Over 400 Arch Linux AUR packages compromised in supply chain attack deploying infostealer malware and eBPF rootkit.
Critical infrastructure and ICS operators running Arch-based systems: audit your package sources and installed repositories immediately. This is active threat activity.
#ThreatIntel #ICS #CriticalInfrastructure
https://threat-intelligence.redeyesecurity.com/blog/arch-linux-aur-supply-chain-attack-2026
Cobalt Strike Beacon Detected - 152[.]32[.]202[.]240:8443 - https://www.redpacketsecurity.com/cobalt-strike-beacon-detected-152-32-202-240-port-8443-53/
Cobalt Strike Beacon Detected - 82[.]156[.]62[.]131:80 - https://www.redpacketsecurity.com/cobalt-strike-beacon-detected-82-156-62-131-port-80-7/
Cobalt Strike Beacon Detected - 117[.]72[.]159[.]215:443 - https://www.redpacketsecurity.com/cobalt-strike-beacon-detected-117-72-159-215-port-443-5/
Cobalt Strike Beacon Detected - 207[.]56[.]229[.]234:80 - https://www.redpacketsecurity.com/cobalt-strike-beacon-detected-207-56-229-234-port-80-2/
Cobalt Strike Beacon Detected - 8[.]219[.]158[.]30:80 - https://www.redpacketsecurity.com/cobalt-strike-beacon-detected-8-219-158-30-port-80/
Cobalt Strike Beacon Detected - 120[.]76[.]143[.]184:443 - https://www.redpacketsecurity.com/cobalt-strike-beacon-detected-120-76-143-184-port-443-39/
Cobalt Strike Beacon Detected - 117[.]72[.]178[.]246:4848 - https://www.redpacketsecurity.com/cobalt-strike-beacon-detected-117-72-178-246-port-4848-42/
Cobalt Strike Beacon Detected - 114[.]134[.]187[.]38:8443 - https://www.redpacketsecurity.com/cobalt-strike-beacon-detected-114-134-187-38-port-8443-3/
Cobalt Strike Beacon Detected - 121[.]4[.]92[.]72:5000 - https://www.redpacketsecurity.com/cobalt-strike-beacon-detected-121-4-92-72-port-5000-35/
Etairos.ai
RedPacket Security
