Verticals Targeted: Government, Diplomatic Entities
Regions Targeted: Europe, Middle East
Related Families: WINELOADER, ROOTSAW
Cozy Bear Uses GRAPELOADER in Recent Phishing Campaign
Apr 21, 2025 2:15:53 PM / by The Hivemind posted in Russia, Threat Bulletin, Cozy Bear, GRAPELOADER
BPFDoor Campaign Targets Asia and Middle East
Apr 18, 2025 1:50:39 PM / by The Hivemind posted in Threat Bulletin, China, Linux, Backdoor, Red Menshen, BPFDoor
Verticals Targeted: Telecommunications, Financial, Retail
Regions Targeted: South Korea, Hong Kong, Myanmar, Malaysia, Egypt
Related Families: Symbiote
Executive Summary
A newly discovered BPFDoor controller enhances the backdoor’s stealth, targeting Linux and Solaris systems in Asia and the Middle East. Attributed to Red Menshen, this state-sponsored threat compromises critical sectors with advanced evasion techniques.
GIFTEDCROOK Stealer Targets Ukraine
Apr 14, 2025 2:00:22 PM / by The Hivemind posted in Ukraine, Threat Bulletin, Espionage, Stealer, Infostealer, GiftedCrook
Verticals Targeted: Military, Law Enforcement, Government
Regions Targeted: Ukraine
Executive Summary
The Computer Emergency Response Team of Ukraine (CERT-UA) has identified a new phishing campaign by UAC-0226, deploying the GIFTEDCROOK stealer through malicious Excel files to compromise Ukrainian institutions. This operation targets sensitive data from military, law enforcement, and local government entities, leveraging socially engineered lures for execution.
CoffeeLoader
Apr 11, 2025 2:29:33 PM / by The Hivemind posted in Threat Bulletin, Loader, Emerging Threat, CoffeeLoader
Related Families: SmokeLoader, Rhadamanthys
Crocodilus Android Banking Trojan
Apr 7, 2025 1:41:20 PM / by The Hivemind posted in Threat Bulletin, Android, Mobile, Banking Trojan, Emerging Threat, Crocodilus
Verticals Targeted: Financial
Executive Summary
Crocodilus is a newly identified Android banking Trojan that exhibits advanced device-takeover capabilities and targets financial institutions and cryptocurrency wallets. Already operational in Spain and Turkey, this malware showcases a mature feature set that challenges traditional defenses, marking a significant evolution in mobile threats.
Primitive Bear Using LNK Files to Deploy Remcos Backdoor Against Ukrainian Targets
Apr 4, 2025 2:48:44 PM / by The Hivemind posted in Ukraine, Russia, Threat Bulletin, Primitive Bear, LNK, Gamaredon, Remcos
Related Families: Remcos
Executive Summary
Primitive Bear has been observed targeting Ukrainian users with malicious LNK files since at least November 2024. This operation employs a PowerShell downloader and DLL side-loading techniques to deliver the Remcos RAT, exploiting war-related themed lures to deceive victims.
VanHelsing Ransomware
Mar 31, 2025 2:19:18 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Emerging Threat, VanHelsing
Executive Summary
VanHelsing is an emerging ransomware threat. VanHelsing targets an expansive array of platforms, including Windows, Linux, BSD, ARM, and ESXi systems, positioning it as a versatile threat across diverse IT environments.
RansomHub Affiliate Uses Custom Betruger Backdoor
Mar 28, 2025 1:37:43 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Backdoor, TTPs, Betruger
Related Families: RansomHub
Verticals Targeted: Healthcare, Government, Critical Infrastructure