The PolySwarm Blog

Executive Summary

This Threat Bulletin is part of PolySwarm’s 2022 Recap series. This report highlights the activity perpetrated by North Korea-based threat actors in 2022.

Key Takeaways

• This report provides highlights of activity perpetrated by North Korea-based threat actors in 2022.
• Threat actors featured in this report include Lazarus Group, BlueNoroff, Reaper, Andariel, Kimsuky, Gwisin, and H0ly Gh0st. 
• PolySwarm tracked malware associated with multiple North Korea nexus threat actors in 2022.

Executive Summary

This Threat Bulletin is part of PolySwarm’s 2022 Recap series. This report highlights activity perpetrated by Iran-based threat actors in 2022.

Key Takeaways

• This report provides highlights of activity perpetrated by Iran-based threat actors in 2022.
• Threat actors featured in this report include Static Kitten, Charming Kitten, Siamese Kitten, Fox Kitten, Helix Kitten, Nemesis Kitten, Refined Kitten, Moses Staff, Cobalt Mirage, and APT42. 
• PolySwarm tracked malware associated with multiple Iran nexus threat actors in 2022.

Related Families: DoubleZero, IsaacWiper, HermeticWiper, CaddyWiper, WhisperGate, AcidRain, Industroyer2, Azov, CryWiper

Verticals Targeted: defense, government, judicial, telecommunications, energy, non-profit

Executive Summary

In 2022, we observed a significant increase in the number of wiper malware families active in the wild. The majority of this activity appears to be motivated by or conducted in conjunction with the ongoing kinetic warfare taking place between Russia and Ukraine. In this report, we focus on wipers that seem to be connected to the Russia-Ukraine conflict.

Key Takeaways

• In 2022, we observed a significant increase in the number of wiper malware families active in the wild. Many of these appear to be related to the Russia-Ukraine conflict.
• These families include DoubleZero, HermeticWiper, IsaacWiper, CaddyWiper, WhisperGate, AcidRain, Industroyer2, Azov, and CryWiper. 
• The majority of these wiper families targeted entities in Ukraine, while at least one targeted entities in Russia.

Related Families: RedLine, Chaos, Monster, Electron Bot, AXLocker, RapperBot, ALPHV/BlackCat, Electron Bot
Verticals Targeted: Gaming

Executive Summary

This report is part of PolySwarm’s 2022 Recap series. This edition provides an overview of the 2022 gaming threat landscape.

Key Takeaways

Verticals Targeted: Financial, Government, Journalism, Various

Executive Summary

This report is part of PolySwarm’s 2022 Recap series. This edition provides an overview of the 2022 mobile malware threat landscape.

Key Takeaways

• The 2022 mobile malware threat landscape saw a 500% increase in malware distribution in early 2022, and mobile malware continued to be rampant throughout the year.
• Some of the attack vectors used by threat actors to distribute mobile malware in 2022 include apps injected with malicious code, zero-click attacks, TOAD, and smashing.
• Types of mobile malware that were prolific in 2022 include banking trojans, dropper apps, spyware, mobile ransomware, and subscriber trojans.

Executive Summary

Checkmarx recently reported on W4SP, an infostealer malware hidden in tainted PyPi packages.

Key Takeaways

Executive Summary

Microsoft recently reported on Royal ransomware, a ransomware family used by the threat actor DEV-0569

Related Families: Gozi (Ursnif)
Verticals Targeted: Financial

Executive Summary

Bleeping Computer recently reported on a malware campaign that uses CAPTCHA to bypass browser warnings and deliver Gozi. This technique appears to be a novel TTP for threat actors.