Verticals Targeted: Not specified
Regions Targeted: Not specified
Related Families: ddaemon
PumaBot Linux Botnet Targets IoT Surveillance Devices
Jun 2, 2025 1:05:28 PM / by The Hivemind posted in IoT botnet attack, Go-based botnet, SSH brute-force malware, cryptocurrency mining botnet, Linux IoT security, PumaBot malware
Chinese Threat Actors Leverage CVE-2025-0994 to Attack US Government Networks
May 30, 2025 2:12:44 PM / by The Hivemind posted in Threat Bulletin, Espionage, China, CVE-2025-0994, UAT-6382, TetraLoader
Verticals Targeted: Government, Utilities
Regions Targeted: US
Related Families: TetraLoader, Cobalt Strike, VShell, AntSword, chinatso/Chopper, Behinder
Nitrogen Ransomware Targets Financial Vertical
May 27, 2025 12:16:27 PM / by The Hivemind posted in Threat Bulletin, Financial, Ransomware, Emerging Threat, Nitrogen
Verticals Targeted: Finance, Construction, Manufacturing, Technology
Regions Targeted: US, UK, Canada
Related Families: Cobalt Strike, Meterpreter
Fancy Bear's SpyPress Malware
May 23, 2025 1:41:42 PM / by The Hivemind posted in Russia, Threat Bulletin, Espionage, Fancy Bear, SpyPress, Operation RoundPress
Verticals Targeted: Government, Defense
Regions Targeted: Ukraine, Bulgaria, Romania, Africa, EU, South America
Related Families: None specified
Executive Summary
Operation RoundPress, a Russia-aligned cyberespionage campaign attributed to Fancy Bear, deploys SpyPress malware via cross-site scripting (XSS) vulnerabilities to steal sensitive email data from high-value webmail servers. Active since 2023 and expanding in 2024, the campaign primarily targets Ukrainian government entities and Eastern European defense contractors, exploiting zero-day and known vulnerabilities across platforms like Roundcube, Horde, MDaemon, and Zimbra.
Star Blizzard’s LOSTKEYS Malware
May 19, 2025 1:20:19 PM / by The Hivemind posted in Russia, Threat Bulletin, Star Blizzard, LOSTKEYS
Verticals Targeted: NGOs, Diplomats, Government
Regions Targeted: Western countries, Eastern Europe, Ukraine
Related Families: Spica
Executive Summary
Star Blizzard, a Russian state-sponsored threat actor, has deployed a malware family named LOSTKEYS to steal sensitive documents and system information from NGOs, diplomats, and government officials in Western countries and Eastern Europe.
PupkinStealer Leverages Telegram for Data Exfiltration
May 16, 2025 2:16:41 PM / by The Hivemind posted in Threat Bulletin, Stealer, Infostealer, Emerging Threat, PupkinStealer
Verticals Targeted: E-commerce
Regions Targeted: Not specified
Related Families: None identified
Executive Summary
PupkinStealer, a .NET-based infostealer written in C#, targets sensitive data such as browser credentials and desktop files, exfiltrating it via Telegram’s Bot API. First observed in April 2025, its simplicity and reliance on legitimate platforms make it a notable threat.
StealC Evolves
May 12, 2025 3:01:20 PM / by The Hivemind posted in Threat Bulletin, Stealer, Evolving Threat, StealC, StealCV2, Amadey
Related Families: Amadey
Executive Summary
StealC V2, a sophisticated evolution of the StealC information stealer, introduces enhanced payload delivery, RC4 encryption, and a redesigned control panel, posing significant risks to organizations.
Venom Spider Using New TerraStealerV2 and TerraLogger Malware
May 9, 2025 2:17:08 PM / by The Hivemind posted in Threat Bulletin, Evolving Threat, TerraStealerV2, TerraLogger, Venom Spider
Related Families: VenomLNK, TerraLoader, TerraStealer, TerraTV, TerraCrypt, TerraRecon, TerraWiper, lite_more_eggs, RevC2, Venom Loader