Verticals Targeted: Utilities, Energy, Water, Critical Infrastructure
SpyNote Targets Utility Company Customers
Aug 4, 2023 2:38:03 PM / by The Hivemind posted in Threat Bulletin, Android, Critical Infrastructure, Mobile, Energy, Utilities, SpyNote
CosmicEnergy
Jun 9, 2023 2:23:26 PM / by The Hivemind posted in Critical Infrastructure, ICS, Energy, CosmicEnergy, OT
Verticals Targeted: Energy, Critical Infrastructure
Executive Summary
CosmicEnergy is a novel malware targeting operational technology (OT) and ICS.
Volt Typhoon Targets US Critical Infrastructure
Jun 5, 2023 2:07:00 PM / by The Hivemind posted in US, Critical Infrastructure, China, Energy, Volt Typhoon, Guam
Verticals Targeted: Critical Infrastructure, Communications, Manufacturing, Utility, Transportation, Construction, Maritime, Government, Information Technology, Education
Executive Summary
Volt Typhoon was discovered targeting critical infrastructure entities in the US mainland and Guam. Volt Typhoon maintained stealth throughout this espionage campaign.
RedStinger Targets Critical Infrastructure
May 22, 2023 3:49:00 PM / by The Hivemind posted in Ukraine, Russia, Threat Bulletin, Government, Critical Infrastructure, Transportation, Bad Magic
Related Families: DboxShell, PowerMagic
Verticals Targeted: Defense, Critical Infrastructure, Transportation
Executive Summary
RedStinger, a relatively unknown threat actor group, targeted multiple entities in Ukraine, including those in the defense, transportation, and critical infrastructure verticals.
Mint Sandstorm Targets US Critical Infrastructure
May 1, 2023 3:22:04 PM / by The Hivemind posted in Threat Bulletin, Middle East, Government, Critical Infrastructure, Iran, Telecommunications, Charming Kitten, MENA, Energy, Mint Sandstorm, North Africa, Transportation
Related Families: Drokbk, Soldier
Verticals Targeted: Critical Infrastructure, Telecommunications, Government, Energy, Transportation. Utilities, Oil & Gas
Executive Summary
Mint Sandstorm was recently observed targeting US critical infrastructure entities. These include seaports, energy companies, transportation systems, and a US utility and gas entity.
Industroyer2 Targets Ukrainian Energy Company
Apr 15, 2022 1:06:29 PM / by PolySwarm Tech Team posted in Ukraine, Russia, Threat Bulletin, Wiper, Critical Infrastructure, Industroyer2, Sandworm, Voodoobear
Background
ESET recently reported on Industroyer2, a multi-component ICS malware used to target a Ukrainian energy company.
BlackByte Ransomware Targets Critical Infrastructure
Mar 1, 2022 2:42:23 PM / by PolySwarm Tech Team posted in Threat Bulletin, Critical Infrastructure, BlackByte, Ransomware
Background
The FBI and US Secret Service released an advisory regarding BlackByte ransomware, which compromised multiple US and foreign businesses, including three entities that are part of US critical infrastructure. These three unnamed entities belonged to the government, financial, and food and agriculture verticals. The threat actors behind BlackByte also claimed they hacked networks belonging to the San Francisco 49ers in mid-February 2022.
Russian Websites Down As Russia Fears Critical Infrastructure Attacks
Feb 25, 2022 4:06:31 PM / by PolySwarm Tech Team posted in Ukraine, Russia, Threat Bulletin, Critical Infrastructure
PolySwarm Threat Bulletin
THIS THREAT BULLETIN IS PROVIDED FOR SITUATIONAL AWARENESS
Background
This report is part of our ongoing coverage of the Russia-Ukraine conflict and cyber implications.
PolySwarm recently released the following publications and blog posts discussing Russia-Ukraine tensions and the potential for both kinetic and cyber conflict: