The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

The Hivemind

Find me on:

Recent Posts

BRICKSTORM Targets U.S. Tech and Legal Sectors with Stealthy Espionage

Oct 3, 2025 3:29:53 PM / by The Hivemind posted in Threat Bulletin, Evolving Threat, credential theft, SonicWall VPN, Ransomware Campaign, Akira Ransomware, CVE-2024-40766, SSL VPN, multi-factor authentication

0 Comments

Verticals Targeted: Legal Services, Software, Business Services, Technology
Regions Targeted: US
Related Families: BRICKSTEAL, SLAYSTYLE 

Executive Summary

The BRICKSTORM backdoor, attributed to the suspected China-nexus threat cluster UNC5221, has been actively targeting U.S. organizations in the legal, SaaS, BPO, and technology sectors since March 2025, enabling prolonged espionage with an average dwell time of 393 days. This sophisticated malware leverages zero-day exploits and stealthy techniques to maintain persistent access, evade detection, and steal sensitive data, posing significant risks to critical infrastructure.

Read More

Nimbus Manticore’s Evolving Cyberespionage Campaign

Sep 29, 2025 2:53:45 PM / by The Hivemind posted in Threat Bulletin, Telecommunications, Spear Phishing, malware obfuscation, DLL sideloading, Iranian APT, Nimbus Manticore, MiniJunk, MiniBrowse, defense manufacturing

0 Comments

Verticals Targeted: Defense Manufacturing, Telecommunications, Aerospace
Regions Targeted: Western Europe, Middle East
Related Families: MiniJunk, MiniBrowse

Executive Summary

Nimbus Manticore, an Iranian APT group, has intensified its cyberespionage campaign targeting defense, telecommunications, and aerospace sectors in Western Europe and the Middle East, deploying advanced malware such as MiniJunk and MiniBrowse via sophisticated spear-phishing and DLL sideloading techniques. The group’s focus on stealth, obfuscation, and resilient infrastructure underscores its alignment with IRGC strategic priorities.

Read More

HybridPetya

Sep 22, 2025 2:40:03 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Malware Analysis, Petya, NotPetya, HybridPetya, UEFI bootkit, CVE-2024-7344, Secure Boot bypass, Master File Table

0 Comments

Verticals Targeted: Not specified
Regions Targeted: None
Related Families: Petya, NotPetya, NotPetyaAgain, RedPetyaOpenSSL

Executive Summary

HybridPetya is a ransomware variant resembling Petya/NotPetya, capable of compromising UEFI-based systems and exploiting CVE-2024-7344 to bypass UEFI Secure Boot on outdated systems. While not observed in active campaigns, its advanced capabilities warrant close monitoring by security teams.

Read More

RatOn Android Malware

Sep 19, 2025 2:18:19 PM / by The Hivemind posted in Threat Bulletin, overlay attacks, Accessibility Services abuse, RatOn, Android banking trojan, automated transfer system, cryptocurrency wallet takeover, mobile malware, NFSkate, NFC relay attack

0 Comments

Verticals Targeted: Financial
Regions Targeted: Czech Republic, Slovakia
Related Families: NFSkate

Executive Summary

RatOn is a sophisticated Android banking trojan that integrates NFC relay capabilities with remote access and automated transfer functionalities, marking a notable evolution in mobile fraud tactics.

Read More

CastleRAT

Sep 15, 2025 2:37:49 PM / by The Hivemind posted in Threat Bulletin, Malware-As-A-Service, Emerging Threat, Phishing Attacks, CastleLoader, Remote Access Trojan, TAG-150, CastleRAT, malware infrastructure, command-and-control, anti-detection services, network intelligence

0 Comments

Verticals Targeted: Not specified 
Regions Targeted: US
Related Families: CastleLoader

Read More

Fancy Bear Uses NotDoor to Target NATO Countries

Sep 12, 2025 2:38:23 PM / by The Hivemind posted in Threat Bulletin, Fancy Bear, NotDoor, VBA macro, Russian threat actors, Outlook backdoor, DLL side-loading, email exfiltration, malware persistence, NATO targets

0 Comments

Verticals Targeted: Not specified
Regions Targeted: NATO countries 
Related Families: None

Read More

Recent Ransomware Threats to the Healthcare Vertical

Sep 8, 2025 1:12:36 PM / by The Hivemind posted in Threat Bulletin, US healthcare cybersecurity, ransomware healthcare 2025, healthcare ransomware attacks, hospital cyber threats, healthcare data breaches, ransomware groups 2025, patient data theft, healthcare operational disruptions

0 Comments

Verticals Targeted: Healthcare
Regions Targeted: US, Europe, Worldwide
Related Families: Multiple

Executive Summary

The healthcare sector in 2025 has endured a persistent wave of ransomware attacks, with threat actors exploiting vulnerabilities to disrupt critical operations and exfiltrate sensitive patient data, underscoring the need for robust defenses against evolving cyber threats.

Read More

PromptLock AI-Powered Ransomware

Sep 5, 2025 2:36:00 PM / by The Hivemind posted in Threat Bulletin, Data Exfiltration, Linux Malware, Windows Malware, file encryption, proof of concept, AI-powered ransomware, PromptLock malware, AI cybersecurity threats, Golang ransomware, Lua scripts, POC

0 Comments

Verticals Targeted: None yet
Regions Targeted: None yet
Related Families: None

Read More
All posts

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts

Join the Marketplace

For Enterprises and Businesses

Learn More

For Security Experts and AV Companies

Learn More