Threat Analysis: BlackFile Extortion, Supply Chain Poisoning, and OAuth Phishing — UK SMB Threat Brief, April 2026

Threats & Attacks

Threat Analysis: BlackFile Extortion, Supply Chain Poisoning, and OAuth Phishing — UK SMB Threat Brief, April 2026

By Mauven MacLeod ·

Hello, Mauven here.

Three separate campaigns are active right now, and they share a common thread: none of them need a sophisticated exploit to work. They need your staff to answer a phone call, your developer to run a pip install, or your employee to click what looks like a genuine Microsoft login page. That is it. Here is what the reporting is telling you, and what it is leaving out.

BlackFile: The Extortion Gang That Does Not Need Malware

Since February 2026, a financially motivated group tracked as BlackFile — also known as UNC6671 and Cordial Spider, and believed to be associated with the loosely organised collective known as “The Com” — has been conducting data theft and extortion operations with a method that should concern every business that has a phone.

The attack sequence is straightforward: threat actors call employees directly, impersonating internal IT support staff. The call is convincing enough that employees follow instructions to navigate to a fraudulent login page. Credentials are harvested. From there, the attackers move through SaaS environments, exfiltrating data before making their extortion demand.

What the reporting does not say directly: this technique requires no malware deployment, no vulnerability, and no technical foothold to initiate. The entire access pathway runs through legitimate credentials obtained via social engineering. Standard endpoint detection will not catch the initial compromise because there is nothing to detect. By the time the attacker is inside the Microsoft 365 or similar environment, they are using valid credentials.

This is not new as a technique. Vishing — voice phishing — combined with credential harvesting has been documented for years. What has changed is the operational scale and the professionalisation of the impersonation. These are not opportunistic calls. The reporting indicates targeting, sector-specific knowledge, and plausible internal IT scenarios.

What this means for UK SMBs: If your staff have not been explicitly briefed that IT support will never call them out of the blue and ask them to log in somewhere, they are a viable target. The fix is cheap and immediate: establish a verification protocol. If someone calls claiming to be IT, your employee calls back through the number on the internal directory — not the one provided by the caller.

Supply Chain Under Sustained Attack: Two PyPI Poisonings in One Week

Two separate Python package supply chain attacks have been confirmed in the past week, and together they illustrate that this is not a one-off event — it is an ongoing pattern of exploitation.

Xinference (an open-source AI model inference framework) had three malicious versions — 2.6.0, 2.6.1, and 2.6.2 — published to PyPI on 22 April 2026 after attackers compromised the maintainers’ release credentials. The malicious code was embedded in __init__.py using Base64 encoding layers, executing automatically on library import. Cloud credentials were the primary target.

Telnyx Python SDK versions 4.87.1 and 4.87.2 were similarly compromised. The attack mechanism here is notably sophisticated: audio steganography was used to conceal the payload, with fileless in-memory execution on Linux and macOS, and a persistent binary dropped to the Windows Startup folder. Credentials were exfiltrated using hybrid encryption.

What these advisories do not emphasise clearly enough: the initial access vector in both cases was compromised maintainer credentials, not a vulnerability in the packages themselves. The packages were legitimate. The maintainers were legitimate. The credentials were not protected well enough to prevent an attacker from publishing on their behalf.

For context, this follows the broader npm supply chain pattern documented by Unit 42 at Palo Alto Networks, including the Shai-Hulud worm from September 2025 and the more recent TeamPCP campaign targeting @bitwarden/cli. The developer toolchain is now an established attack surface, and it is not getting safer.

What this means for UK SMBs: If your business uses external developers, an MSP, or any internal development capability — including AI tooling — you have indirect exposure to PyPI and npm packages. The questions to ask your provider or your developers are: Do we pin package versions in production? Do we use a private package mirror or an allowlist? Do we scan installed packages for known-malicious versions? If the answer to all three is no, you are relying entirely on the upstream ecosystem to protect you. The Xinference and Telnyx incidents demonstrate that this is insufficient.

OAuth Device Code Phishing: MFA Is Not Enough Here

Arctic Wolf has documented a large-scale device code phishing campaign running in early April 2026, operated through the Kali365 phishing-as-a-service platform. The campaign exploited the OAuth 2.0 Device Authorization Grant — a legitimate authentication flow designed for devices that cannot display a browser, such as smart TVs and printers.

