The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

Vixen Panda's Graphican Backdoor

Jul 17, 2023 2:08:32 PM / by The Hivemind posted in Threat Bulletin, Financial, Government, China, Backdoor, Vixen Panda, Graphican

0 Comments

Related Families: Ketrican, BS2005
Verticals Targeted: Government, Financial

Executive Summary

Vixen Panda was recently observed using the Graphican backdoor to target government, financial, and other entities in the Americas and Europe. It is based on Ketrican and is one of many tools in Vixen Panda’s arsenal.

Read More

Volt Typhoon Targets US Critical Infrastructure

Jun 5, 2023 2:07:00 PM / by The Hivemind posted in US, Critical Infrastructure, China, Energy, Volt Typhoon, Guam

0 Comments

Verticals Targeted: Critical Infrastructure, Communications, Manufacturing, Utility, Transportation, Construction, Maritime, Government, Information Technology, Education

Executive Summary

Volt Typhoon was discovered targeting critical infrastructure entities in the US mainland and Guam. Volt Typhoon maintained stealth throughout this espionage campaign.

Read More

Winnti Subgroup Earth Longzhi Uses New TTPs

May 19, 2023 2:28:29 PM / by The Hivemind posted in Threat Bulletin, China, Winnti, TTPs, Stack Rumbling, Earth Longzhi

0 Comments

Related Families: Croxloader, SPHijacker, Behinder
Verticals Targeted: Government, Healthcare, Technology, Manufacturing

Executive Summary

Earth Longzhi, a Winnti subgroup, was recently observed using new TTPs, including a novel technique dubbed stack rumbling.

Read More

PingPull Linux Variant

May 8, 2023 3:05:38 PM / by The Hivemind posted in Threat Bulletin, Espionage, China, PingPull, Gallium, RAT, Sword2033

0 Comments

Related Families: Sword2033

Executive Summary

China nexus threat actor group Gallium was recently observed using a new Linux variant of PingPull in an espionage campaign.

Read More

Bitter APT Campaign Targets Energy Sector

Apr 10, 2023 1:22:19 PM / by The Hivemind posted in Threat Bulletin, China, Energy, South Asia, Bitter APT, Nuclear

0 Comments

Verticals Targeted: Energy

Executive Summary

A recent Bitter APT campaign targeted nuclear energy entities in China. The threat actors used multiple techniques to obtain access to the victim machine, maintain persistence, and download and execute next-stage payloads.

Read More

PolySwarm 2022 Recap - Threat Actor Activity Highlights: China

Dec 27, 2022 11:35:41 AM / by PolySwarm Tech Team posted in Threat Bulletin, China, 2022 Recap, Asia, APAC

0 Comments



Executive Summary

This Threat Bulletin is part of PolySwarm’s 2022 Recap series. This report provides highlights of activity perpetrated by China-based threat actors in 2022.

Key Takeaways

  • This report highlights activity perpetrated by China-based threat actors in 2022.
  • Threat actors featured in this report include Keyhole Panda, Stone Panda, Deep Panda, Twisted Panda, Vixen Panda, Pirate Panda, Aquatic Panda, Wicked Panda, Mustang Panda, Emissary Panda, Kryptonite Panda, Lotus Panda, TA410, Red Menshen, Scarab, Aoquin Dragon, and Lotus Blossom.
  • PolySwarm tracked malware associated with multiple China nexus threat actors in 2022.
Read More

Winnti Targets Hong Kong With Spyder Loader

Nov 7, 2022 1:37:10 PM / by PolySwarm Tech Team posted in Threat Bulletin, Espionage, APT41, Wicked Panda, China, Winnti, Loader, Spyder Loader

0 Comments

Verticals Targeted: Government

Executive Summary

Symantec recently reported on Spyder Loader, a tool used by Chinese nexus state-sponsored threat actor group Winnti to target government entities in Hong Kong.

Read More

Cyber Threats to Aviation and Aerospace

Oct 25, 2022 5:02:07 PM / by PolySwarm Tech Team posted in Russia, Threat Bulletin, China, Ransomware, Aerospace, Hacktivism, Aviation, Data Theft, Killnet, Phishing

0 Comments



Executive Summary

The aviation and aerospace verticals face numerous challenges in the form of cyber threats. This report gives an overview of the different threat actor motivations to target aviation and aerospace and the types of threats to these verticals.

Read More

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts