The PolySwarm Blog

Related Families: SunSeed, AHKBOT, NODEBOT
Verticals Targeted: Government, Cryptocurrency, Financial

Executive Summary

Asylum Ambuscade is a threat actor group known to engage in both cybercrime and espionage activity. Their targets include government, financial, and SMB entities, primarily in Europe and North America. 

Associated Families: LemurLoot
Verticals Targeted: Financial, Government

Executive Summary

Industry researchers from multiple vendors observed threat actors leveraging CVE-2023-34362. Microsoft attributed the activity to a Cl0p affiliate dubbed Lace Tempest.

Related Families: Royal

Executive Summary

BlackSuit ransomware targets both Windows and Linux systems and bears a striking resemblance to Royal ransomware.

Verticals Targeted: Energy, Critical Infrastructure

Executive Summary

CosmicEnergy is a novel malware targeting operational technology (OT) and ICS.

Verticals Targeted: Critical Infrastructure, Communications, Manufacturing, Utility, Transportation, Construction, Maritime, Government, Information Technology, Education

Executive Summary

Volt Typhoon was discovered targeting critical infrastructure entities in the US mainland and Guam. Volt Typhoon maintained stealth throughout this espionage campaign.

Related Families: AhMyth

Executive Summary

AhRAT, an Android RAT, was disguised as the iRecorder app. This malicious version of the iRecorder app is capable of recording audio and exfiltrating files from a victim’s device.

Related Families: BlackByte

Executive Summary

BlackByte NT, the most recently discovered variant of BlackByte ransomware, was recently reported by DuskRise. BlackByte NT is written in C++ and contains a variety of anti-analysis techniques in an attempt to thwart malware analysts.

Related Families: Cobalt Strike

Executive Summary

Geacon is a Cobalt Strike adaptation developed to target MacOS. Geacon versions are available to target both Apple silicon and Intel architectures.