The PolySwarm Blog

Verticals Targeted: Financial

Executive Summary

North Korea nexus threat actor group BlueNoroff was recently observed using malware to target MacOS systems. Dubbed RustBucket, the malware can be used to communicate with the C2 to download and execute additional payloads.

Related Families: Elibomi, FakeReward, AxBanker, IcRAT, IcSpy
Verticals Targeted: Financial

Executive Summary

Trend Micro recently reported on a phishing and Android malware campaign targeting clients of multiple banks in India. The campaign leverages multiple malware families, including Elibomi, FakeReward, AxBanker, IcRAT, and IcSpy.

Verticals Targeted: Financial

Executive Summary

ThreatFabric recently reported on multiple Android droppers found on the Google Play Store distributing banking trojans.

Executive Summary

Palo Alto’s Unit42 recently reported on PingPull, a RAT used by the Gallium threat actor group to target entities in the telecommunications, government, and financial verticals.

PolySwarm Threat Bulletin
THIS THREAT BULLETIN IS PROVIDED FOR SITUATIONAL AWARENESS

Background

PolySwarm recently released several publications and blog posts discussing Russia-Ukraine tensions and the potential for both kinetic and cyber conflict:

THIS THREAT BULLETIN IS PROVIDED FOR SITUATIONAL AWARENESS

Background

PolySwarm recently published a Special Report, Threat Bulletin, and blog posts discussing Russia-Ukraine tensions and the potential for both kinetic and cyber conflict. In Russia-Ukraine Conflict and Cyberwar Implications, we discussed political tensions between Russia and Ukraine, past cyber altercations between the two nations, and potential cyber and kinetic implications if the current conflict escalates. In Armageddon Activity Targeting Ukraine, we provided commentary and IOCs for ongoing cyber activity targeting Ukraine, which industry analysts attributed to the Russian state-sponsored threat actor group Armageddon.