DigitalMint Negotiator Ran ALPHV Attacks, Extorted $75M

◆ DEEP DIVES

1. 01

   When Your Ransomware Negotiator IS the Ransomware Operator: The DigitalMint Betrayal

   <h3>The Scheme That Should Rewrite Your IR Vendor Contracts</h3><p>Angelo John Martino III, a 41-year-old ransomware negotiator at DigitalMint, stands accused of conducting at least <strong>10 ALPHV/BlackCat ransomware attacks</strong> while simultaneously serving as the trusted intermediary companies hired to negotiate their way out. Federal authorities allege he <strong>extorted $75.25 million</strong>, with individual payments reaching $26.8 million and $25.7 million — numbers that only make sense when the attacker has perfect intelligence on the victim's insurance limits, backup status, and pain threshold.</p><p>This wasn't a lone wolf. Two other DigitalMint employees — <strong>Kevin Tyler Martin and Ryan Clifford Goldberg</strong> — already pleaded guilty in December 2025 to similar attacks. They face sentencing April 30. <em>Three employees at the same firm, all running ransomware operations while being paid to stop them.</em></p><hr><h3>How the Dual-Role Attack Model Worked</h3><p>Map this to your incident response workflow and the picture is devastating:</p><ol><li><strong>Initial compromise:</strong> Martino allegedly deployed ALPHV/BlackCat via standard affiliate vectors (compromised VPNs, phishing, credential abuse)</li><li><strong>Victim engages DigitalMint:</strong> At least <strong>5 confirmed companies</strong> hired Martino's own employer to negotiate on their behalf</li><li><strong>Intelligence harvesting:</strong> Through the negotiation process, Martino allegedly accessed <strong>financial details, backup status, insurance coverage, and business continuity timelines</strong></li><li><strong>Calibrated extortion:</strong> Armed with insider knowledge, demands were tuned for maximum extraction — far above the ransomware average</li></ol><blockquote>The ultimate social engineering: the attacker is positioned as the defender, and the victim voluntarily shares their most sensitive recovery information.</blockquote><h3>Why Your Current Vendor Controls Likely Failed</h3><p>Most IR retainer agreements focus on response time SLAs, scope of services, and hourly rates. They <strong>rarely address</strong>:</p><ul><li>Conflict-of-interest provisions and information barriers between offensive/intelligence teams and negotiation teams</li><li>Employee criminal background check requirements, including ongoing monitoring</li><li>Data compartmentalization — what information the vendor can access and how it's segregated</li><li>Attestation that no employees have active cybercrime investigations</li></ul><p>Martino was released on <strong>$500K bond</strong> and banned from cybersecurity work. <strong>$9.2M in cryptocurrency</strong> and $2M+ in real estate and vehicles were seized. He faces up to 20 years. But the damage to the IR vendor trust model is already done.</p><h3>The Broader Pattern</h3><p>This cycle also surfaced the confirmed <strong>SSA data exfiltration via thumb drive</strong> by a DOGE engineer, proving removable media controls fail even in federal environments handling the most sensitive PII in government. The common thread across both incidents: <strong>privileged insiders with trusted access exploiting the trust itself</strong>. Your vendor is only as trustworthy as their least-vetted employee.</p>

   Action items

   • Audit all IR retainer and ransomware negotiation vendor agreements for conflict-of-interest provisions, information barriers, and employee background check requirements by end of this sprint
   • Compartmentalize information shared with negotiation firms — never provide a single vendor with simultaneous visibility into insurance limits, recovery timeline, and financial position
   • Add conflict-of-interest certification to all cybersecurity vendor contracts requiring vendors to attest no employees have active criminal investigations related to cybercrime
   • Brief board or senior leadership on the DigitalMint case as a concrete third-party risk scenario to justify enhanced vendor due diligence budget

   Sources:Your ransomware negotiator might be the threat actor: DigitalMint insider ran ALPHV/BlackCat attacks on his own clients

