Background
CERT-UA, the Ukraine government’s incident response team, recently released a report on MicroBackdoor. CERT-UA did not provide further information on the scope of the incident leading to the discovery of this malware.
Background
Cyble recently published research on Jester Stealer, an info stealer known to harvest login credentials, cookies, payment card details, and other information.
Background
Ukraine was recently targeted by several wiper malware families. In January, WhisperGate, which was attributed to a Belarusian threat actor group known as Ghostwriter/UNC1151, targeted Ukraine’s government, non-profit, and technology verticals. On February 23, another wiper malware dubbed HermeticWiper or FoxBlade was used to target Ukraine. On February 24, a third wiper malware was observed targeting Ukrainian entities. This new malware was dubbed IsaacWiper. ESET recently published research on HermeticWiper and IsaacWiper.
Background
Symantec recently published research on Daxin backdoor, which they called the “most advanced” malware they have seen from Chinese threat actors.
Background
Walmart recently reported on a new ransomware as a service (RaaS) called Sugar ransomware. The threat actors behind Sugar ransomware appear to be targeting individuals rather than enterprises and demand a low ransom amount, based on the number of files encrypted.
Background
The FBI and US Secret Service released an advisory regarding BlackByte ransomware, which compromised multiple US and foreign businesses, including three entities that are part of US critical infrastructure. These three unnamed entities belonged to the government, financial, and food and agriculture verticals. The threat actors behind BlackByte also claimed they hacked networks belonging to the San Francisco 49ers in mid-February 2022.
Background
Secureworks recently posted research analyzing Wicked Panda’s ShadowPad RAT. Secureworks stated multiple clusters of ShadowPad activity appeared to be linked to PLA theater commands.
PolySwarm Threat Bulletin
THIS THREAT BULLETIN IS PROVIDED FOR SITUATIONAL AWARENESS
Background
This report is part of our ongoing coverage of the Russia-Ukraine conflict and cyber implications.
PolySwarm recently released the following publications and blog posts discussing Russia-Ukraine tensions and the potential for both kinetic and cyber conflict: