The PolySwarm Blog

Verticals Targeted: Telecommunications, Financial, Retail
Regions Targeted: South Korea, Hong Kong, Myanmar, Malaysia, Egypt
Related Families: Symbiote

Executive Summary

A newly discovered BPFDoor controller enhances the backdoor’s stealth, targeting Linux and Solaris systems in Asia and the Middle East. Attributed to Red Menshen, this state-sponsored threat compromises critical sectors with advanced evasion techniques.

Related Families: RansomHub
Verticals Targeted: Healthcare, Government, Critical Infrastructure 

Executive Summary

StilachiRAT is a newly discovered remote access trojan (RAT) that employs advanced evasion techniques to conduct system reconnaissance, steal credentials, and target cryptocurrency wallets.

Executive Summary

A MacOS variant of HZ Rat was recently discovered targeting messaging apps in China. HZ Rat is a basic backdoor, and shell commands received from the C2 provide additional functionality.

Verticals Targeted: Insurance, Aerospace, Transportation, Education, Finance, Technology, Healthcare, Automotive, Hospitality, Energy, Government, Media, Manufacturing, Telecommunications 

Executive Summary

An espionage campaign delivering the Voldemort backdoor was recently observed targeting over 70 organizations. The campaign uses a novel attack chain to deliver the malware, leveraging Google Sheets for command and control (C2).

Verticals Targeted: Government 

Executive Summary

BitSloth is a recently discovered Windows backdoor that uses a built-in feature called Background Intelligent Transfer Service (BITS) for C2.

Executive Summary

BadSpace, also known as WarmCookie, is a novel backdoor delivered via a multistage attack leveraging infected websites.

Related Families: ShadowPad, Deed RAT
Verticals Targeted: Government