2. 02

   Emergency Patch Sprint: HPE Aruba CX Admin Takeover, n8n on CISA KEV, and a 7-Year-Old SAP Bomb

   <h3>Three Critical Vulnerabilities Demand Parallel Action</h3><p>This cycle delivers a <strong>multi-front active exploitation scenario</strong> hitting network infrastructure, workflow automation, and enterprise ERP simultaneously. Any one of these warrants an emergency change window.</p><h4>HPE Aruba CX Switches: Unauthenticated Admin Takeover (~CVSS 10.0)</h4><p>An <strong>unauthenticated password reset flaw</strong> in HPE Aruba CX enterprise switches lets any network-reachable attacker seize admin control without credentials. No user interaction required. Aruba CX switches are <strong>widely deployed across campus, data center, and spine-leaf architectures</strong>. A compromised core switch enables traffic interception, VLAN hopping, ARP poisoning, and lateral movement that <strong>bypasses every application-layer control</strong> you've deployed. Your EDR, WAF, and CASB are irrelevant here — this is network-layer compromise. Four independent intelligence streams confirm this vulnerability and its severity.</p><h4>n8n Workflow Automation: RCE + Credential Theft (CISA KEV)</h4><p>Two critical n8n flaws enabling <strong>arbitrary command execution and stored credential exposure</strong> are now on CISA's Known Exploited Vulnerabilities catalog — confirming active exploitation in the wild. There are <strong>24,700 instances still internet-facing</strong>. n8n workflows typically store OAuth tokens, API keys, and database credentials. <em>A single compromised instance cascades across your entire integration fabric.</em> Shadow IT risk is acute — developers self-host n8n without security team visibility.</p><h4>SAP CVE-2019-17571: Seven Years and Still Critical</h4><p>SAP released critical patches including for a vulnerability <strong>originally disclosed in 2019</strong>. The fact this CVE is still receiving critical patches in 2026 means SAP knows it persists in production environments. This is technical debt as active exploitation risk, with direct <strong>SOX compliance implications</strong> if SAP handles financial reporting.</p><h4>March 2026 Patch Tuesday: 3 Office + 9 Azure, Zero Zero-Days</h4><p>The silver lining: <strong>zero zero-days this cycle</strong>. But three high-severity Office vulnerabilities are prime candidates for weaponized phishing documents within days. Nine Azure patches often slip through because cloud teams don't follow traditional Patch Tuesday cadences.</p><table><thead><tr><th>Vulnerability</th><th>Severity</th><th>Status</th><th>Patch Target</th></tr></thead><tbody><tr><td>HPE Aruba CX unauth reset</td><td>~CVSS 10.0</td><td>Disclosed, imminent exploitation</td><td>Emergency (48 hours)</td></tr><tr><td>n8n RCE + credential theft</td><td>Critical</td><td>Active (CISA KEV)</td><td>Immediate</td></tr><tr><td>SAP CVE-2019-17571</td><td>Critical</td><td>Patch available</td><td>7 days</td></tr><tr><td>MS Office (3 vulns)</td><td>High</td><td>No zero-days</td><td>72 hours</td></tr><tr><td>MS Azure (9 vulns)</td><td>Variable</td><td>No zero-days</td><td>14 days</td></tr></tbody></table>

   Action items

   • Query CMDB for all HPE Aruba CX switches and apply vendor patches or restrict management interfaces to MFA-protected jump hosts via ACLs within 48 hours
   • Run external attack surface scan for n8n instances (default port 5678), patch all instances, and rotate every credential stored in n8n workflows immediately
   • Deploy March Patch Tuesday Office updates across all endpoints within 72 hours, prioritizing the 3 high-severity vulnerabilities
   • Schedule SAP emergency patching for CVE-2019-17571 within 7 days; if blocked by change management, deploy WAF rules and segment SAP systems as compensating controls

