The Containment Era is here. →Explore

aviatrix logoAviatrix
Under Active Attack
Industry Category

Architecture/Planning

Breach intelligence, attack campaigns, and threat reports targeting the Architecture/Planning sector.

5 threat reports
Page 1 of 1

Explore Other Sectors

Accounting
Aerospace/Aviation
Agriculture
Airlines/Aviation
Animation
Apparel/Fashion
Architecture/Planning
Artificial Intelligence
Artificial Intelligence/Machine Learning
Arts/Crafts
Automotive
Aviation/Aerospace
Banking/Mortgage
Biotechnology/Greentech
Blockchain/Cryptocurrency
Broadcast Media
Broadcasting Media
Broadcasting/Media
Building Materials
Business Supplies/Equipment
Capital Markets/Hedge Fund/Private Equity
Chemical
Chemicals
Civic/Social Organization
Civil Engineering
Cloud Computing
Cloud Computing/SaaS
Cloud Services
Commercial Facilities
Commercial Real Estate
Computer Games
Computer Hardware
Computer Networking
Computer Software/Engineering
Computer/Network Security
Construction
Consulting
Consumer Electronics
Consumer Goods
Consumer Services
Cosmetics
Cosmetics
Critical Manufacturing
Cryptocurrencies
Customer Services
Cybersecurity
Dairy
Dating/Personal Services
Defense/Space
Design
E-Learning
Education Management
Electrical/Electronic Manufacturing
Emergency Services
Energy
Energy/Oil/Solar/Greentech
Entertainment/Movie Production
Environmental Services
Events Services
Facilities Services
Farming
Fashion/Apparel
Financial Services
Fine Art
Fishery
Food Production
Food/Beverages
Fortune 500 companies
Franchising
Fundraising
Gambling/Casinos
Gaming
Gaming/Casinos
Government Administration
Government Facilities
Government Relations
Graphic Design/Web Design
Health Care / Life Sciences
Higher Education/Acadamia
Hospitality
Human Resources/HR
Import/Export
Individual/Family Services
Industrial Automation
Information Services
Information Technology/IT
Insurance
International Affairs
International Trade/Development
Internet
Investment Banking/Venture
Investment Management/Hedge Fund/Private Equity
Judiciary
Law Enforcement
Law Practice/Law Firms
Legal Services
Legislative Office
Leisure/Travel
Logistics/Procurement
Luxury Goods/Jewelry
Machinery
Management Consulting
Manufacturing
Maritime
Marketing/Advertising/Sales
Mechanical or Industrial Engineering
Media Production
Medical Equipment
Medical Practice
Military Industry
Mining/Metals
Mobile
Museums/Institutions
Music
Newspapers/Journalism
Non-Profit/Volunteering
Oil/Energy/Solar/Greentech
Online Publishing
Outsourcing/Offshoring
Package/Freight Delivery
Parking
Pharmaceuticals
Philanthropy
Photography
Plastics
Political Organization
Primary/Secondary Education
Professional Training
Public Relations/PR
Public Safety
Publishing Industry
Railroad Manufacture
Real Estate/Mortgage
Recreational Facilities/Services
Religious Institutions
Renewables/Environment
Research Industry
Restaurants
Retail Industry
Robotics
Rural Healthcare
Security/Investigations
Semiconductors
Sporting Goods
Sports
Staffing/Recruiting
Supermarkets
Technology
Technology/IT
Telecommunications
Think Tanks
Toys and Games
Transportation
Travel/Tourism
Trucking/Freight
Utilities
Venture Capital/VC
Warehousing
Water and Wastewater
Water and Wastewater Systems
Water and Wastewater Treatment
Water, Waste, Steam, and Air Conditioning Services
Water/Wastewater Management
Water/Wastewater/Utilities
Wholesale
Wireless

Architecture/Planning Threat Reports

Showing 15 / 5 reports
'Lorem Ipsum' Malware Shifts to ClickFix Delivery in 2026
Impact· HIGH
Law Practice/Law Firms

'Lorem Ipsum' Malware Shifts to ClickFix Delivery in 2026

In May 2026, the operators of the 'Lorem Ipsum' malware campaign transitioned from using Trojanized Microsoft Teams installers to employing ClickFix lures hosted on compromised WordPress sites. This shift followed Microsoft's takedown of the Fox Tempest infrastructure, which had previously supplied the attackers with fraudulent Microsoft Trusted Signing certificates. The new delivery method involves fake browser update notifications that prompt users to execute malicious PowerShell commands, leading to the silent installation of the malware. This change significantly broadens the potential victim pool, as any visitor to the compromised sites is now at risk. The 'Lorem Ipsum' campaign is now believed to be linked to the Vice Society ransomware group, also known as Rapid Brigantine or Vanilla Tempest. Vice Society has a history of targeting sectors such as education, healthcare, and manufacturing, employing double extortion tactics by encrypting data and threatening to leak it unless a ransom is paid. The group's ability to rapidly adapt its delivery methods in response to disruptions underscores the evolving nature of cyber threats and the importance of robust, adaptive cybersecurity measures.