The attack works like this: the victim receives a high-fidelity lure directing them to Microsoft’s genuine device login page at microsoft.com/devicelogin. They enter a code provided by the attacker. The resulting OAuth token — which grants persistent access to the victim’s Microsoft 365 environment — is captured by the attacker. The token remains valid until it expires or is explicitly revoked. Multi-factor authentication does not prevent this because the victim is completing a legitimate Microsoft authentication flow.

The reporting notes that traffic originated primarily from IP address 216.203.20[.]95 and that targets spanned multiple sectors and regions.

What the advisory does not say: device code phishing as a technique was publicly documented and warned against years ago. Microsoft’s own guidance and various security advisories have covered the risks of the Device Authorization Grant flow since at least 2021. The fact that a phishing-as-a-service platform is running this at scale in April 2026 — and successfully — tells you the guidance has not translated into configuration changes at most organisations.

In Microsoft 365 environments, device code flow can be restricted through Conditional Access policies. Most SMB tenants have never touched their Conditional Access configuration.

What this means for UK SMBs: Log into your Microsoft 365 admin centre and check whether Conditional Access is configured to block or restrict device code authentication. If you are on a Microsoft 365 Business Basic or Standard licence, you have access to Conditional Access through Entra ID. If your IT provider manages your tenant, ask them specifically whether device code flow is restricted. Do not accept “we have MFA enabled” as a sufficient answer to this question. MFA does not cover this attack vector.

One More Thing Worth Noting: Legacy TLS Deadline in July

This is not a threat campaign, but it will affect UK SMBs using older email clients. Microsoft has confirmed that legacy TLS connections for POP and IMAP in Exchange Online will be blocked starting July 2026. If anyone in your organisation uses an email client that has not been updated in several years — older versions of Outlook, Thunderbird with outdated settings, or any custom application that polls email over POP3 — those connections will stop working.

This is housekeeping, not a crisis. But the deadline is real and July is not far away. Ask your IT provider to confirm that all email clients in your environment are using TLS 1.2 or later.

Actions, In Priority Order

  1. Brief all staff on vishing today. The BlackFile campaign is active. Your staff need to know: IT support will not call them unprompted and ask them to log in anywhere. Verification protocol: call back through a known internal number.

  2. Check PyPI package versions in any development or AI tooling environments. If Xinference or the Telnyx SDK are in use, verify the installed version is not one of the confirmed malicious releases. If you use an MSP or external developer, ask them directly.

  3. Review Microsoft 365 Conditional Access policies. Specifically, restrict or block the OAuth device code flow unless there is a documented business requirement for it. This is a free configuration change that closes an active attack vector.

  4. Verify TLS compliance before July. Confirm with your IT provider that all email clients are on TLS 1.2 or above before Microsoft’s enforcement deadline.

Sources

SourcePublicationURL
RH-ISACExtortion in the Enterprise: Defending Against BlackFile Attackshttps://rhisac.org/threat-intelligence/extortion-in-the-enterprise-defending-against-blackfile-attacks/
Arctic WolfToken Bingo: Don’t Let Your Code be the Winnerhttps://arcticwolf.com/resources/blog/token-bingo-dont-let-your-code-be-the-winner/
Socket.devTelnyx Python SDK Compromised to Deliver Credential-Stealing Malwarehttps://socket.dev/blog/telnyx-python-sdk-compromised
AlienVault OTX / PolySwarmSupply Chain Poisoning via PyPI Repository Compromise (Xinference)https://blog.polyswarm.io
Socket.dev73 Open VSX Sleeper Extensions Linked to Malware — GlassWorm Campaignhttps://socket.dev/blog/73-open-vsx-sleeper-extensions-glassworm
BleepingComputerMicrosoft to deprecate legacy TLS in Exchange Online starting Julyhttps://www.bleepingcomputer.com/news/microsoft/microsoft-to-deprecate-legacy-tls-in-exchange-online-starting-july/

Filed under

  • smb-security
  • uk-business
  • social-engineering
  • credential-theft
  • supply-chain-risk
  • cloud-security
  • vendor-risk