The PolySwarm Blog

Related Families: Cobalt Strike

Executive Summary

Geacon is a Cobalt Strike adaptation developed to target MacOS. Geacon versions are available to target both Apple silicon and Intel architectures.

Related Families: DboxShell, PowerMagic
Verticals Targeted: Defense, Critical Infrastructure, Transportation 

Executive Summary

RedStinger, a relatively unknown threat actor group, targeted multiple entities in Ukraine, including those in the defense, transportation, and critical infrastructure verticals.

Related Families: Croxloader, SPHijacker, Behinder
Verticals Targeted: Government, Healthcare, Technology, Manufacturing

Executive Summary

Earth Longzhi, a Winnti subgroup, was recently observed using new TTPs, including a novel technique dubbed stack rumbling.

Related Families: CloudMensis, RambleOn

Executive Summary

Reaper was recently observed using new TTPs to drop RokRAT. The infection chain leveraged LNK files delivered via the energy sector and politic

Verticals Targeted: Financial

Executive Summary

North Korea nexus threat actor group BlueNoroff was recently observed using malware to target MacOS systems. Dubbed RustBucket, the malware can be used to communicate with the C2 to download and execute additional payloads.

Related Families: Sword2033

Executive Summary

China nexus threat actor group Gallium was recently observed using a new Linux variant of PingPull in an espionage campaign.

Related Families: Telemiris, TunnusSched, Roopy, JLORAT, KopiLuwak
Verticals Targeted: Government, Diplomatic Entities

Executive Summary

A Russian-speaking threat actor group dubbed Tomiris was recently observed conducting an espionage campaign targeting countries in Central Asia. The group uses a variety of tools, some of which overlap with the Russian threat actor group Venomous Bear.

Related Families: Drokbk, Soldier
Verticals Targeted: Critical Infrastructure, Telecommunications, Government, Energy, Transportation. Utilities, Oil & Gas

Executive Summary

Mint Sandstorm was recently observed targeting US critical infrastructure entities. These include seaports, energy companies, transportation systems, and a US utility and gas entity.