The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

VanHelsing Ransomware

Mar 31, 2025 2:19:18 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Emerging Threat, VanHelsing

0 Comments

Executive Summary

VanHelsing is an emerging ransomware threat. VanHelsing targets an expansive array of platforms, including Windows, Linux, BSD, ARM, and ESXi systems, positioning it as a versatile threat across diverse IT environments.

Read More

RansomHub Affiliate Uses Custom Betruger Backdoor

Mar 28, 2025 1:37:43 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Backdoor, TTPs, Betruger

0 Comments

Related Families: RansomHub
Verticals Targeted: Healthcare, Government, Critical Infrastructure 

Read More

StilachiRAT

Mar 24, 2025 11:54:35 AM / by The Hivemind posted in Threat Bulletin, Backdoor, Cryptocurrency, RAT, Emerging Threat, StilachiRAT

0 Comments

Executive Summary

StilachiRAT is a newly discovered remote access trojan (RAT) that employs advanced evasion techniques to conduct system reconnaissance, steal credentials, and target cryptocurrency wallets.

Read More

Ricochet Chollima Using KoSpy Android Spyware

Mar 17, 2025 1:34:36 PM / by The Hivemind posted in Threat Bulletin, Espionage, North Korea, Android, Spyware, Ricochet Chollima, KoSpy, APT37

0 Comments

Executive Summary

KoSpy is a sophisticated Android spyware linked to North Korean threat actor Ricochet Chollima. It has been targeting Korean and English-speaking users since March 2022.

Read More

Sidewinder Using New Tools to Target Maritime and Nuclear Sectors

Mar 14, 2025 3:14:11 PM / by The Hivemind posted in Threat Bulletin, Sidewinder, TTPs, Nuclear, Evolving Threat, Maritime

0 Comments

Verticals Targeted: Maritime, Nuclear

Executive Summary

SideWinder, an APT group thought to be of Indian nexus, was recently observed using new TTPs and expanding their targeting to include entities in the maritime and nuclear energy sectors.

Read More

Lotus Panda Uses Sagerunex to Target Multiple Verticals

Mar 10, 2025 2:08:01 PM / by The Hivemind posted in Threat Bulletin, Espionage, China, Lotus Panda, Lotus Blossom, Sagerunex

0 Comments

Verticals Targeted: Government, Telecommunications, Media, Manufacturing 

Read More

Ransomware Attacks Ramping Up in the Middle East

Mar 7, 2025 1:47:01 PM / by The Hivemind posted in Threat Bulletin, Middle East, Ransomware, LockBit, RansomHub, DragonForce

0 Comments

Related Families: DragonForce, RansomHub, LockBit
Verticals Targeted: Construction, Real Estate, Financial 

Executive Summary

Recent industry reporting highlights the ransomware threats faced by various entities in the Middle East. DragonForce ransomware was recently observed targeting a real estate and construction company in Saudi Arabia. However, this is only the tip of the iceberg, as entities in the Middle East, particularly financial services entities in Saudi Arabia and the UAE, are also being heavily targeted by ransomware.

Read More

The Bybit Hack: How the $1.5B Windfall Could Fuel a Surge in Cybercrime

Mar 4, 2025 10:39:08 AM / by Blake Reyes posted in Lazarus Group, Cryptocurrency, Bybit

0 Comments



The recent $1.5 billion hack of Bybit, allegedly orchestrated by the Lazarus Group, has sent shockwaves through the cryptocurrency industry. While this North Korean state-sponsored hacking group has a well-documented history of targeting crypto exchanges, the size of this breach sets a new precedent. Beyond the immediate financial impact, this incident raises serious concerns about how Lazarus will leverage these stolen funds in the future. From within the crypto space to their broader cybercriminal activities.

Read More
All posts

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts

Join the Marketplace

For Enterprises and Businesses

Learn More

For Security Experts and AV Companies

Learn More