Insights, news, education and announcements from PolySwarm

Earth Lusca's SprySOCKS Linux Backdoor

Sep 25, 2023 2:06:11 PM / by The Hivemind posted in Threat Bulletin, Espionage, Government, Linux, Backdoor, Mandibule, SprySOCKS, Earth Lusca, Aquatic Panda

0 Comments

Related Families: Mandibule, Cobalt Strike, Trochilus, RedLeaves
Verticals Targeted: Government

Executive Summary

China nexus threat actor group Earth Lusca was observed using a Linux-based backdoor dubbed SprySOCKS to target government entities.

UNC4841 Targeting Government Entities with Barracuda ESG 0day

Sep 4, 2023 1:24:05 PM / by The Hivemind posted in Threat Bulletin, Government, Defense, Telecommunications, Aerospace, CVE-2023-2868, Military, Technology, DEPTHCHARGE, UNC4841, SKIPJACK, FOXTROT, FOXGLOVE

0 Comments

Related Families: SKIPJACK, DEPTHCHARGE, FOXTROT, FOXGLOVE
Verticals Targeted: Government, Military, Defense, Aerospace, Technology, Telecommunications

Executive Summary

UNC4841 was observed using CVE-2023-2868 to target entities in multiple verticals, including government and military.

Vixen Panda's Graphican Backdoor

Jul 17, 2023 2:08:32 PM / by The Hivemind posted in Threat Bulletin, Financial, Government, China, Backdoor, Vixen Panda, Graphican

0 Comments

Related Families: Ketrican, BS2005
Verticals Targeted: Government, Financial

Executive Summary

Vixen Panda was recently observed using the Graphican backdoor to target government, financial, and other entities in the Americas and Europe. It is based on Ketrican and is one of many tools in Vixen Panda’s arsenal.

Asylum Ambuscade

Jun 20, 2023 1:49:52 PM / by The Hivemind posted in Financial, Government, Cryptocurrency, Asylum Ambuscade, SMB, SunSeed, AHKBOT, NODEBOT

0 Comments

Related Families: SunSeed, AHKBOT, NODEBOT
Verticals Targeted: Government, Cryptocurrency, Financial

Executive Summary

Asylum Ambuscade is a threat actor group known to engage in both cybercrime and espionage activity. Their targets include government, financial, and SMB entities, primarily in Europe and North America.

RedStinger Targets Critical Infrastructure

May 22, 2023 3:49:00 PM / by The Hivemind posted in Ukraine, Russia, Threat Bulletin, Government, Critical Infrastructure, Transportation, Bad Magic

0 Comments

Related Families: DboxShell, PowerMagic
Verticals Targeted: Defense, Critical Infrastructure, Transportation

Executive Summary

RedStinger, a relatively unknown threat actor group, targeted multiple entities in Ukraine, including those in the defense, transportation, and critical infrastructure verticals.

Mint Sandstorm Targets US Critical Infrastructure

May 1, 2023 3:22:04 PM / by The Hivemind posted in Threat Bulletin, Middle East, Government, Critical Infrastructure, Iran, Telecommunications, Charming Kitten, MENA, Energy, Mint Sandstorm, North Africa, Transportation

0 Comments

Related Families: Drokbk, Soldier
Verticals Targeted: Critical Infrastructure, Telecommunications, Government, Energy, Transportation. Utilities, Oil & Gas

Executive Summary

Mint Sandstorm was recently observed targeting US critical infrastructure entities. These include seaports, energy companies, transportation systems, and a US utility and gas entity.

YoroTrooper Targeting Energy & Government Entities

Mar 24, 2023 2:58:36 PM / by The Hivemind posted in Threat Bulletin, Government, Healthcare, YoroTrooper, CIS, Energy

0 Comments

Related Families: Custom Python tools, AveMaria, Warzone RAT, LodaRAT, Stink
Verticals Targeted: Energy, Government, Healthcare

Executive Summary

YoroTrooper is a threat actor group observed targeting energy and government entities and an EU healthcare organization. Although YoroTrooper uses commodity and open-source tools, most of their final payloads are custom developed.

SessionManager Targets Governments and NGOs

Jul 8, 2022 2:33:33 PM / by PolySwarm Tech Team posted in Threat Bulletin, Government, Backdoor, SessionManager, NGO, IIS

0 Comments

Executive Summary

Kaspersky recently reported on SessionManager, a difficult to detect backdoor targeting governments and NGOs in multiple countries.

The PolySwarm Blog

Earth Lusca's SprySOCKS Linux Backdoor

Executive Summary

China nexus threat actor group Earth Lusca was observed using a Linux-based backdoor dubbed SprySOCKS to target government entities.

UNC4841 Targeting Government Entities with Barracuda ESG 0day

Executive Summary

UNC4841 was observed using CVE-2023-2868 to target entities in multiple verticals, including government and military.

Vixen Panda's Graphican Backdoor

Executive Summary

Vixen Panda was recently observed using the Graphican backdoor to target government, financial, and other entities in the Americas and Europe. It is based on Ketrican and is one of many tools in Vixen Panda’s arsenal.

Asylum Ambuscade

Executive Summary

Asylum Ambuscade is a threat actor group known to engage in both cybercrime and espionage activity. Their targets include government, financial, and SMB entities, primarily in Europe and North America.

RedStinger Targets Critical Infrastructure

RedStinger, a relatively unknown threat actor group, targeted multiple entities in Ukraine, including those in the defense, transportation, and critical infrastructure verticals.

Mint Sandstorm Targets US Critical Infrastructure

YoroTrooper Targeting Energy & Government Entities

SessionManager Targets Governments and NGOs

Subscribe to Email Updates

Lists by Topic

Posts by Topic

Recent Posts

Join the Marketplace

For Enterprises and Businesses

For Security Experts and AV Companies