The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

Charming Kitten Using Sponsor Backdoor

Sep 18, 2023 2:00:54 PM / by The Hivemind posted in Threat Bulletin, Middle East, Iran, Charming Kitten, Sponsor

0 Comments

Verticals Targeted: Automotive, Communications, Engineering, Financial Services, Healthcare, Insurance, Legal, Manufacturing, Retail, Technology, Telecommunications

Executive Summary

Charming Kitten, an Iran nexus threat actor group, was recently observed using Sponsor backdoor to target at least 34 entities in Brazil, Israel, and UAE.

Read More

Mint Sandstorm Targets US Critical Infrastructure

May 1, 2023 3:22:04 PM / by The Hivemind posted in Threat Bulletin, Middle East, Government, Critical Infrastructure, Iran, Telecommunications, Charming Kitten, MENA, Energy, Mint Sandstorm, North Africa, Transportation

0 Comments

Related Families: Drokbk, Soldier
Verticals Targeted:
Critical Infrastructure, Telecommunications, Government, Energy, Transportation. Utilities, Oil & Gas

Executive Summary

Mint Sandstorm was recently observed targeting US critical infrastructure entities. These include seaports, energy companies, transportation systems, and a US utility and gas entity.

Read More

PolySwarm 2022 Recap - Threat Actor Activity Highlights: Iran

Dec 19, 2022 2:03:57 PM / by PolySwarm Tech Team posted in Threat Bulletin, Middle East, Iran, 2022 Recap, MENA

0 Comments



Executive Summary

This Threat Bulletin is part of PolySwarm’s 2022 Recap series. This report highlights activity perpetrated by Iran-based threat actors in 2022.


Key Takeaways

  • This report provides highlights of activity perpetrated by Iran-based threat actors in 2022.
  • Threat actors featured in this report include Static Kitten, Charming Kitten, Siamese Kitten, Fox Kitten, Helix Kitten, Nemesis Kitten, Refined Kitten, Moses Staff, Cobalt Mirage, and APT42. 
  • PolySwarm tracked malware associated with multiple Iran nexus threat actors in 2022.
Read More

PolySwarm Threat Bulletin: Molerats NimbleMamba Espionage Campaign Targeting MENA Countries

Feb 16, 2022 2:55:24 PM / by PolySwarm Tech Team posted in Threat Bulletin, Middle East, Molerats, Espionage, Gaza, Gaza Cyber Gang, Nimblemamba

0 Comments


Background

Proofpoint recently posted their findings on a Molerats espionage campaign leveraging a new implant dubbed NimbleMamba. In this campaign, Molerats employed a complex attack chain that uses a combination of geofencing and URL redirects to legitimate sites to evade detection. Targets of this campaign included Middle Eastern governments, foreign policy think tanks, and an airline.
Read More

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts