The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

Phobos Targeting Critical Infrastructure

Mar 15, 2024 2:49:12 PM / by The Hivemind posted in Threat Bulletin, Government, Critical Infrastructure, Ransomware, Healthcare, Energy, Education, Phobos, Emergency Services

0 Comments

Related Families: Elking, Eight, Devos, Backmydata, Faust, Perdak, CrySiS, Dharma, SmokeLoader, Cobalt Strike, Bloodhound
Verticals Targeted: Critical Infrastructure, Government, Emergency Services, Education, Healthcare

Executive Summary

CISA recently released an advisory on Phobos ransomware being used to target critical infrastructure entities, including government entities, emergency services, education, public healthcare, and other unspecified entities.

Read More

Fancy Bear Campaign Leverages New Malware

Jan 12, 2024 11:42:16 AM / by The Hivemind posted in Ukraine, Russia, Threat Bulletin, Espionage, Government, Fancy Bear, STEELHOOK, OCEANMAP, MASEPIE

0 Comments

Related Families: OCEANMAP, MASEPIE, STEELHOOK
Verticals Targeted: Government

Executive Summary

Fancy Bear was recently observed engaging in a phishing campaign targeting entities in Ukraine. In the campaign, the threat actors used three never before seen malware families, OCEANMAP, MASEPIE, and STEELHOOK.

Read More

Rhysida On The Rampage

Nov 27, 2023 1:24:03 PM / by The Hivemind posted in Government, Healthcare, Technology, Education, Manufacturing, Various

0 Comments

Verticals Targeted: Education, Government, Manufacturing, Technology, Healthcare, Various

Executive Summary

New Rhysida activity has prompted the release of a joint cybersecurity advisory providing additional details on the ransomware group’s TTPs and operations.

Read More

New MOVEit Activity

Nov 13, 2023 1:31:46 PM / by The Hivemind posted in Threat Bulletin, Government, Defense, CVE-2023-34362, MOVEit, Technology

0 Comments

Verticals Targeted: Defense, Government, Technology 

Executive Summary

The MOVEit vulnerability tracked as CVE-2023-34362, was first observed in May 2023. It has since been observed targeting additional entities, including those in the technology, government, and defense verticals.

Read More

MOIS Affiliated Threat Actor Using Liontail Framework

Nov 6, 2023 12:58:47 PM / by The Hivemind posted in Threat Bulletin, APT, Financial, Government, Iran, Telecommunications, framework, Military, MOIS, Liontail, OilRig, Scarred Manticore, IT, NGOs

0 Comments

Verticals Targeted: Government, Defense, Telecommunications, Finance, NGO, IT services  

Executive Summary

Scarred Manticore, a threat actor group associated with Iran’s MOIS, was observed using Liontail framework in an espionage campaign. 

Read More

Stayin Alive Campaign Targets Telecoms and Government Entities in Asia

Oct 27, 2023 1:54:59 PM / by The Hivemind posted in Threat Bulletin, Government, Telecommunications, Asia, CurKeep, StayinAlive, ToddyCat, CurCore, CurLog, CurLu, StylerServ

0 Comments

Related Families: CurKeep, CurCore, CurLog, CurLu, StylerServ
Verticals Targeted: Telecommunications, Government 

Executive Summary

The Stayin Alive campaign, perpetrated by ToddyCat, was observed targeting telecommunications and government entities in Asia.

Read More

Earth Lusca's SprySOCKS Linux Backdoor

Sep 25, 2023 2:06:11 PM / by The Hivemind posted in Threat Bulletin, Espionage, Government, Linux, Backdoor, Mandibule, SprySOCKS, Earth Lusca, Aquatic Panda

0 Comments

Related Families: Mandibule, Cobalt Strike, Trochilus, RedLeaves
Verticals Targeted: Government 

Executive Summary

China nexus threat actor group Earth Lusca was observed using a Linux-based backdoor dubbed SprySOCKS to target government entities.

Read More

UNC4841 Targeting Government Entities with Barracuda ESG 0day

Sep 4, 2023 1:24:05 PM / by The Hivemind posted in Threat Bulletin, Government, Defense, Telecommunications, Aerospace, CVE-2023-2868, Military, Technology, DEPTHCHARGE, UNC4841, SKIPJACK, FOXTROT, FOXGLOVE

0 Comments

Related Families: SKIPJACK, DEPTHCHARGE, FOXTROT,  FOXGLOVE
Verticals Targeted: Government, Military, Defense, Aerospace, Technology, Telecommunications

Executive Summary

UNC4841 was observed using CVE-2023-2868 to target entities in multiple verticals, including government and military.

Read More

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts