The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

PolySwarm 2022 Recap - Threat Actor Activity Highlights: Russia

Dec 29, 2022 3:17:20 PM / by PolySwarm Tech Team posted in Russia, Threat Bulletin, APT, Europe, 2022 Recap

0 Comments



Executive Summary

This Threat Bulletin is part of PolySwarm’s 2022 Recap series. This report provides highlights of activity perpetrated by Russia-based threat actors in 2022. Russian APT activity in 2022 was heavily focused on targeting Ukraine for espionage and sabotage due to the ongoing Russia-Ukraine conflict. While the Russian cyber threat landscape includes a wide variety of ransomware and cybercrime threat actors, we have limited the scope of this report to state-sponsored threat actor activity.

Key Takeaways

  • This report highlights activity perpetrated by Russia-based APT threat actors in 2022.
  • Threat actors featured in this report include Cozy Bear, Fancy Bear, Energetic Bear, Venomous Bear, Primitive Bear, VooDoo Bear, Ember Bear, Saint Bear, UAC-0041, UAC-0088, and UAC-0098.
  • PolySwarm tracked malware associated with multiple Russia nexus threat actors in 2022. 
Read More

PolySwarm 2022 Recap - Threat Actor Activity Highlights: China

Dec 27, 2022 11:35:41 AM / by PolySwarm Tech Team posted in Threat Bulletin, China, 2022 Recap, Asia, APAC

0 Comments



Executive Summary

This Threat Bulletin is part of PolySwarm’s 2022 Recap series. This report provides highlights of activity perpetrated by China-based threat actors in 2022.

Key Takeaways

  • This report highlights activity perpetrated by China-based threat actors in 2022.
  • Threat actors featured in this report include Keyhole Panda, Stone Panda, Deep Panda, Twisted Panda, Vixen Panda, Pirate Panda, Aquatic Panda, Wicked Panda, Mustang Panda, Emissary Panda, Kryptonite Panda, Lotus Panda, TA410, Red Menshen, Scarab, Aoquin Dragon, and Lotus Blossom.
  • PolySwarm tracked malware associated with multiple China nexus threat actors in 2022.
Read More

PolySwarm 2022 Recap - Threat Actor Activity Highlights: North Korea

Dec 21, 2022 1:28:03 PM / by PolySwarm Tech Team posted in Threat Bulletin, North Korea, 2022 Recap, Asia, APAC

0 Comments



Executive Summary

This Threat Bulletin is part of PolySwarm’s 2022 Recap series. This report highlights the activity perpetrated by North Korea-based threat actors in 2022.


Key Takeaways

  • This report provides highlights of activity perpetrated by North Korea-based threat actors in 2022.
  • Threat actors featured in this report include Lazarus Group, BlueNoroff, Reaper, Andariel, Kimsuky, Gwisin, and H0ly Gh0st. 
  • PolySwarm tracked malware associated with multiple North Korea nexus threat actors in 2022.
Read More

PolySwarm 2022 Recap - Threat Actor Activity Highlights: Iran

Dec 19, 2022 2:03:57 PM / by PolySwarm Tech Team posted in Threat Bulletin, Middle East, Iran, 2022 Recap, MENA

0 Comments



Executive Summary

This Threat Bulletin is part of PolySwarm’s 2022 Recap series. This report highlights activity perpetrated by Iran-based threat actors in 2022.


Key Takeaways

  • This report provides highlights of activity perpetrated by Iran-based threat actors in 2022.
  • Threat actors featured in this report include Static Kitten, Charming Kitten, Siamese Kitten, Fox Kitten, Helix Kitten, Nemesis Kitten, Refined Kitten, Moses Staff, Cobalt Mirage, and APT42. 
  • PolySwarm tracked malware associated with multiple Iran nexus threat actors in 2022.
Read More

PolySwarm 2022 Recap - War of the Wipers

Dec 15, 2022 1:04:25 PM / by PolySwarm Tech Team posted in Ukraine, Russia, Threat Bulletin, Wiper, 2022 Recap

0 Comments

Related Families: DoubleZero, IsaacWiper, HermeticWiper, CaddyWiper, WhisperGate, AcidRain, Industroyer2, Azov, CryWiper

Verticals Targeted: defense, government, judicial, telecommunications, energy, non-profit

Executive Summary

In 2022, we observed a significant increase in the number of wiper malware families active in the wild. The majority of this activity appears to be motivated by or conducted in conjunction with the ongoing kinetic warfare taking place between Russia and Ukraine. In this report, we focus on wipers that seem to be connected to the Russia-Ukraine conflict.

Key Takeaways

  • In 2022, we observed a significant increase in the number of wiper malware families active in the wild. Many of these appear to be related to the Russia-Ukraine conflict.
  • These families include DoubleZero, HermeticWiper, IsaacWiper, CaddyWiper, WhisperGate, AcidRain, Industroyer2, Azov, and CryWiper. 
  • The majority of these wiper families targeted entities in Ukraine, while at least one targeted entities in Russia.
Read More

PolySwarm 2022 Recap - Threats to the Gaming Industry

Dec 12, 2022 1:55:57 PM / by PolySwarm Tech Team posted in Threat Bulletin, BlackCat, ALPHV, 2022 Recap, Electron Bot, Gaming, Redline, Chaos, Monster, AXLocker

0 Comments

Related Families: RedLine, Chaos, Monster, Electron Bot, AXLocker, RapperBot, ALPHV/BlackCat, Electron Bot
Verticals Targeted: Gaming

Executive Summary

This report is part of PolySwarm’s 2022 Recap series. This edition provides an overview of the 2022 gaming threat landscape.

Key Takeaways

Read More

2022 Recap - Mobile Malware Threat Landscape

Dec 8, 2022 1:23:16 PM / by PolySwarm Tech Team posted in Threat Bulletin, Android, Malware, 2022 Recap, ios, Mobile

0 Comments

Verticals Targeted: Financial, Government, Journalism, Various

Executive Summary

This report is part of PolySwarm’s 2022 Recap series. This edition provides an overview of the 2022 mobile malware threat landscape.

Key Takeaways

  • The 2022 mobile malware threat landscape saw a 500% increase in malware distribution in early 2022, and mobile malware continued to be rampant throughout the year.
  • Some of the attack vectors used by threat actors to distribute mobile malware in 2022 include apps injected with malicious code, zero-click attacks, TOAD, and smashing.
  • Types of mobile malware that were prolific in 2022 include banking trojans, dropper apps, spyware, mobile ransomware, and subscriber trojans.
Read More

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts