Related Families: RIG, Fallout EK
Verticals Targeted: Government, Education, Technology, Telecommunications
Executive Summary
Chinese threat actors were recently observed using BadIIS to manipulate SEO and direct victims to illegal gambling sites.
Verticals Targeted: Financial
Executive Summary
Coyote, which was first observed in early 2024, is a banking trojan that has targeted over 1030 sites and 73 financial institutions.
Related Families: INC
Verticals Targeted: Legal Services, Retail, Finance, Telecommunications, Agriculture, Manufacturing, Construction, Transportation, Healthcare, Energy
Executive Summary
Lynx ransomware is a ransomware-as-a-service (RaaS) that was first observed in July 2024. Since its debut, the ransomware has gained momentum and has continued its activity into early 2025.
Verticals Targeted: Oil & Gas, Energy, Legal Services
Executive Summary
MintsLoader, a PowerShell-based loader, was recently observed delivering StealC and BOINC.
Related Families: AISURU
Executive Summary
AIRASHI is a variant of the AISURU botnet that has been active since at least late 2024. It is in active development and has the capability to conduct large-scale DDoS attacks.
Verticals Targeted: Government, Insurance, Real Estate, Healthcare, Manufacturing, Legal Services, Construction, Retail, Business Services, Energy, Education, Telecommunications, Software, Hospitality, Transportation, Financial
Executive Summary
Medusa ransomware is a RaaS that has been active since at least 2023. Medusa has claimed several victims so far in 2025, including UK’s Gateshead Council.