The PolySwarm Blog

Related Families: Sword2033

Executive Summary

China nexus threat actor group Gallium was recently observed using a new Linux variant of PingPull in an espionage campaign.

Related Families: Telemiris, TunnusSched, Roopy, JLORAT, KopiLuwak
Verticals Targeted: Government, Diplomatic Entities

Executive Summary

A Russian-speaking threat actor group dubbed Tomiris was recently observed conducting an espionage campaign targeting countries in Central Asia. The group uses a variety of tools, some of which overlap with the Russian threat actor group Venomous Bear.

Related Families: Drokbk, Soldier
Verticals Targeted: Critical Infrastructure, Telecommunications, Government, Energy, Transportation. Utilities, Oil & Gas

Executive Summary

Mint Sandstorm was recently observed targeting US critical infrastructure entities. These include seaports, energy companies, transportation systems, and a US utility and gas entity.

Executive Summary

Goldoson, a privacy-invasive and clicker adware, was recently discovered in several popular Android apps in South Korea. It generates revenue for the threat actors via fraudulent recursive visits to hidden ads on the infected device.

Related Families: LockBit

Executive Summary

Iranian threat actors were observed targeting a hybrid environment using ransomware as a decoy for destructive attacks.

Key Takeaways

Executive Summary

Rorschach is a newly discovered ransomware family with the fastest encryption to date. While the developers seemed to borrow TTPs from other ransomware strains, Rorschach is unique and points to a sophisticated threat actor.

Verticals Targeted: Energy

Executive Summary

A recent Bitter APT campaign targeted nuclear energy entities in China. The threat actors used multiple techniques to obtain access to the victim machine, maintain persistence, and download and execute next-stage payloads.