   Sources:24,700 n8n instances exposed to CISA-flagged RCE · Unauth admin takeover in HPE Aruba CX switches (near-CVSS 10) · Critical: Unauthenticated admin takeover in HPE Aruba CX switches · DPRK operatives weaponizing GitLab + 12 Microsoft vulns need your attention this week

3. 03

   Iranian Cyber Escalation Goes Kinetic-to-Digital: Stryker Wiped, 10 ISACs Warn, Tech Giants Named

   <h3>Three Simultaneous Escalation Signals</h3><p>The Iranian cyber threat crossed from geopolitical posturing to operational impact this cycle. Three developments, from four independent intelligence streams, form a coherent escalation pattern that demands heightened monitoring.</p><h4>1. Handala Wipes Stryker's Global Fleet</h4><p>Pro-Iran hacktivist group <strong>Handala</strong> claimed a destructive cyberattack against <strong>Stryker</strong>, one of the world's largest medical device manufacturers ($18B+ revenue). Employee reports describe <strong>wiped devices and defaced login screens across Stryker's global network</strong>. This wasn't ransomware or data theft — it was <strong>destruction for geopolitical messaging</strong> (MITRE T1485 Data Destruction, T1491 Defacement). The healthcare implications are critical: Stryker manufactures surgical equipment, implants, and connected devices. A compromised update pipeline could affect <strong>device integrity downstream</strong> — this is a patient safety concern, not just an IT event.</p><h4>2. Ten ISACs Issue Joint Warning</h4><p>Ten information-sharing groups including the <strong>Water ISAC</strong> issued a joint advisory describing a <strong>"highly volatile" threat environment</strong> with expected escalation from Iranian state-sponsored actors, hacktivists, and cybercriminals following U.S. and Israeli military strikes on Iran. This level of cross-sector coordination is unusual and signals shared intelligence that isn't fully public yet.</p><h4>3. Iran Names Specific US Companies</h4><p>Iran has publicly identified <strong>Google, Microsoft, Palantir, IBM, and Nvidia</strong> as potential targets. CNN confirmed the conflict's <strong>first major cyberattack against a US firm has already occurred</strong>. Declared intent backed by demonstrated capability — the blast radius extends to the entire customer and partner ecosystems of these five companies.</p><blockquote>When kinetic conflict escalates in the Gulf, cyber operations follow within weeks — and this time, the cyber arrived before the shooting stopped.</blockquote><h4>Historical Pattern and Expected TTPs</h4><p>Iranian APT groups (APT33/Elfin, APT34/OilRig, CyberAv3ngers) have established playbooks during prior escalations: <strong>spear-phishing with credential harvesting</strong>, VPN and edge-device exploitation, OAuth token abuse targeting cloud tenants, and <strong>destructive wiper deployment</strong> (ZeroCleare, Shamoon lineage). CyberAv3ngers have previously demonstrated capability against Unitronics PLCs in water utilities.</p><h4>New York Regulatory Response</h4><p>New York enacted <strong>first-in-nation cybersecurity regulations for water/wastewater</strong> requiring complete OT/IT separation, MFA, incident reporting, and vulnerability management — with a <strong>$2.5M SECURE grant program</strong>. This sets the template other states will adopt. Full OT/IT air-gapping for a mid-size utility will cost multiples of the $100K implementation grants offered.</p>

   Action items

   • Conduct supply chain impact assessment for Stryker products within 48 hours — identify any Stryker devices, software, or services in your environment and assess firmware update integrity
   • Update SOC watchlists with Iranian APT IOCs (APT33, APT34, CyberAv3ngers) and TTPs — prioritize detection of OAuth token abuse, VPN exploitation, and wiper indicators
   • Map organizational dependencies on Google, Microsoft, Palantir, IBM, and Nvidia and document in BCP — identify which services create exposure if these vendors experience destructive attacks
   • If operating OT/ICS environments (water, energy, manufacturing): map all OT/IT network pathways and begin planning for unidirectional gateway architecture, using NY regulation as template

