Verticals Targeted: Not specified
Regions Targeted: Not specified
Related Families: None identified
Recent Posts
New Chaos RAT Variants Observed
Jun 16, 2025 1:57:09 PM / by The Hivemind posted in Threat Bulletin, Malware, Data Theft, Evolving Threat, Cybersecurity, Chaos RAT, Remote Administration Tool, Linux Malware, Windows Malware, Phishing Attacks, Cryptocurrency Mining
Russia Targets Ukraine Critical Infrastructure With PathWiper
Jun 13, 2025 2:33:09 PM / by The Hivemind posted in Threat Bulletin, Critical Infrastructure, HermeticWiper, PathWiper, Wiper Malware, Ukraine Cyberattack, Russia APT, Endpoint Security, Cyber Warfare, Data Destruction, Administrative Console
Verticals Targeted: Critical infrastructure
Regions Targeted: Ukraine
Related Families: HermeticWiper (aka FoxBlade, NEARMISS)
Executive Summary
PathWiper is a new wiper malware deployed by a Russia-linked APT, targeting Ukraine’s critical infrastructure with destructive intent. The attack leveraged a legitimate endpoint administration framework, highlighting the persistent cyber threat to Ukraine amid ongoing conflict.
EDDIESTEALER
Jun 9, 2025 12:29:15 PM / by The Hivemind posted in Threat Bulletin, Infostealer, Data Theft, social engineering, Emerging Threat, EDDIESTEALER, Rust Malware, CAPTCHA Campaign, ClickFix, PowerShell Attack, ChromeKatz, Cybersecurity
Verticals Targeted: Not specified
Regions Targeted: Not specified
Related Families: None
Executive Summary
EDDIESTEALER is a Rust-based infostealer distributed through deceptive CAPTCHA campaigns, leveraging social engineering to steal sensitive data like credentials and cryptocurrency wallet details. Its advanced obfuscation and ChromeKatz integration highlight the growing sophistication of commodity malware.
Wicked Panda Targets Government Entities, Uses Google Calendar for C2
Jun 6, 2025 2:50:40 PM / by The Hivemind posted in Threat Bulletin, APT41, Wicked Panda, TOUGHPROGRESS malware, Google Calendar C2, Spear Phishing, Government Cyberattack, Chinese Cyber Espionage, Cloud Service Abuse, Malware Analysis, Data Exfiltration
Verticals Targeted: Government
Regions Targeted: Not specified
Related Families: VOLDEMORT, DUSTTRAP
Executive Summary
Wicked Panda, a Chinese state-sponsored threat actor, deployed TOUGHPROGRESS malware, exploiting Google Calendar for stealthy command-and-control operations targeting government entities. This campaign underscores the group’s innovative abuse of cloud services to evade detection and maintain persistent access.
PumaBot Linux Botnet Targets IoT Surveillance Devices
Jun 2, 2025 1:05:28 PM / by The Hivemind posted in IoT botnet attack, Go-based botnet, SSH brute-force malware, cryptocurrency mining botnet, Linux IoT security, PumaBot malware
Verticals Targeted: Not specified
Regions Targeted: Not specified
Related Families: ddaemon
Chinese Threat Actors Leverage CVE-2025-0994 to Attack US Government Networks
May 30, 2025 2:12:44 PM / by The Hivemind posted in Threat Bulletin, Espionage, China, CVE-2025-0994, UAT-6382, TetraLoader
Verticals Targeted: Government, Utilities
Regions Targeted: US
Related Families: TetraLoader, Cobalt Strike, VShell, AntSword, chinatso/Chopper, Behinder
Nitrogen Ransomware Targets Financial Vertical
May 27, 2025 12:16:27 PM / by The Hivemind posted in Threat Bulletin, Financial, Ransomware, Emerging Threat, Nitrogen
Verticals Targeted: Finance, Construction, Manufacturing, Technology
Regions Targeted: US, UK, Canada
Related Families: Cobalt Strike, Meterpreter
Fancy Bear's SpyPress Malware
May 23, 2025 1:41:42 PM / by The Hivemind posted in Russia, Threat Bulletin, Espionage, Fancy Bear, SpyPress, Operation RoundPress
Verticals Targeted: Government, Defense
Regions Targeted: Ukraine, Bulgaria, Romania, Africa, EU, South America
Related Families: None specified