Verticals Targeted: Legal Services, Software, Business Services, Technology
Regions Targeted: US
Related Families: BRICKSTEAL, SLAYSTYLE
Recent Posts
BRICKSTORM Targets U.S. Tech and Legal Sectors with Stealthy Espionage
Oct 3, 2025 3:29:53 PM / by The Hivemind posted in Threat Bulletin, Evolving Threat, credential theft, SonicWall VPN, Ransomware Campaign, Akira Ransomware, CVE-2024-40766, SSL VPN, multi-factor authentication
Nimbus Manticore’s Evolving Cyberespionage Campaign
Sep 29, 2025 2:53:45 PM / by The Hivemind posted in Threat Bulletin, Telecommunications, Spear Phishing, malware obfuscation, DLL sideloading, Iranian APT, Nimbus Manticore, MiniJunk, MiniBrowse, defense manufacturing
Verticals Targeted: Defense Manufacturing, Telecommunications, Aerospace
Regions Targeted: Western Europe, Middle East
Related Families: MiniJunk, MiniBrowse
Executive Summary
Nimbus Manticore, an Iranian APT group, has intensified its cyberespionage campaign targeting defense, telecommunications, and aerospace sectors in Western Europe and the Middle East, deploying advanced malware such as MiniJunk and MiniBrowse via sophisticated spear-phishing and DLL sideloading techniques. The group’s focus on stealth, obfuscation, and resilient infrastructure underscores its alignment with IRGC strategic priorities.
HybridPetya
Sep 22, 2025 2:40:03 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Malware Analysis, Petya, NotPetya, HybridPetya, UEFI bootkit, CVE-2024-7344, Secure Boot bypass, Master File Table
Verticals Targeted: Not specified
Regions Targeted: None
Related Families: Petya, NotPetya, NotPetyaAgain, RedPetyaOpenSSL
Executive Summary
HybridPetya is a ransomware variant resembling Petya/NotPetya, capable of compromising UEFI-based systems and exploiting CVE-2024-7344 to bypass UEFI Secure Boot on outdated systems. While not observed in active campaigns, its advanced capabilities warrant close monitoring by security teams.
RatOn Android Malware
Sep 19, 2025 2:18:19 PM / by The Hivemind posted in Threat Bulletin, overlay attacks, Accessibility Services abuse, RatOn, Android banking trojan, automated transfer system, cryptocurrency wallet takeover, mobile malware, NFSkate, NFC relay attack
Verticals Targeted: Financial
Regions Targeted: Czech Republic, Slovakia
Related Families: NFSkate
Executive Summary
RatOn is a sophisticated Android banking trojan that integrates NFC relay capabilities with remote access and automated transfer functionalities, marking a notable evolution in mobile fraud tactics.
CastleRAT
Sep 15, 2025 2:37:49 PM / by The Hivemind posted in Threat Bulletin, Malware-As-A-Service, Emerging Threat, Phishing Attacks, CastleLoader, Remote Access Trojan, TAG-150, CastleRAT, malware infrastructure, command-and-control, anti-detection services, network intelligence
Verticals Targeted: Not specified
Regions Targeted: US
Related Families: CastleLoader
Fancy Bear Uses NotDoor to Target NATO Countries
Sep 12, 2025 2:38:23 PM / by The Hivemind posted in Threat Bulletin, Fancy Bear, NotDoor, VBA macro, Russian threat actors, Outlook backdoor, DLL side-loading, email exfiltration, malware persistence, NATO targets
Verticals Targeted: Not specified
Regions Targeted: NATO countries
Related Families: None
Recent Ransomware Threats to the Healthcare Vertical
Sep 8, 2025 1:12:36 PM / by The Hivemind posted in Threat Bulletin, US healthcare cybersecurity, ransomware healthcare 2025, healthcare ransomware attacks, hospital cyber threats, healthcare data breaches, ransomware groups 2025, patient data theft, healthcare operational disruptions
Verticals Targeted: Healthcare
Regions Targeted: US, Europe, Worldwide
Related Families: Multiple
Executive Summary
The healthcare sector in 2025 has endured a persistent wave of ransomware attacks, with threat actors exploiting vulnerabilities to disrupt critical operations and exfiltrate sensitive patient data, underscoring the need for robust defenses against evolving cyber threats.
PromptLock AI-Powered Ransomware
Sep 5, 2025 2:36:00 PM / by The Hivemind posted in Threat Bulletin, Data Exfiltration, Linux Malware, Windows Malware, file encryption, proof of concept, AI-powered ransomware, PromptLock malware, AI cybersecurity threats, Golang ransomware, Lua scripts, POC
Verticals Targeted: None yet
Regions Targeted: None yet
Related Families: None