New CapraRAT Activity
Jul 12, 2024 2:44:05 PM / by The Hivemind posted in Threat Bulletin, Espionage, Android, CapraRAT, Spyware, Mobile, Surveillance
DISGOMOJI Linux RAT Controlled Via Discord Emojis
Jun 24, 2024 3:02:07 PM / by The Hivemind posted in Threat Bulletin, Espionage, India, Pakistan, Government, RAT, Discord, DISGOMOJI
Verticals Targeted: Government
Executive Summary
DISGOMOJI is a RAT controlled via emojis sent over Discord. It was recently observed targeting government entities in India.
Velvet Chollima Using Gomir Linux Backdoor
May 24, 2024 11:58:05 AM / by The Hivemind posted in Threat Bulletin, Espionage, North Korea, Linux, Kimsuky, GoBear, Velvet Chollima, Gomir, Troll Stealer
Related Families: GoBear, Troll Stealer, BetaSeed, Endor
Verticals Targeted: Government
Executive Summary
North Korea nexus threat actor group Velvet Chollima was observed using a new Linux backdoor, dubbed Gomir, to target entities in South Korea.
Fancy Bear Campaign Leverages New Malware
Jan 12, 2024 11:42:16 AM / by The Hivemind posted in Ukraine, Russia, Threat Bulletin, Espionage, Government, Fancy Bear, STEELHOOK, OCEANMAP, MASEPIE
Related Families: OCEANMAP, MASEPIE, STEELHOOK
Verticals Targeted: Government
Executive Summary
Fancy Bear was recently observed engaging in a phishing campaign targeting entities in Ukraine. In the campaign, the threat actors used three never before seen malware families, OCEANMAP, MASEPIE, and STEELHOOK.
Earth Lusca's SprySOCKS Linux Backdoor
Sep 25, 2023 2:06:11 PM / by The Hivemind posted in Threat Bulletin, Espionage, Government, Linux, Backdoor, Mandibule, SprySOCKS, Earth Lusca, Aquatic Panda
Related Families: Mandibule, Cobalt Strike, Trochilus, RedLeaves
Verticals Targeted: Government
Executive Summary
China nexus threat actor group Earth Lusca was observed using a Linux-based backdoor dubbed SprySOCKS to target government entities.
BadBazaar Spyware Variants Delivered Via Trojanized Android Apps
Sep 11, 2023 3:07:00 PM / by The Hivemind posted in Threat Bulletin, Espionage, Android, Mobile, BadBazaar, GREF
Executive Summary
Two GREF espionage campaigns used trojanized Android apps to deliver BadBazaar spyware variants.
PicassoLoader
Jul 21, 2023 2:15:50 PM / by The Hivemind posted in Ukraine, Threat Bulletin, Espionage, Belarus, Poland, PicassoLoader, GhostWriter
Verticals Targeted: Government, Military, Various
Executive Summary
PicassoLoader, a downloader, was observed targeting government, military, and civilian entities in Ukraine and Poland. CERT-UA attributed this activity to GhostWriter.
Cadet Blizzard
Jun 23, 2023 2:09:27 PM / by The Hivemind posted in Russia, Threat Bulletin, Espionage, WhisperGate, Cadet Blizzard, Disruption
Related Families: WhisperGate
Verticals Targeted: Government, Law Enforcement, Non-profits, Information Technology, Emergency Services
Executive Summary
Cadet Blizzard is a Russia nexus state-sponsored threat actor group with potential ties to the GRU. However, their activity seems to be distinct from other GRU-associated threat actor groups.