Insights

On May 21, 2025, CISA and international cybersecurity authorities issued CSA AA25-141A, attributing a sophisticated espionage campaign to GRU Unit 26165 (APT28/Fancy Bear). These operations have targeted logistics and IT support organizations involved in foreign aid to Ukraine. Zeek Threat Intelligence Feed - Download Summary of Threat Campaign APT28 uses diverse tactics to infiltrate and persist in networks, combining spearphishing, zero-day exploitation, credential attacks, and post-exploitation frameworks to exfiltrate sensitive operational data. Common Techniques Used: Initial Access Credential stuffing and brute-force attacks via Tor and commercial VPNs Spearphishing with links to spoofed login pages Exploitation of CVEs, including: CVE-2023-23397 (Outlook NTLM hash leak) CVE-2023-38831 (WinRAR exploit) Roundcube CVEs: 2020-12641, 2020-35730, 2021-44026 Lateral Movement & Persistence Deployment of OpenSSH for command/control Use of native tools like Impacket, PsExec, Certipy, ADExplorer Lateral RDP access and NTDS.dit extraction Scheduled task creation with schtasks Data Collection & Exfiltration Abuse of mailbox permissions for persistent…

Modern software is built on open-source. Developers rely on public repositories like npm, PyPI, and Maven Central to move fast, avoid reinventing the wheel, and ship updates continuously. But this speed and openness come at a cost: your software supply chain is now a primary attack surface. Attackers have figured this out-and they're exploiting it. How Open-Source Dependencies Become Attack Vectors Open-source packages are easy to install and often trusted implicitly. That's exactly what makes them so appealing to threat actors. Here's how attackers are weaponizing open-source: 1. Typosquatting Malicious packages are uploaded with names that closely mimic legitimate libraries (e.g., expresss instead of express). If a developer makes a typo or auto-installs a dependency, they may unknowingly install malware. 2. Hijacked or Abandoned Projects Attackers take over dormant projects-sometimes by buying expired domains or credentials-and inject malicious code into new releases. Users update as usual, unaware of the compromise.…

As the 2025 NASCAR Canada Series kicks off in full force, Critical Path Security is proud to support driver Ryan Vargas in his return to the track at the iconic Canadian Tire Motorsport Park in Bowmanville, Ontario. The race will take place on Sunday, May 18 at 1 PM ET, marking the second stop of the season and the first road course challenge for drivers this year. This track, known for its high-speed corners and challenging elevation changes, will be a true test of driver skill and car performance. The #28 Critical Path Security Dodge, driven by Vargas, is prepped and ready to make a strong statement on the international stage. A Cross-Border Mission Our involvement in both U.S. and Canadian cybersecurity has never been more visible. Supporting Ryan Vargas on Canadian soil isn't just a race-day partnership-it's a symbol of Critical Path Security's expanding presence across North America. With…

This week, Patrick Kelley, CEO of both Léargas Security and Critical Path Security, will be attending Consensus 2025 in Toronto, Ontario. While the companies are not formal sponsors of the event, Mr. Kelley's presence reflects the growing commitment by both organizations to remain at the forefront of global cybersecurity trends-particularly where blockchain, digital identity, and threat intelligence converge. Consensus 2025, hosted by CoinDesk, is one of the premier gatherings for leaders across the blockchain, digital asset, Web3, and cybersecurity ecosystems. With the rapid expansion of decentralized technologies into critical infrastructure, finance, and identity frameworks, the implications for national and global security are profound. Operating across both Canada and the United States, Léargas and Critical Path Security continue to provide advanced security services, including XDR, incident response, and cyber risk leadership, to clients on both sides of the border. Participation in events like Consensus enables the teams to assess not only…