Verticals Targeted: Government
Stealth Falcon's Deadglyph Backdoor
Oct 6, 2023 1:42:37 PM / by The Hivemind posted in Threat Bulletin, Middle East, Backdoor, Stealth Falcon, Deadglyph, UAE
Earth Lusca's SprySOCKS Linux Backdoor
Sep 25, 2023 2:06:11 PM / by The Hivemind posted in Threat Bulletin, Espionage, Government, Linux, Backdoor, Mandibule, SprySOCKS, Earth Lusca, Aquatic Panda
Related Families: Mandibule, Cobalt Strike, Trochilus, RedLeaves
Verticals Targeted: Government
Executive Summary
China nexus threat actor group Earth Lusca was observed using a Linux-based backdoor dubbed SprySOCKS to target government entities.
The Evolution of BPFDoor
Jul 28, 2023 2:38:39 PM / by The Hivemind posted in Threat Bulletin, China, Backdoor, Red Menshen, BPFDoor
Executive Summary
Fin8 Using Sardonic Backdoor
Jul 24, 2023 2:44:05 PM / by The Hivemind posted in Threat Bulletin, ALPHV, Backdoor, Fin8, Sardonic
Related Families: ALPHV
Executive Summary
Fin8 was observed leveraging Sardonic backdoor to deliver ALPHV ransomware.
Vixen Panda's Graphican Backdoor
Jul 17, 2023 2:08:32 PM / by The Hivemind posted in Threat Bulletin, Financial, Government, China, Backdoor, Vixen Panda, Graphican
Related Families: Ketrican, BS2005
Verticals Targeted: Government, Financial
Executive Summary
Vixen Panda was recently observed using the Graphican backdoor to target government, financial, and other entities in the Americas and Europe. It is based on Ketrican and is one of many tools in Vixen Panda’s arsenal.
SideWinder WarHawk Backdoor
Oct 31, 2022 1:16:52 PM / by PolySwarm Tech Team posted in Threat Bulletin, India, Pakistan, Backdoor, Sidewinder, WarHawk
Executive Summary
Zscaler recently reported on WarHawk, a new backdoor used by the Indian threat actor group SideWinder.
SideWalk Linux Variant
Oct 3, 2022 3:59:17 PM / by PolySwarm Tech Team posted in Threat Bulletin, Linux, Backdoor, SparklingGoblin, SideWalk
Related Families: Specter RAT, SideWalk (Windows)
Verticals Targeted: Education
Executive Summary
ESET recently reported on a SideWalk Linux variant. SideWalk is a backdoor used by the SparklingGoblin threat actor group.
SessionManager Targets Governments and NGOs
Jul 8, 2022 2:33:33 PM / by PolySwarm Tech Team posted in Threat Bulletin, Government, Backdoor, SessionManager, NGO, IIS
Executive Summary
Kaspersky recently reported on SessionManager, a difficult to detect backdoor targeting governments and NGOs in multiple countries.