The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

The Hivemind

Find me on:

Recent Posts

2024 Recap - Russian Threat Actor Activity

Dec 19, 2024 12:38:53 PM / by The Hivemind posted in Russia, Threat Bulletin, Europe, 2024, Recap

0 Comments

Executive Summary

This Threat Bulletin is part of PolySwarm’s 2024 Recap series. This report provides highlights of activity perpetrated by Russia-based threat actors in 2024.

Read More

2024 Recap - Iranian Threat Actor Activity

Dec 16, 2024 1:42:43 PM / by The Hivemind posted in Threat Bulletin, Middle East, Iran, MENA, 2024, Recap

0 Comments

Executive Summary

This Threat Bulletin is part of PolySwarm’s 2024 Recap series. This report provides highlights of activity perpetrated by Iran-based threat actors in 2024.

Read More

2024 Recap - North Korean Threat Actor Activity

Dec 13, 2024 2:20:52 PM / by The Hivemind posted in Threat Bulletin, North Korea, Asia, APAC, 2024, Recap

0 Comments

Executive Summary

This Threat Bulletin is part of PolySwarm’s 2024 Recap series. This report highlights the activity perpetrated by North Korea-based threat actors in 2024.

Read More

Black Basta Evolves

Dec 9, 2024 12:32:54 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Black Basta, Emerging Threat, Evolving Threat

0 Comments

Verticals Targeted: Manufacturing, Finance, Transportation, Legal Services, Healthcare, Defense, Business Services

Executive Summary

Black Basta is a ransomware group that rose in the aftermath of the dissolution of Conti ransomware in 2022. In recent months, Black Basta has begun using tactics that are reminiscent of nation-state threat actor tactics and has shifted from opportunistic targeting to more refined, strategic targeting.

Read More

Salt Typhoon Targets Telecoms With GhostSpider

Dec 6, 2024 1:33:32 PM / by The Hivemind posted in Threat Bulletin, APT, China, Emerging Threat, Salt Typhoon, GhostSpider

0 Comments

Related Families: Demodex
Verticals Targeted: Telecommunications 

Executive Summary

Salt Typhoon, a China nexus APT group, was recently observed using GhostSpider backdoor to target telecommunications companies.

Read More

BabbleLoader

Nov 29, 2024 12:54:44 PM / by The Hivemind posted in Threat Bulletin, Loader, BabbleLoader, Meduza, WhiteSnake, Donut Loader

0 Comments

Related Families: WhiteSnake, Meduza
Verticals Targeted: Finance, Business Administration

Executive Summary

BabbleLoader is a new stealthy, metamorphic loader that was recently observed delivering stealers, including WhiteSnake and Meduza.

Read More

HellDown Ransomware Linux Variant

Nov 25, 2024 1:39:46 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Linux, Emerging Threat, ESXi, HellDown

0 Comments

Read More

PXA Stealer

Nov 22, 2024 1:54:18 PM / by The Hivemind posted in Threat Bulletin, Stealer, Infostealer, PXA Stealer, Vietnam

0 Comments

Verticals Targeted: Government, Education 

Executive Summary

PXA Stealer was used in an information-stealing campaign targeting entities in the government and education sectors, located in Europe and Asia.

Read More
All posts

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts

Join the Marketplace

For Enterprises and Businesses

Learn More

For Security Experts and AV Companies

Learn More