2023 Recap - Malware Hall of Fame
Dec 18, 2023 3:13:23 PM / by The Hivemind posted in Threat Bulletin, Malware, LockBit, ALPHV, Cl0p, MOVEit, Rhysida, 2023 Recap, story of the year, BlackBasta
2023 Recap - Threat Actor Activity Highlights - North Korea
Dec 15, 2023 1:37:07 PM / by The Hivemind posted in Threat Bulletin, North Korea, APAC, 2023 Recap, Chollima
Executive Summary
Several high-profile North Korea nexus threat actor groups have been active in 2023. Reported activities include but are not limited to supply chain attacks, targeting of cryptocurrency, and proliferation of MacOS malware. In this report, PolySwarm highlights cyber activity perpetrated by North Korea nexus threat actor groups in 2023.
2023 Recap - Cyber Activity in the Gaza Conflict
Dec 11, 2023 3:08:36 PM / by The Hivemind posted in Threat Bulletin, Gaza, Hacktivism, Palestine, Israel, Hamas, BiBi-Linux, Conflict, Cyberwar, BiBi-Windows, SysJoker
Executive Summary
While tension in the Gaza region has existed for years, the all-out war that ignited in October 2023 brought with it a variety of cyber activity targeting both sides of the conflict. In this report, PolySwarm provides the highlights of cyber activity associated with the Gaza conflict in 2023.
2023 Recap - Cyberwar and Hacktivism in the Russia-Ukraine Conflict
Dec 8, 2023 1:17:32 PM / by The Hivemind posted in Ukraine, Russia, Threat Bulletin, Primitive Bear, Cozy Bear, Killnet, Cadet Blizzard, LitterDrifter, Ghost Writer, Fancy Bear, VooDoo Bear, RedStinger, Nodaria, Cyber Regiment, IT Army of Ukraine, KibOrg, NLB
Executive Summary
The Russia-Ukraine conflict has continued throughout 2023, with a plethora of both state-sponsored and hacktivist cyber activity taking place alongside kinetic warfare. In this report, PolySwarm provides the highlights of cyber activity associated with the Russia-Ukraine conflict in 2023.
Kinsing Exploiting CVE-2023-46604
Dec 4, 2023 1:29:39 PM / by The Hivemind posted in Threat Bulletin, Cryptominer, Kinsing, CVE-2023-46604
Executive Summary
Kinsing threat actors were recently observed leveraging CVE-2023-46604, a vulnerability affecting Apache ActiveMQ, to infect Linux systems with cryptominers and rootkits.
LummaC2
Dec 1, 2023 12:48:51 PM / by The Hivemind posted in Threat Bulletin, Stealer, LummaC2, Lumma
Executive Summary
A new variant of LummaC2 was observed using a unique trigonometry-based anti-sandboxing technique.
Rhysida On The Rampage
Nov 27, 2023 1:24:03 PM / by The Hivemind posted in Government, Healthcare, Technology, Education, Manufacturing, Various
Verticals Targeted: Education, Government, Manufacturing, Technology, Healthcare, Various
Executive Summary
New Rhysida activity has prompted the release of a joint cybersecurity advisory providing additional details on the ransomware group’s TTPs and operations.
C3RB3R Exploiting CVE-2023-22518
Nov 20, 2023 2:13:05 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Cerber, C3RB3R, CVE-2023-22518
Related Families: Cerber