The important detail is not just the malware. It is the speed of operationalization, with fresh vulnerabilities weaponized quickly and cloud services abused for command and control. If your detection stack still separates email, endpoint, and cloud telemetry into silos, you are giving this kind of actor room to breathe.

3. Contagious Interview has expanded its supply chain playbook across 1,700 packages

Socket reports that the North Korea-linked Contagious Interview campaign pushed malicious packages across npm, PyPI, Go, Rust, and Packagist, disguising loaders as legitimate developer tooling before delivering infostealer and remote access payloads. This is a supply chain reminder with a crowbar, not a whisper. Dependency trust is still too automatic in too many engineering teams, especially where internal review of developer tooling is treated as optional.

4. Iran-linked actors are disrupting critical infrastructure through internet-exposed PLCs

U.S. agencies warned that Iran-affiliated hackers are targeting exposed operational technology, including PLCs used across water, wastewater, energy, and other critical sectors. Reported effects include manipulation of display data, reduced PLC functionality, operational disruption, and financial loss. If a PLC or HMI is still reachable from the public internet, that is not modernization, it is negligence with a countdown timer attached.

5. Eurail confirmed a breach affecting more than 300,000 passport numbers

The Record reports that Eurail notified regulators that a December intrusion led to the theft of names and passport numbers for 308,777 people, with stolen data later offered for sale and samples posted on Telegram. Travel data has become a quietly valuable target because it combines identity information, customer support records, and international movement context. That mix is gold for fraud, impersonation, and follow-on targeting.

What defenders should do before this becomes next week's postmortem

KENSAI: KENSAI view: the common failure mode is still exposed trust. Open control planes, inherited package trust, internet-facing OT, and lightly protected customer identity data keep paying attackers because defenders are still assuming the dangerous path is someone else's problem.
Primary sources

Turn today's signal into a real hardening plan.

KENSAI helps security teams validate exposed attack surface, pressure-test controls, and find the trust gaps attackers monetize first.

Start Free Scan →