Verticals Targeted: Public Sector, Aviation
Regions Targeted: Middle East
Related Families: None
Charon Ransomware Targets Middle East
Aug 18, 2025 1:56:06 PM / by The Hivemind posted in Threat Bulletin, Emerging Threat, Charon ransomware, Earth Baxia, APT techniques, process injection, anti-EDR, DLL sideloading, Middle East cyber attacks, public sector malware, aviation industry threats, ransomware defense
Gunra Ransomware
Aug 11, 2025 2:41:54 PM / by The Hivemind posted in Threat Bulletin, Emerging Threat, Evolving Threat, Data Exfiltration, Gunra Ransomware, Linux Ransomware Variant, Multi-Thread Encryption, Partial Encryption, Cross-Platform Ransomware, Conti-Inspired, Ransomware Analysis, Gunra Group, Enterprise Targeting
Verticals Targeted: Government, Healthcare, Manufacturing, Transportation, Law and Consulting, IT, Agriculture
Regions Targeted: Brazil, Japan, Canada, Turkey, South Korea, Taiwan, United States
Related Families: Conti
Executive Summary
Gunra ransomware has debuted a Linux variant that boosts encryption speed and flexibility, signaling a shift toward broader cross-platform attacks following its initial Windows campaigns.
CastleLoader
Aug 8, 2025 11:51:37 AM / by The Hivemind posted in Threat Bulletin, Phishing, Redline, Emerging Threat, PowerShell, StealC, ClickFix, CastleLoader, GitHub, DeerStealer, malware loader, NetSupport RAT
Verticals Targeted: Government
Regions Targeted: US
Related Families: StealC, RedLine, NetSupport RAT, DeerStealer, HijackLoader, SectopRAT
Executive Summary
CastleLoader, a versatile malware loader, has infected 469 devices since May 2025, leveraging Cloudflare-themed ClickFix phishing and fake GitHub repositories to deliver information stealers and RATs. Its sophisticated attack chain, high infection rate, and modular design make it a significant threat to organizations, particularly U.S. government entities.
Active Exploitation of "ToolShell" Vulnerabilities Targets Microsoft SharePoint Servers
Aug 4, 2025 2:55:02 PM / by The Hivemind posted in Threat Bulletin, Emerging Threat, SharePoint vulnerabilities, CVE-2025-49704, CVE-2025-49706, CVE-2025-53770, CVE-2025-53771, Chinese nation-state actors, web shell deployment, Linen Typhoon, Violet Typhoon, Storm-2603, on-premises exploitation, MachineKey theft, ToolShell
Verticals Targeted: Government, Defense, NGOs, Think Tanks, Education, Media, Financial, Healthcare
Regions Targeted: US, Europe, East Asia, Africa
Related Families: Warlock, LockBit
Executive Summary
Microsoft has disclosed active exploitation of critical vulnerabilities in on-premises SharePoint servers by Chinese threat actors, urging immediate patching and additional mitigations to prevent unauthorized access and data theft.
BERT Ransomware
Jul 11, 2025 2:02:09 PM / by The Hivemind posted in Threat Bulletin, Europe, REvil, Healthcare, Asia, Babuk, Technology, Emerging Threat, PowerShell, Evolving Threat, Event Services, United States, BERT ransomware
Verticals Targeted: Healthcare, Technology
Regions Targeted: Asia, Europe, United States
Related Families: REvil, Babuk
EDDIESTEALER
Jun 9, 2025 12:29:15 PM / by The Hivemind posted in Threat Bulletin, Infostealer, Data Theft, social engineering, Emerging Threat, EDDIESTEALER, Rust Malware, CAPTCHA Campaign, ClickFix, PowerShell Attack, ChromeKatz, Cybersecurity
Verticals Targeted: Not specified
Regions Targeted: Not specified
Related Families: None
Executive Summary
EDDIESTEALER is a Rust-based infostealer distributed through deceptive CAPTCHA campaigns, leveraging social engineering to steal sensitive data like credentials and cryptocurrency wallet details. Its advanced obfuscation and ChromeKatz integration highlight the growing sophistication of commodity malware.
Nitrogen Ransomware Targets Financial Vertical
May 27, 2025 12:16:27 PM / by The Hivemind posted in Threat Bulletin, Financial, Ransomware, Emerging Threat, Nitrogen
Verticals Targeted: Finance, Construction, Manufacturing, Technology
Regions Targeted: US, UK, Canada
Related Families: Cobalt Strike, Meterpreter
PupkinStealer Leverages Telegram for Data Exfiltration
May 16, 2025 2:16:41 PM / by The Hivemind posted in Threat Bulletin, Stealer, Infostealer, Emerging Threat, PupkinStealer
Verticals Targeted: E-commerce
Regions Targeted: Not specified
Related Families: None identified