The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

“Shadow Campaigns” Show Evidence of Global Espionage Using ShadowGuard Rootkit

Feb 13, 2026 1:01:00 PM / by The Hivemind posted in Threat Bulletin, Cobalt Strike, cyber espionage, government targeting, TGR-STA-1030, Diaoyu Loader, ShadowGuard rootkit, eBPF backdoor, global reconnaissance, Shadow Campaigns, state-aligned threat

0 Comments

Verticals Targeted: Government, Telecommunications, Finance, Aerospace
Regions Targeted: North America, South America, Africa, Europe, Asia
Related Families: Diaoyu Loader, ShadowGuard, Cobalt Strike, VShell

Executive Summary

A sophisticated state-aligned cyberespionage operation attributed to TGR-STA-1030 (also tracked as UNC6619) has been discovered, operating from Asia. It has compromised government and critical infrastructure entities across 37 countries over the past year while conducting reconnaissance against government infrastructure in 155 countries. The group's “Shadow Campaigns” leverage phishing, N-day exploitations, and advanced tooling to prioritize intelligence collection on economic partnerships, trade, and diplomatic activities.

Read More

Geacon - Cobalt Strike for MacOS

May 26, 2023 2:01:00 PM / by The Hivemind posted in Cobalt Strike, MacOS, Pentesting, Geacon

0 Comments

Related Families: Cobalt Strike

Executive Summary

Geacon is a Cobalt Strike adaptation developed to target MacOS. Geacon versions are available to target both Apple silicon and Intel architectures.

Read More

Manjusaka Framework

Aug 11, 2022 2:51:07 PM / by PolySwarm Tech Team posted in Threat Bulletin, China, Cobalt Strike, Manjusaka, Silver

0 Comments



Executive Summary

Cisco Talos recently reported on a campaign leveraging Manjusaka, a new attack framework being used in the wild that is advertised as an alternative to Cobalt Strike or Sliver.

Read More

Pymafka Targets macOS, Windows, Linux

Jun 17, 2022 2:17:39 PM / by PolySwarm Tech Team posted in Threat Bulletin, Windows, Linux, Python, Pymafka, Cobalt Strike

0 Comments



Executive Summary

Sonatype recently reported on Pymakfa, a malicious Python package in the PyPl registry dropping Cobalt Strike on macOS, Windows, and Linux.

Read More
All posts

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts

Join the Marketplace

For Enterprises and Businesses

Learn More

For Security Experts and AV Companies

Learn More