Background
The FBI and US Secret Service released an advisory regarding BlackByte ransomware, which compromised multiple US and foreign businesses, including three entities that are part of US critical infrastructure. These three unnamed entities belonged to the government, financial, and food and agriculture verticals. The threat actors behind BlackByte also claimed they hacked networks belonging to the San Francisco 49ers in mid-February 2022.
Recent Posts
BlackByte Ransomware Targets Critical Infrastructure
Mar 1, 2022 2:42:23 PM / by PolySwarm Tech Team posted in Threat Bulletin, Critical Infrastructure, BlackByte, Ransomware
Wicked Panda’s ShadowPad RAT
Feb 28, 2022 2:31:59 PM / by PolySwarm Tech Team posted in Threat Bulletin, APT41, Shadow Pad, China, Winnti, Axiom
Background
Secureworks recently posted research analyzing Wicked Panda’s ShadowPad RAT. Secureworks stated multiple clusters of ShadowPad activity appeared to be linked to PLA theater commands.
Russian Websites Down As Russia Fears Critical Infrastructure Attacks
Feb 25, 2022 4:06:31 PM / by PolySwarm Tech Team posted in Ukraine, Russia, Threat Bulletin, Critical Infrastructure
PolySwarm Threat Bulletin
THIS THREAT BULLETIN IS PROVIDED FOR SITUATIONAL AWARENESS
Background
This report is part of our ongoing coverage of the Russia-Ukraine conflict and cyber implications.
PolySwarm recently released the following publications and blog posts discussing Russia-Ukraine tensions and the potential for both kinetic and cyber conflict:
DDoS Attacks and New Wiper Malware Target Ukraine
Feb 25, 2022 2:37:21 PM / by PolySwarm Tech Team posted in Ukraine, Russia, Threat Bulletin, Financial, Wiper, Malware, DDoS, Katana, Government, Defense
PolySwarm Threat Bulletin
THIS THREAT BULLETIN IS PROVIDED FOR SITUATIONAL AWARENESS
Background
PolySwarm recently released several publications and blog posts discussing Russia-Ukraine tensions and the potential for both kinetic and cyber conflict:
Mythic Leopard Uses CapraRAT to Target Indian Government Officials
Feb 22, 2022 3:20:55 PM / by PolySwarm Tech Team posted in Threat Bulletin, Espionage, India, APT36, Android, Pakistan, Mythic Leopard, CapraRAT
PolySwarm Threat Bulletin
Background
Cyble recently released a deep dive analysis of Mythic Leopard espionage activity leveraging CapraRAT Android spyware. This campaign targeted Indian government officials.
PolySwarm Threat Bulletin: US and European Banks Fear Russian Cyber Attack
Feb 17, 2022 1:44:35 PM / by PolySwarm Tech Team posted in Russia, Threat Bulletin, US, Europe, Banking, Financial
THIS THREAT BULLETIN IS PROVIDED FOR SITUATIONAL AWARENESS
Background
PolySwarm recently published a Special Report, Threat Bulletin, and blog posts discussing Russia-Ukraine tensions and the potential for both kinetic and cyber conflict. In Russia-Ukraine Conflict and Cyberwar Implications, we discussed political tensions between Russia and Ukraine, past cyber altercations between the two nations, and potential cyber and kinetic implications if the current conflict escalates. In Armageddon Activity Targeting Ukraine, we provided commentary and IOCs for ongoing cyber activity targeting Ukraine, which industry analysts attributed to the Russian state-sponsored threat actor group Armageddon.
PolySwarm Threat Bulletin: Molerats NimbleMamba Espionage Campaign Targeting MENA Countries
Feb 16, 2022 2:55:24 PM / by PolySwarm Tech Team posted in Threat Bulletin, Middle East, Molerats, Espionage, Gaza, Gaza Cyber Gang, Nimblemamba
Background
Proofpoint recently posted their findings on a Molerats espionage campaign leveraging a new implant dubbed NimbleMamba. In this campaign, Molerats employed a complex attack chain that uses a combination of geofencing and URL redirects to legitimate sites to evade detection. Targets of this campaign included Middle Eastern governments, foreign policy think tanks, and an airline.
Emotet Banking Trojan Back in Action
Nov 30, 2021 3:25:13 PM / by PolySwarm Tech Team posted in PolySwarm, Threat Bulletin
Verticals Affected: Financial, Various
Victim Location: US, UK, Germany, Canada
Related Malware Families: TrickBot, Ryuk, QakBot, Zloader
A number of threat intelligence companies have recently reported on the return of the Emotet banking trojan. We first saw new variants of Emotet in our marketplace on November 15, 2021, before any industry in-depth analysis reports were released.