Related Families: DragonForce, RansomHub, LockBit
Verticals Targeted: Construction, Real Estate, Financial
Executive Summary
This Threat Bulletin is part of PolySwarm’s 2024 Recap series. This report provides highlights of activity perpetrated by Iran-based threat actors in 2024.
Related Families: MuddyRot aka BugSleep
Verticals Targeted: Transportation, Government, Media, Travel
Executive Summary
Iran nexus threat actor group MuddyWater was recently observed using a new backdoor to target entities in the Middle East. Dubbed MuddyRot by Sekoia and BugSleep by Check Point Research, the backdoor appears to indicate a shift in MuddyWater’s TTPs.
Executive Summary
A wiper known as BiBi-Linux was recently observed targeting entities in Israel. A pro-Hamas hacktivist group was behind the attacks.
Verticals Targeted: Government
Executive Summary
Deadglyph is a backdoor used by the Stealth Falcon threat actor group for espionage operations targeting entities in the Middle East.
Related Families: HTTPSnoop, PipeSnoop
Verticals Targeted: Telecommunications
Executive Summary
ShroudedSnooper used the novel implants HTTPSnoop and PipeSnoop to target telecommunications entities in the Middle East.
Verticals Targeted: Automotive, Communications, Engineering, Financial Services, Healthcare, Insurance, Legal, Manufacturing, Retail, Technology, Telecommunications
Executive Summary
Charming Kitten, an Iran nexus threat actor group, was recently observed using Sponsor backdoor to target at least 34 entities in Brazil, Israel, and UAE.
Related Families: Drokbk, Soldier
Verticals Targeted: Critical Infrastructure, Telecommunications, Government, Energy, Transportation. Utilities, Oil & Gas
Executive Summary
Mint Sandstorm was recently observed targeting US critical infrastructure entities. These include seaports, energy companies, transportation systems, and a US utility and gas entity.