The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

Sidewinder Using New Tools to Target Maritime and Nuclear Sectors

Mar 14, 2025 3:14:11 PM / by The Hivemind posted in Threat Bulletin, Sidewinder, TTPs, Nuclear, Evolving Threat, Maritime

0 Comments

Verticals Targeted: Maritime, Nuclear

Executive Summary

SideWinder, an APT group thought to be of Indian nexus, was recently observed using new TTPs and expanding their targeting to include entities in the maritime and nuclear energy sectors.

Read More

Silver Fox Targeting Medical Devices

Mar 3, 2025 2:02:05 PM / by The Hivemind posted in Threat Bulletin, China, Evolving Threat, SilverFox, Medical, ValleyRAT

0 Comments

Related Families: ValleyRAT
Verticals Targeted: Medical

Executive Summary

Chinese threat actor Silver Fox was recently observed targeting medical devices in a sophisticated campaign that delivers multiple malware families, including ValleyRAT.

Read More

SystemBC Now Targeting Linux

Feb 18, 2025 2:05:57 PM / by The Hivemind posted in Threat Bulletin, Linux, RAT, SystemBC, Evolving Threat

0 Comments

Related Families: RIG, Fallout EK

Executive Summary

SystemBC, a RAT that previously only targeted Windows systems was recently observed targeting Linux.

Read More

Coyote Banking Trojan

Feb 7, 2025 1:04:08 PM / by The Hivemind posted in Threat Bulletin, Windows, Banker, Banking Trojan, Evolving Threat, Coyote

0 Comments

Verticals Targeted: Financial 

Executive Summary

Coyote, which was first observed in early 2024, is a banking trojan that has targeted over 1030 sites and 73 financial institutions.

Read More

AIRASHI Botnet

Jan 27, 2025 11:08:56 AM / by The Hivemind posted in Threat Bulletin, DDoS, Botnet, Emerging Threat, Evolving Threat, AIRASHI

0 Comments

Related Families: AISURU

Executive Summary

AIRASHI is a variant of the AISURU botnet that has been active since at least late 2024. It is in active development and has the capability to conduct large-scale DDoS attacks.

Read More

Black Basta Evolves

Dec 9, 2024 12:32:54 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Black Basta, Emerging Threat, Evolving Threat

0 Comments

Verticals Targeted: Manufacturing, Finance, Transportation, Legal Services, Healthcare, Defense, Business Services

Executive Summary

Black Basta is a ransomware group that rose in the aftermath of the dissolution of Conti ransomware in 2022. In recent months, Black Basta has begun using tactics that are reminiscent of nation-state threat actor tactics and has shifted from opportunistic targeting to more refined, strategic targeting.

Read More

HellCat Ransomware Targets Energy Giant Schneider Electric

Nov 15, 2024 12:52:13 PM / by The Hivemind posted in Threat Bulletin, Critical Infrastructure, Ransomware, Energy, Emerging Threat, Evolving Threat

0 Comments

Related Families: HellDown
Verticals Targeted: Energy

Executive Summary

HellCat ransomware recently targeted French energy giant Schneider Electric. PolySwarm analysts consider HellCat to be an emerging threat.

Read More

The Evolution of Akira Ransomware

Nov 1, 2024 12:21:19 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Akira, Evolving Threat

0 Comments

Verticals Targeted: Aerospace, Manufacturing, Professional Services, Scientific and Technical Services, Retail, Construction, Insurance, Telecommunications, Hospitality, and Legal Services

Executive Summary

Akira ransomware is one of the most prolific ransomware families of 2024. Active in the wild since April 2023, Akira has continued to evolve, maintaining its relevance on the threat landscape.

Read More
All posts

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts

Join the Marketplace

For Enterprises and Businesses

Learn More

For Security Experts and AV Companies

Learn More