Insights, news, education and announcements from PolySwarm

INC Ransomware

Apr 8, 2024 2:23:53 PM / by The Hivemind posted in Threat Bulletin, Government, Ransomware, Healthcare, INC

0 Comments

Verticals Targeted: Government, Healthcare

Executive Summary

INC is a relatively new ransomware group that has been active since summer 2023. The group recently claimed responsibility for attacks on Leicester City Council and NHS services in Scotland.

StrelaStealer Campaign Targeted US and EU

Apr 1, 2024 2:28:11 PM / by The Hivemind posted in Threat Bulletin, Government, Stealer, Energy, Manufacturing, Legal Services, Insurance, Construction, StrelaStealer, Email, Finance

0 Comments

Verticals Targeted: Technology, Finance, Legal Services, Manufacturing, Government, Energy, Insurance, Construction

Executive Summary

StrelaStealer was recently used in a widespread campaign targeting over 100 entities in the US and EU. The newest version of StrelaStealer is more advanced than previous versions and includes features to help thwart analysis.

Phobos Targeting Critical Infrastructure

Mar 15, 2024 2:49:12 PM / by The Hivemind posted in Threat Bulletin, Government, Critical Infrastructure, Ransomware, Healthcare, Energy, Education, Phobos, Emergency Services

0 Comments

Related Families: Elking, Eight, Devos, Backmydata, Faust, Perdak, CrySiS, Dharma, SmokeLoader, Cobalt Strike, Bloodhound
Verticals Targeted: Critical Infrastructure, Government, Emergency Services, Education, Healthcare

Executive Summary

CISA recently released an advisory on Phobos ransomware being used to target critical infrastructure entities, including government entities, emergency services, education, public healthcare, and other unspecified entities.

Fancy Bear Campaign Leverages New Malware

Jan 12, 2024 11:42:16 AM / by The Hivemind posted in Ukraine, Russia, Threat Bulletin, Espionage, Government, Fancy Bear, STEELHOOK, OCEANMAP, MASEPIE

0 Comments

Related Families: OCEANMAP, MASEPIE, STEELHOOK
Verticals Targeted: Government

Executive Summary

Fancy Bear was recently observed engaging in a phishing campaign targeting entities in Ukraine. In the campaign, the threat actors used three never before seen malware families, OCEANMAP, MASEPIE, and STEELHOOK.

Rhysida On The Rampage

Nov 27, 2023 1:24:03 PM / by The Hivemind posted in Government, Healthcare, Technology, Education, Manufacturing, Various

0 Comments

Verticals Targeted: Education, Government, Manufacturing, Technology, Healthcare, Various

Executive Summary

New Rhysida activity has prompted the release of a joint cybersecurity advisory providing additional details on the ransomware group’s TTPs and operations.

New MOVEit Activity

Nov 13, 2023 1:31:46 PM / by The Hivemind posted in Threat Bulletin, Government, Defense, CVE-2023-34362, MOVEit, Technology

0 Comments

Verticals Targeted: Defense, Government, Technology

Executive Summary

The MOVEit vulnerability tracked as CVE-2023-34362, was first observed in May 2023. It has since been observed targeting additional entities, including those in the technology, government, and defense verticals.

MOIS Affiliated Threat Actor Using Liontail Framework

Nov 6, 2023 12:58:47 PM / by The Hivemind posted in Threat Bulletin, APT, Financial, Government, Iran, Telecommunications, framework, Military, MOIS, Liontail, OilRig, Scarred Manticore, IT, NGOs

0 Comments

Verticals Targeted: Government, Defense, Telecommunications, Finance, NGO, IT services

Executive Summary

Scarred Manticore, a threat actor group associated with Iran’s MOIS, was observed using Liontail framework in an espionage campaign.

Stayin Alive Campaign Targets Telecoms and Government Entities in Asia

Oct 27, 2023 1:54:59 PM / by The Hivemind posted in Threat Bulletin, Government, Telecommunications, Asia, CurKeep, StayinAlive, ToddyCat, CurCore, CurLog, CurLu, StylerServ

0 Comments

Related Families: CurKeep, CurCore, CurLog, CurLu, StylerServ
Verticals Targeted: Telecommunications, Government

The PolySwarm Blog

INC Ransomware

Executive Summary

INC is a relatively new ransomware group that has been active since summer 2023. The group recently claimed responsibility for attacks on Leicester City Council and NHS services in Scotland.

StrelaStealer Campaign Targeted US and EU

Executive Summary

StrelaStealer was recently used in a widespread campaign targeting over 100 entities in the US and EU. The newest version of StrelaStealer is more advanced than previous versions and includes features to help thwart analysis.

Phobos Targeting Critical Infrastructure

Executive Summary

CISA recently released an advisory on Phobos ransomware being used to target critical infrastructure entities, including government entities, emergency services, education, public healthcare, and other unspecified entities.

Fancy Bear Campaign Leverages New Malware

Executive Summary

Fancy Bear was recently observed engaging in a phishing campaign targeting entities in Ukraine. In the campaign, the threat actors used three never before seen malware families, OCEANMAP, MASEPIE, and STEELHOOK.

Rhysida On The Rampage

Executive Summary

New Rhysida activity has prompted the release of a joint cybersecurity advisory providing additional details on the ransomware group’s TTPs and operations.

New MOVEit Activity

Executive Summary

The MOVEit vulnerability tracked as CVE-2023-34362, was first observed in May 2023. It has since been observed targeting additional entities, including those in the technology, government, and defense verticals.

MOIS Affiliated Threat Actor Using Liontail Framework

Executive Summary

Scarred Manticore, a threat actor group associated with Iran’s MOIS, was observed using Liontail framework in an espionage campaign.

Stayin Alive Campaign Targets Telecoms and Government Entities in Asia

Executive Summary

The Stayin Alive campaign, perpetrated by ToddyCat, was observed targeting telecommunications and government entities in Asia.

Subscribe to Email Updates

Lists by Topic

Posts by Topic

Recent Posts

Join the Marketplace

For Enterprises and Businesses

For Security Experts and AV Companies