The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

Voldemort

Sep 9, 2024 12:52:20 PM / by The Hivemind posted in Threat Bulletin, Espionage, Backdoor, Voldemort

0 Comments

Verticals Targeted: Insurance, Aerospace, Transportation, Education, Finance, Technology, Healthcare, Automotive, Hospitality, Energy, Government, Media, Manufacturing, Telecommunications 

Executive Summary

An espionage campaign delivering the Voldemort backdoor was recently observed targeting over 70 organizations. The campaign uses a novel attack chain to deliver the malware, leveraging Google Sheets for command and control (C2).

Read More

RansomHub

Sep 6, 2024 11:35:47 AM / by The Hivemind posted in Threat Bulletin, Ransomware, RansomHub, Knight

0 Comments

Related Families: Knight
Verticals Targeted: Healthcare, Financial, Auction House, Technology, Government

Executive Summary

RansomHub, a ransomware as a service (RaaS), is an offshoot of Knight and has quickly become one of the most active ransomware families in 2024.

Read More

Cthulhu MacOS Stealer

Aug 30, 2024 2:09:06 PM / by The Hivemind posted in Threat Bulletin, Stealer, MacOS, Cthulhu

0 Comments

Related Families: Atomic Stealer

Executive Summary

Cthulhu is a stealer malware targeting MacOS systems. First observed in 2023, this malware-as-a-service  (MaaS) is capable of targeting both x86_64 and ARM architectures.

Read More

DevPopper Campaign Targets Software Developers

Aug 26, 2024 1:38:47 PM / by The Hivemind posted in Threat Bulletin, North Korea, RAT, DevPopper

0 Comments

Verticals Targeted: Software Development

Executive Summary

An ongoing social engineering campaign was observed targeting software developers. The threat actors use fake interviews to deliver a Python-based RAT, known as DevPopper.

Read More

APT42 Targets US Presidential Campaigns and Israel in Phishing Campaign

Aug 23, 2024 1:05:04 PM / by The Hivemind posted in Threat Bulletin, Government, Phishing, Military, APT42

0 Comments

Related Families: NewsTerminal, OfficeFuel, FuelDump, Gorble
Verticals Targeted: Government, Military, Education, Aerospace

Executive Summary

Iran nexus threat actor group APT42 was recently observed targeting entities in the US and Israel in a phishing campaign. Targets included entities in the government, military, education, and aerospace verticals, as well as individuals associated with the 2024 US Presidential candidates.

Read More

Recent Ransomware Attacks on the Healthcare Vertical

Aug 19, 2024 12:54:46 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Healthcare, Disbuk, Rhysida, INC

0 Comments

Related Families: Rhysida, INC
Verticals Targeted: Healthcare

Executive Summary

Since late July, at least two ransomware groups have allegedly targeted healthcare vertical entities. The attacks were attributed to INC and Rhysida ransomware groups.

Read More

BlackSuit Confirmed as Royal Ransomware Rebrand

Aug 12, 2024 2:08:09 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Royal, BlackSuit

0 Comments

Verticals Targeted: Critical Infrastructure, Healthcare, Government, Manufacturing 

Executive Summary

BlackSuit is a ransomware family that targets both Windows and Linux systems. A recent joint advisory published by CISA and the FBI confirmed BlackSuit is a rebrand of Royal. The advisory also highlighted new BlackSuit ransomware activity.

Read More

BitSloth

Aug 9, 2024 2:44:04 PM / by The Hivemind posted in Threat Bulletin, Windows, Backdoor, BITS, BitSloth

0 Comments

Verticals Targeted: Government 

Executive Summary

BitSloth is a recently discovered Windows backdoor that uses a built-in feature called Background Intelligent Transfer Service (BITS) for C2.

Read More

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts