Verticals Targeted: Not specified
Regions Targeted: Sri Lanka
Related Families: BeaverTail, OtterCookie, InvisibleFerret
Recent Posts
Famous Chollima Evolves Its Arsenal, Merging BeaverTail and OtterCookie
Oct 24, 2025 1:15:09 PM / by The Hivemind posted in Threat Bulletin, Famous Chollima, North Korean cyber threats, DPRK hackers, BeaverTail malware, OtterCookie backdoor, cryptocurrency stealers, InvisibleFerret payload
AdaptixC2
Oct 20, 2025 4:00:36 PM / by The Hivemind posted in Threat Bulletin, Emerging Threat, PowerShell malware, AdaptixC2, post-exploitation framework, C2 framework, AI-generated malware
Verticals Targeted: Financial
Regions Targeted: Asia
Related Families: Fog Ransomware
Executive Summary
AdaptixC2, an open-source command-and-control framework, has emerged as a potent tool for threat actors, enabling file manipulation, data exfiltration, and covert network communication in attacks. Its modular design and AI-assisted deployment methods underscore the need for robust defenses to counter its evolving tactics.
ClayRAT
Oct 17, 2025 4:14:26 PM / by The Hivemind posted in Threat Bulletin, Malware, mobile threat evolution, ClayRAT, Android Spyware, spyware distribution, Android Security, Telegram phishing, SMS handler abuse, Phishing Campaigns, Malware Propagation
Verticals Targeted: None specified
Regions Targeted: Russia
Related Families: None
Executive Summary
ClayRAT, a sophisticated Android spyware campaign targeting Russian users, leverages Telegram channels and phishing sites to distribute malicious APKs disguised as popular apps. Its rapid evolution, extensive surveillance capabilities, and self-propagation via SMS make it a significant threat to mobile security.
EvilAI
Oct 14, 2025 1:18:06 PM / by The Hivemind posted in EvilAI malware, AI-generated trojans, Node.js malware, credential stealers, AES-256-CBC encryption, social engineering attacks, infostealer payloads
Verticals Targeted: Manufacturing, Government, Healthcare, Technology, Retail, Education, Financial, Construction
Regions Targeted: India, US, Europe, Brazil, Canada
Related Families: None
Executive Summary
The EvilAI malware campaign leverages AI-generated code and deceptive applications with valid digital signatures to infiltrate systems globally, targeting critical industries like manufacturing, government, and healthcare. By mimicking legitimate software and employing sophisticated obfuscation, EvilAI evades detection, exfiltrates sensitive data, and maintains persistent control via encrypted C2 communications, posing a significant threat to organizations worldwide.
LockBit 5.0
Oct 10, 2025 2:50:07 PM / by The Hivemind posted in Cybercrime, Linux Malware, Windows Malware, LockBit Ransomware, double extortion, VMware virtualization, ESXi attacks, ransomware trends, data encryption, anti-analysis techniques
Verticals Targeted: Not specified
Regions Targeted: Not specified
Related Families: LockBit
Executive Summary
LockBit 5.0, the latest evolution of the notorious ransomware, targets Windows, Linux, and VMware ESXi systems with advanced obfuscation, DLL reflection, and anti-analysis techniques. Its cross-platform capabilities and enhanced encryption methods make it a formidable threat to enterprise networks.
Akira Reloaded
Oct 7, 2025 1:04:01 PM / by The Hivemind posted in Threat Bulletin, Data Exfiltration, credential theft, SonicWall VPN, Ransomware Campaign, Akira Ransomware, CVE-2024-40766, SSL VPN
Verticals Targeted: Real Estate, Insurance, Energy, Manufacturing, Legal Services, Healthcare, Construction, Retail, Agriculture, Finance, Business Services, Transportation, Software, Hospitality, Government, Telecommunications
Regions Targeted: US, Europe, South America, Australia, Canada, India, Africa
Executive Summary
A surge in Akira ransomware attacks since July 2025 exploits SonicWall VPNs via CVE-2024-40766, enabling rapid credential-based intrusions with dwell times as short as 55 minutes. Threat actors leverage stolen credentials, bypass MFA, and deploy tools such as Impacket and WinRAR for lateral movement and data exfiltration, targeting organizations across various sectors.
BRICKSTORM Targets U.S. Tech and Legal Sectors with Stealthy Espionage
Oct 3, 2025 3:29:53 PM / by The Hivemind posted in Threat Bulletin, Evolving Threat, credential theft, SonicWall VPN, Ransomware Campaign, Akira Ransomware, CVE-2024-40766, SSL VPN, multi-factor authentication
Verticals Targeted: Legal Services, Software, Business Services, Technology
Regions Targeted: US
Related Families: BRICKSTEAL, SLAYSTYLE
Executive Summary
The BRICKSTORM backdoor, attributed to the suspected China-nexus threat cluster UNC5221, has been actively targeting U.S. organizations in the legal, SaaS, BPO, and technology sectors since March 2025, enabling prolonged espionage with an average dwell time of 393 days. This sophisticated malware leverages zero-day exploits and stealthy techniques to maintain persistent access, evade detection, and steal sensitive data, posing significant risks to critical infrastructure.
Nimbus Manticore’s Evolving Cyberespionage Campaign
Sep 29, 2025 2:53:45 PM / by The Hivemind posted in Threat Bulletin, Telecommunications, Spear Phishing, malware obfuscation, DLL sideloading, Iranian APT, Nimbus Manticore, MiniJunk, MiniBrowse, defense manufacturing
Verticals Targeted: Defense Manufacturing, Telecommunications, Aerospace
Regions Targeted: Western Europe, Middle East
Related Families: MiniJunk, MiniBrowse