Related Families: LockBit 3.0, Conti
Verticals Targeted: Business Services, Construction, Retail, Telecommunications, Manufacturing, Mining, Government, Healthcare, Transportation, Energy, Software, Education
DragonForce Ransomware
Oct 4, 2024 1:05:42 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Lockbit 3.0, Conti, evolving, Emerging, DragonForce
Labyrinth Chollima Using Poisoned Python Packages to Deliver PondRAT
Sep 30, 2024 1:49:09 PM / by The Hivemind posted in Threat Bulletin, North Korea, Linux, MacOS, PondRAT, PoolRAT, Labyrinth Chollima
Related Families: PondRAT, PoolRAT
Verticals Targeted: Software Development
Executive Summary
North Korea nexus threat actor group Labyrinth Chollima was observed using poisoned Python packages to deliver PondRAT, a backdoor that targets MacOS and Linux systems.
Vice Society Using INC Ransomware to Target Healthcare Vertical
Sep 27, 2024 4:06:33 PM / by The Hivemind posted in Threat Bulletin, Ransomware, INC, Vice Society
Verticals Targeted: Healthcare
Executive Summary
Vice Society was recently observed using INC ransomware to target entities in the healthcare sector.
Ajina Android Malware
Sep 23, 2024 2:03:45 PM / by The Hivemind posted in Threat Bulletin, Android, Banker, Ajina
Verticals Targeted: Financial
Executive Summary
Ajina is an Android banking malware that masquerades as legitimate Android apps in order to steal banking information and intercept 2FA.
Cicada3301 Ransomware
Sep 20, 2024 11:04:36 AM / by The Hivemind posted in Threat Bulletin, Ransomware, BlackCat, ALPHV, Cicada3301
Related Families: ALPHV/BlackCat
Verticals Targeted: Construction, IT, Legal Services, Retail, Healthcare, Transportation, Telecommunications, Hospitality, Finance, Real Estate, Manufacturing
Executive Summary
Cicada3301 is a new ransomware as a service (RaaS) that uses sophisticated TTPs to target vulnerabilities within network infrastructures to deploy its ransomware attacks.
New Lumma C2 Variant Leverages PowerShell
Sep 16, 2024 2:58:00 PM / by The Hivemind posted in Threat Bulletin, Infostealer, CAPTCHA, Lumma C2, PowerShell
Executive Summary
A new Lumma C2 variant that leverages PowerShell was recently observed. The new variant’s attack chain masquerades as CAPTCHA and actively exploits PowerShell commands.
HZ Rat MacOS Variant
Sep 13, 2024 2:19:08 PM / by The Hivemind posted in Threat Bulletin, Backdoor, RAT, MacOS, HZ Rat
Executive Summary
A MacOS variant of HZ Rat was recently discovered targeting messaging apps in China. HZ Rat is a basic backdoor, and shell commands received from the C2 provide additional functionality.
Voldemort
Sep 9, 2024 12:52:20 PM / by The Hivemind posted in Threat Bulletin, Espionage, Backdoor, Voldemort
Verticals Targeted: Insurance, Aerospace, Transportation, Education, Finance, Technology, Healthcare, Automotive, Hospitality, Energy, Government, Media, Manufacturing, Telecommunications