   Sources:Your ransomware negotiator might be the threat actor: DigitalMint insider ran ALPHV/BlackCat attacks on his own clients · Iran-linked Handala wiped Stryker's global fleet · Iran just named Google, Microsoft, Palantir, IBM & Nvidia as targets · Hormuz closure and energy grid shifts

4. 04

   McKinsey Lilli Breach Proves Your Internal AI Platforms Are Your Most Unaudited Attack Surface

   <h3>A $500M Consulting Firm's AI Platform Fell to a 1998-Era Vulnerability</h3><p>CodeWall's autonomous AI security agent exploited an <strong>unauthenticated SQL injection in McKinsey's internal AI platform Lilli</strong>, achieving full read/write database access within <strong>two hours</strong>. The blast radius: <strong>46.5 million chat messages, 728,000 sensitive files, and McKinsey's entire proprietary RAG knowledge base</strong>. This wasn't a sophisticated zero-day chain — it was <strong>OWASP A03:2021 (Injection)</strong>, the vulnerability class we've been fighting since 1998.</p><p>The attack chain was devastatingly simple:</p><ol><li>Unauthenticated API endpoint — no login required</li><li>Classic SQL injection — arbitrary database queries</li><li>Flat data architecture — all sensitive data in one database</li><li>Full compromise in under 120 minutes by an <strong>automated agent, not a human</strong></li></ol><blockquote>McKinsey is not a small shop with no security budget. If their AI platform shipped with zero authentication on a SQL-injectable endpoint, what does your internal AI platform look like?</blockquote><h3>AI Offensive Tools Are Now Production-Grade</h3><p>Three data points converge into a single pattern this cycle:</p><table><thead><tr><th>Tool/Incident</th><th>What Happened</th><th>Time to Compromise</th></tr></thead><tbody><tr><td>CodeWall vs. McKinsey Lilli</td><td>Autonomous SQLi discovery and exploitation</td><td>2 hours</td></tr><tr><td>CodeWall vs. hiring platform</td><td>Chained 4 low-severity bugs to admin access</td><td>Autonomous</td></tr><tr><td>Researcher vs. Perplexity Comet</td><td>AI browser tricked into executing phishing</td><td>4 minutes</td></tr></tbody></table><p>The implication is direct: <strong>severity-only vulnerability triage is now demonstrably insufficient</strong>. Your backlog of risk-accepted low/medium findings may contain exploitable chains that an AI-equipped attacker will find. And AI platforms themselves — the ones your data science team built in Q3 that ingest documents across the organization into a single RAG datastore — are likely running with the same basic security gaps McKinsey's did.</p><h3>The Broader AI Security Gap</h3><p>OpenAI this cycle formally acknowledged that <strong>prompt injection against AI agents is functionally equivalent to social engineering</strong> — and recommended shifting defenses from input filtering to blast-radius limitation. Simultaneously, Cursor added 30+ marketplace plugins with read/write access to developer tools, Replit Agent 4 runs parallel agents with database access, and Perplexity launched a local-machine AI orchestrator. Each creates data flow paths and credential access patterns your existing controls don't cover.</p><p><em>The uncomfortable truth: AI platform security is being left to data science teams who optimize for capability, not to security teams who optimize for control.</em></p>

   Action items

   • Conduct emergency security assessment of all internal AI/LLM/RAG platforms for OWASP Top 10 vulnerabilities within 14 days — starting with authentication gaps and injection flaws
   • Classify and segment AI platform datastores — ensure RAG knowledge bases and chat logs don't aggregate data across classification levels into single flat repositories
   • Reassess vulnerability management methodology to account for AI-driven chaining of low-severity bugs into critical exploit paths
   • Draft organizational policy on agentic AI browser tools (Perplexity Comet, Auto-GPT with browsing) — restrict to sandboxed environments, prohibit corporate credential use

   Sources:McKinsey's AI platform fell to basic SQLi in 2 hours · 24,700 n8n instances exposed to CISA-flagged RCE · Unauth admin takeover in HPE Aruba CX switches (near-CVSS 10)