The PolySwarm Blog

Related Families: Specter RAT, SideWalk (Windows)
Verticals Targeted: Education

Executive Summary

ESET recently reported on a SideWalk Linux variant. SideWalk is a backdoor used by the SparklingGoblin threat actor group.

Executive Summary

Sophos recently reported on Deadbolt ransomware, a malware family targeting QNAP devices. QNAP released an advisory on the affected products. 

Verticals Targeted: Professional Services, Media and Entertainment, Manufacturing, Healthcare, Energy and Utilities, Education, Financial

Executive Summary

Cyble recently reported on BianLian, a new ransomware variant written in Go. It has been used to target multiple verticals.

Executive Summary

Cisco Talos researchers recently reported on new activity perpetrated by Russian nexus threat actor group Armageddon. The group is using a new infostealer to target entities in Ukraine.

Key Takeaways

Verticals Targeted: Think Tanks, Media, Government

Executive Summary

In early 2022, the North Korean threat actor group Kimsuky targeted a South Korean think tank and media entities. In this campaign, they leveraged what is known as the GoldDragon backdoor and associated C2 cluster.

Key Takeaways

Executive Summary

In our 2021 Year in Review, we predicted a rise in Linux malware for 2022. AT&T Alien Labs recently reported on Shikitega, a new Linux malware with stealth capabilities.

Key Takeaways

Related families: Babuk

Executive Summary

Uptycs recently reported on a new DarkAngels Linux ransomware variant that appears to still be in development.

Executive Summary

Google’s Threat Analysis Group (TAG) recently reported on Hyperscrape, a new data extraction tool used by the Iranian nexus threat actor group Charming Kitten.

Key Takeaways