Related Families: RustyStealer
Ymir Ransomware
Nov 18, 2024 2:19:58 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Extortion, RustyStealer, Ymir
HellCat Ransomware Targets Energy Giant Schneider Electric
Nov 15, 2024 12:52:13 PM / by The Hivemind posted in Threat Bulletin, Critical Infrastructure, Ransomware, Energy, Emerging Threat, Evolving Threat
Related Families: HellDown
Verticals Targeted: Energy
Executive Summary
HellCat ransomware recently targeted French energy giant Schneider Electric. PolySwarm analysts consider HellCat to be an emerging threat.
ToxicPanda Android Banking Trojan
Nov 12, 2024 12:41:07 PM / by The Hivemind posted in Threat Bulletin, Android, Mobile, Banker, Banking Trojan, ToxicPanda, TgToxic
Related Families: TgToxic
Verticals Targeted: Financial
Executive Summary
ToxicPanda is an Android banking trojan that was first seen in the wild in October 2024. It allows threat actors to steal a victim’s money via account takeover (ATO) using On-Device Fraud (ODF).
NotLockBit Ransomware Targets MacOS
Nov 8, 2024 1:45:18 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Windows, LockBit, MacOS, NotLockBit
Executive Summary
NotLockBit is a ransomware family that mimics LockBit. NotLockBit is unique in that it is one of the first fully functional ransomware families to target MacOS systems.
FASTCash Linux Variant
Nov 4, 2024 1:04:08 PM / by The Hivemind posted in Threat Bulletin, Linux, FastCash, Payment Switch
Verticals Targeted: Financial
Executive Summary
A Linux variant of FASTCash “payment switch” malware was recently discovered. This malware is typically used by North Korea nexus threat actor groups to make unauthorized cash withdrawals from ATMs.
The Evolution of Akira Ransomware
Nov 1, 2024 12:21:19 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Akira, Evolving Threat
Verticals Targeted: Aerospace, Manufacturing, Professional Services, Scientific and Technical Services, Retail, Construction, Insurance, Telecommunications, Hospitality, and Legal Services
Executive Summary
Akira ransomware is one of the most prolific ransomware families of 2024. Active in the wild since April 2023, Akira has continued to evolve, maintaining its relevance on the threat landscape.
An Inside Look at NCT’s Role in Advancing Cybersecurity
Nov 1, 2024 10:27:17 AM / by PolySwarm Team posted in Blockchain, Cryptocurrency, NCT
PolySwarm launched in 2018 with the Nectar (NCT) token, an ERC-20 token empowering cybersecurity professionals and enterprises to actively contribute and participate in our threat detection marketplace. The distribution of NCT reflects PolySwarm’s commitment to building a decentralized, community-driven platform. This post describes PolySwarm’s token allocations at launch and the token’s role within the cybersecurity ecosystem.
BumbleBee Returns With New Infection Chain
Oct 28, 2024 12:26:54 PM / by The Hivemind posted in Threat Bulletin, Loader, Bumblebee, Operation Endgame, Evolving Threat
Related Families: BazarLoader, BazaLoader