The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

Footholds, Live Feeds, and Lifelines: Iranian Cyber Operations Surviving, Not Thriving

Mar 16, 2026 2:42:32 PM / by The Hivemind posted in Threat Bulletin, Critical Infrastructure, Iran, MOIS, MuddyWater, Cyber Warfare, CVE-2021-33044, Handala, IRGC, IP cameras, CVE-2017-7921

0 Comments

Verticals Targeted: Banking, Aviation, Defense, Healthcare
Regions Targeted: US, Canada
Related Families: Dindoor, Fakeset, Stagecomp, Darkcomp

Executive Summary

Recent reporting indicates Iranian cyber actors are expanding operations targeting US organizations while also exploiting internet-connected cameras across the Middle East for intelligence collection and battlefield awareness. These developments represent another layer in Iran’s evolving hybrid warfare strategy. Iranian APT group MuddyWater has maintained access to multiple US organizations since early February, while Iran-linked infrastructure has targeted internet-connected surveillance cameras across the Middle East. Hacktivist group Handala has recently claimed responsibility for a destructive cyberattack against medical technology firm Stryker. Taken together, these incidents suggest Iran’s cyber ecosystem is currently surviving but not thriving, maintaining operational capability despite disruption to infrastructure and command structures.

Read More

Russia Targets Ukraine Critical Infrastructure With PathWiper

Jun 13, 2025 2:33:09 PM / by The Hivemind posted in Threat Bulletin, Critical Infrastructure, HermeticWiper, PathWiper, Wiper Malware, Ukraine Cyberattack, Russia APT, Endpoint Security, Cyber Warfare, Data Destruction, Administrative Console

0 Comments

Verticals Targeted: Critical infrastructure
Regions Targeted: Ukraine
Related Families: HermeticWiper (aka FoxBlade, NEARMISS)

Executive Summary

PathWiper is a new wiper malware deployed by a Russia-linked APT, targeting Ukraine’s critical infrastructure with destructive intent. The attack leveraged a legitimate endpoint administration framework, highlighting the persistent cyber threat to Ukraine amid ongoing conflict.

Read More

HellCat Ransomware Targets Energy Giant Schneider Electric

Nov 15, 2024 12:52:13 PM / by The Hivemind posted in Threat Bulletin, Critical Infrastructure, Ransomware, Energy, Emerging Threat, Evolving Threat

0 Comments

Related Families: HellDown
Verticals Targeted: Energy

Executive Summary

HellCat ransomware recently targeted French energy giant Schneider Electric. PolySwarm analysts consider HellCat to be an emerging threat.

Read More

Black Basta Targeting Critical Infrastructure

May 17, 2024 2:19:41 PM / by The Hivemind posted in Threat Bulletin, Critical Infrastructure, Ransomware, Black Basta, Healthcare, Emerging Threat

0 Comments

Related Families: Qakbot
Verticals Targeted: Critical Infrastructure, Healthcare

Executive Summary

CISA recently issued an advisory warning critical infrastructure entities to harden their defenses against attacks from Black Basta.

Read More

VooDoo Bear's Kapeka Backdoor Targets Critical Infrastructure

Apr 26, 2024 2:28:37 PM / by The Hivemind posted in Threat Bulletin, Critical Infrastructure, ICS, Energy, VooDoo Bear, Kapeka

0 Comments

Related Families: GreyEnergy, Prestige
Verticals Targeted: Critical Infrastructure

Executive Summary

Kapeka, also known as KnuckleTouch, is a novel backdoor used by VooDoo Bear to target entities in Eastern Europe.

Read More

Phobos Targeting Critical Infrastructure

Mar 15, 2024 2:49:12 PM / by The Hivemind posted in Threat Bulletin, Government, Critical Infrastructure, Ransomware, Healthcare, Energy, Education, Phobos, Emergency Services

0 Comments

Related Families: Elking, Eight, Devos, Backmydata, Faust, Perdak, CrySiS, Dharma, SmokeLoader, Cobalt Strike, Bloodhound
Verticals Targeted: Critical Infrastructure, Government, Emergency Services, Education, Healthcare

Executive Summary

CISA recently released an advisory on Phobos ransomware being used to target critical infrastructure entities, including government entities, emergency services, education, public healthcare, and other unspecified entities.

Read More

Rhadamanthys Targeting ONG Sector

Mar 8, 2024 1:36:26 PM / by The Hivemind posted in Threat Bulletin, Critical Infrastructure, Stealer, Phishing, Energy, ONG, Oil & Gas, Rhadamanthys

0 Comments

Verticals Targeted: Oil & Gas, Energy, Critical Infrastructure

Read More

ALPHV Targeting ONG, Critical Infrastructure Entities

Feb 23, 2024 2:25:34 PM / by The Hivemind posted in Threat Bulletin, Critical Infrastructure, Ransomware, BlackCat, ALPHV, Energy, ONG, Oil & Gas

0 Comments

Verticals Targeted: Critical Infrastructure, Energy, Oil & Gas

Executive Summary

ALPHV recently claimed responsibility for a cybersecurity incident targeting Canada's Trans-Northern Pipelines.

Read More
All posts

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts

Join the Marketplace

For Enterprises and Businesses

Learn More

For Security Experts and AV Companies

Learn More