Related Families: ALPHV
Executive Summary
Fin8 was observed leveraging Sardonic backdoor to deliver ALPHV ransomware.
Verticals Targeted: Government, Military, Various
Executive Summary
PicassoLoader, a downloader, was observed targeting government, military, and civilian entities in Ukraine and Poland. CERT-UA attributed this activity to GhostWriter.
Related Families: Ketrican, BS2005
Verticals Targeted: Government, Financial
Executive Summary
Vixen Panda was recently observed using the Graphican backdoor to target government, financial, and other entities in the Americas and Europe. It is based on Ketrican and is one of many tools in Vixen Panda’s arsenal.
Related Families: Cl0p
Executive Summary
New Truebot variants have been observed on victim machines that were compromised using CVE-2022-31199. The activity is targeting entities in
Verticals Targeted: Financial
Executive Summary
Anatsa is a banking trojan targeting Android devices that is distributed through the Google Play store, disguised as a seemingly innocuous app.
Related Families: Mirai
Executive Summary
Condi is a DDoS as a service botnet based on Mirai. It has been observed leveraging CVE-2023-1389 to propagate.
Related Families: AsyncRAT
Verticals Targeted: Consumer Services
Executive Summary
DcRAT is a clone of AsyncRAT and is used for remote access and stealing information. It also has ransomware capabilities. DcRAT has distributed via adult content-themed lures, including lures for OnlyFans pages.
Related Families: WhisperGate
Verticals Targeted: Government, Law Enforcement, Non-profits, Information Technology, Emergency Services
Executive Summary
Cadet Blizzard is a Russia nexus state-sponsored threat actor group with potential ties to the GRU. However, their activity seems to be distinct from other GRU-associated threat actor groups.