1 week ago

Kill Chain

IC
Initial Compromise(high)
PE
Privilege Escalation(medium)
LM
Lateral Movement(medium)
C&C
Command & Control(high)
E
Exfiltration(high)
I
Impact(medium)
Read Report
Nigerian Hacker Sentenced for Tax Firm Breach Using Warzone RAT
Impact· HIGH
Accounting

Nigerian Hacker Sentenced for Tax Firm Breach Using Warzone RAT

Between June 2016 and June 2021, Nigerian national Matthew Abiodun Akande orchestrated a sophisticated cyber intrusion targeting multiple tax preparation firms in Massachusetts. Utilizing phishing emails that impersonated a CEO, Akande deployed the Warzone remote-access trojan (RAT) to infiltrate the firms' networks. This allowed him to steal clients' personal information, leading to the filing of over 1,000 fraudulent tax returns and the illicit collection of more than $1.3 million in refunds. Akande was arrested in October 2024 at London's Heathrow Airport, extradited to the United States in March 2025, and sentenced to eight years in prison in February 2026. ([justice.gov](https://www.justice.gov/usao-ma/pr/nigerian-man-sentenced-eight-years-prison-computer-intrusion-and-theft?utm_source=openai)) This incident underscores the persistent threat posed by sophisticated phishing campaigns and the use of advanced malware like RATs in financial fraud schemes. It highlights the critical need for organizations, especially those handling sensitive client data, to implement robust cybersecurity measures and employee training to prevent such breaches.

4 months ago

Kill Chain

IC
Initial Compromise(high)
PE
Privilege Escalation(high)
LM
Lateral Movement(medium)
C&C
Command & Control(high)
E
Exfiltration(high)
I
Impact(high)
Read Report
Hackers Weaponize Blender 3D Assets to Spread StealC V2 Malware
Impact· medium
Entertainment/Movie Production

Hackers Weaponize Blender 3D Assets to Spread StealC V2 Malware

In late 2025, cybersecurity researchers identified a prolonged campaign in which attackers weaponized Blender 3D asset files (.blend) on popular asset-sharing platforms such as CGTrader. By implanting malicious files that executed the StealC V2 information-stealing malware, threat actors compromised unsuspecting users when they opened downloaded assets. Over at least six months, the campaign enabled attackers to harvest login credentials, browser data, and sensitive information from artists and professionals in gaming, animation, and design industries, leading to significant data theft and potential downstream attacks on organizations relying on Blender assets. This incident highlights the growing abuse of trusted creative software supply chains and open asset marketplaces. As creative and industrial processes increasingly depend on third-party digital assets, attackers are evolving to target creators, leveraging social engineering and supply chain weaknesses.

5 months ago

Kill Chain

IC
Initial Compromise(high)
PE
Privilege Escalation(medium)
LM
Lateral Movement(medium)
C&C
Command & Control(high)
E
Exfiltration(high)
I
Impact(medium)
Read Report
Critical Buffer Overflow Flaws in Ashlar-Vellum Software Threaten Industrial Security
Impact· low
Critical Manufacturing

Critical Buffer Overflow Flaws in Ashlar-Vellum Software Threaten Industrial Security

In November 2025, Ashlar-Vellum disclosed two critical software vulnerabilities—an Out-of-Bounds Write (CVE-2025-65084) and a Heap-based Buffer Overflow (CVE-2025-65085)—impacting its Cobalt, Xenon, Argon, Lithium, and Cobalt Share products (version 12.6.1204.207 and prior). Identified by security researcher Michael Heinzl and published via CISA, these flaws could allow local attackers to gain information disclosure or execute arbitrary code on affected engineering systems, primarily used in the Critical Manufacturing sector worldwide. The vulnerabilities are rated high (CVSS v4 score 8.4), but no exploitation has been reported to date. This incident reinforces the urgent need for robust vulnerability management and regular software patching within industrial control environments. Manufacturers and operators face increasing regulatory and operational pressure to proactively address new threats in their digital supply chains and critical OT infrastructure.

5 months ago

Kill Chain

IC
Initial Compromise(high)
PE
Privilege Escalation(medium)
LM
Lateral Movement(medium)
C&C
Command & Control(low)
E
Exfiltration(low)
I
Impact(low)
Read Report
Flax Typhoon Turns ArcGIS Features Into Espionage Backdoor: 2024 Breach Analysis
Impact· medium
Government Administration

Flax Typhoon Turns ArcGIS Features Into Espionage Backdoor: 2024 Breach Analysis

In early 2024, security researchers revealed that Chinese state-backed group Flax Typhoon covertly infiltrated ArcGIS server environments, maintaining backdoor access for over a year by exploiting legitimate software features. By compromising a backend administrator account, attackers deployed a malicious Server Object Extension (SOE) that blended with normal operations, enabling a persistent webshell and establishing a hidden workspace inaccessible to others. Critically, the attackers embedded their access into system backups, ensuring reinfection even after potential forensics or restoration activities. This sophisticated campaign allowed Flax Typhoon to spy on entities across the U.S., Europe, and Taiwan with minimal use of detectable malware. The incident demonstrates a significant shift towards using trusted enterprise software as an attack vector and reveals how recovery mechanisms like backups become liabilities if not properly verified. Similar living-off-the-land techniques are rising in frequency, challenging traditional security monitoring and incident response strategies.

5 months ago

Kill Chain

IC
Initial Compromise(medium)
PE
Privilege Escalation(medium)
LM
Lateral Movement(medium)
C&C
Command & Control(high)
E
Exfiltration(low)
I
Impact(medium)
Read Report
[ INCIDENT RESPONSE // UNDER ATTACK? ]

Stop Active Cloud Data Exfiltration

Aviatrix Breach Lock helps teams instantly identify what data is leaving the environment, from which workload, and where it’s going — during an active breach.

Under Attack

Looking for threats in a different sector?

Browse All Threat Reports