Verticals Targeted: Energy
Cactus Ransomware
Feb 5, 2024 2:04:38 PM / by The Hivemind posted in Threat Bulletin, Critical Infrastructure, Ransomware, Energy, Cactus
ColdRiver Using Spica Backdoor
Feb 2, 2024 1:06:16 PM / by The Hivemind posted in Russia, Threat Bulletin, Backdoor, Spica, ColdRiver
Executive Summary
Russia nexus threat actor group ColdRiver was recently observed using Spica backdoor in an espionage campaign.
Androxgh0st
Jan 29, 2024 1:52:50 PM / by The Hivemind posted in Threat Bulletin, Botnet, Androxgh0st, SMTP cracker
Executive Summary
Androxghost is a Python-based SMTP cracker that has been active in the wild since at least 2022. The FBI and CISA released a joint advisory warning of the dangers of Androxgh0st.
Volt Typhoon's KV-Botnet
Jan 22, 2024 1:38:21 PM / by The Hivemind posted in Threat Bulletin, APT, Critical Infrastructure, China, Linux, Volt Typhoon, KV-Botnet
Verticals Targeted: Government
Executive Summary
Volt Typhoon was observed compromising Cisco RV325 devices with KV-Botnet.
SpectralBlur MacOS Backdoor
Jan 19, 2024 2:03:16 PM / by The Hivemind posted in Threat Bulletin, Backdoor, MacOS, Stardust Chollima, SpectralBlur, KandyKorn
Related Families: KandyKorn
Executive Summary
SpectralBlur is a fairly unsophisticated backdoor targeting MacOS devices. It has been attributed to Stardust Chollima.
Xamalicious Android Backdoor
Jan 16, 2024 7:42:21 AM / by The Hivemind posted in Threat Bulletin, Android, Backdoor, Mobile, Xamalicious
Executive Summary
Fancy Bear Campaign Leverages New Malware
Jan 12, 2024 11:42:16 AM / by The Hivemind posted in Ukraine, Russia, Threat Bulletin, Espionage, Government, Fancy Bear, STEELHOOK, OCEANMAP, MASEPIE
Related Families: OCEANMAP, MASEPIE, STEELHOOK
Verticals Targeted: Government
Executive Summary
Fancy Bear was recently observed engaging in a phishing campaign targeting entities in Ukraine. In the campaign, the threat actors used three never before seen malware families, OCEANMAP, MASEPIE, and STEELHOOK.
PolySwarm's 2024 Malware to Watch
Jan 8, 2024 1:04:35 PM / by The Hivemind posted in Threat Bulletin, Malware, LockBit, ALPHV, Predictions, BlackSuit, Rhysida, 2024, Hunters International, Play, 8base