Related Families: Elking, Eight, Devos, Backmydata, Faust, Perdak, CrySiS, Dharma, SmokeLoader, Cobalt Strike, Bloodhound
Verticals Targeted: Critical Infrastructure, Government, Emergency Services, Education, Healthcare
Phobos Targeting Critical Infrastructure
Mar 15, 2024 2:49:12 PM / by The Hivemind posted in Threat Bulletin, Government, Critical Infrastructure, Ransomware, Healthcare, Energy, Education, Phobos, Emergency Services
Rhadamanthys Targeting ONG Sector
Mar 8, 2024 1:36:26 PM / by The Hivemind posted in Threat Bulletin, Critical Infrastructure, Stealer, Phishing, Energy, ONG, Oil & Gas, Rhadamanthys
Verticals Targeted: Oil & Gas, Energy, Critical Infrastructure
ALPHV Targeting ONG, Critical Infrastructure Entities
Feb 23, 2024 2:25:34 PM / by The Hivemind posted in Threat Bulletin, Critical Infrastructure, Ransomware, BlackCat, ALPHV, Energy, ONG, Oil & Gas
Verticals Targeted: Critical Infrastructure, Energy, Oil & Gas
Executive Summary
ALPHV recently claimed responsibility for a cybersecurity incident targeting Canada's Trans-Northern Pipelines.
Cactus Ransomware
Feb 5, 2024 2:04:38 PM / by The Hivemind posted in Threat Bulletin, Critical Infrastructure, Ransomware, Energy, Cactus
Verticals Targeted: Energy
Executive Summary
Cactus is a ransomware family that has been active since at least March 2023 and has been gaining momentum in recent months. Cactus recently claimed an attack on Schneider Electric.
Volt Typhoon's KV-Botnet
Jan 22, 2024 1:38:21 PM / by The Hivemind posted in Threat Bulletin, APT, Critical Infrastructure, China, Linux, Volt Typhoon, KV-Botnet
Verticals Targeted: Government
Executive Summary
Volt Typhoon was observed compromising Cisco RV325 devices with KV-Botnet.
Cuba Ransomware Used Veeam Vulnerability (CVE-2023-27532)
Aug 25, 2023 1:54:17 PM / by The Hivemind posted in Threat Bulletin, Critical Infrastructure, Ransomware, Information Technology, Cuba
Verticals Targeted: Critical Infrastructure, Information Technology
Executive Summary
Cuba ransomware was observed using the Veeam vulnerability (CVE-2023-27532) in June to target critical infrastructure and IT entities in the US and Latin America.
DroxiDat Targets African Power Company
Aug 18, 2023 2:54:28 PM / by The Hivemind posted in Threat Bulletin, Critical Infrastructure, Energy, DroxiDat, Pistachio Tempest, SystemBC, Fin12
Related Families: SystemBC
Verticals Targeted: Energy
Executive Summary
An African energy sector entity was recently targeted using DroxiDat, a variant of SystemBC.
SpyNote Targets Utility Company Customers
Aug 4, 2023 2:38:03 PM / by The Hivemind posted in Threat Bulletin, Android, Critical Infrastructure, Mobile, Energy, Utilities, SpyNote
Verticals Targeted: Utilities, Energy, Water, Critical Infrastructure