The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

MuddyWater Using New Backdoor to Target Middle East

Jul 22, 2024 1:09:20 PM / by The Hivemind posted in Threat Bulletin, Middle East, Static Kitten, MuddyWater, MuddyRot, BugSleep

0 Comments

Related Families: MuddyRot aka BugSleep
Verticals Targeted: Transportation, Government, Media, Travel

Executive Summary

Iran nexus threat actor group MuddyWater was recently observed using a new backdoor to target entities in the Middle East. Dubbed MuddyRot by Sekoia and BugSleep by Check Point Research, the backdoor appears to indicate a shift in MuddyWater’s TTPs.

Read More

BiBi-Linux Wiper

Nov 10, 2023 12:18:01 PM / by The Hivemind posted in Threat Bulletin, Middle East, Wiper, Hacktivism, Palestine, Israel, Hamas, BiBi-Linux

0 Comments

Executive Summary

A wiper known as BiBi-Linux was recently observed targeting entities in Israel. A pro-Hamas hacktivist group was behind the attacks.

Read More

Stealth Falcon's Deadglyph Backdoor

Oct 6, 2023 1:42:37 PM / by The Hivemind posted in Threat Bulletin, Middle East, Backdoor, Stealth Falcon, Deadglyph, UAE

0 Comments

Verticals Targeted: Government 

Executive Summary

Deadglyph is a backdoor used by the Stealth Falcon threat actor group for espionage operations targeting entities in the Middle East.

Read More

ShroudedSnooper Targeting Telecommunications in the Middle East

Sep 29, 2023 1:35:33 PM / by The Hivemind posted in Threat Bulletin, Middle East, Telecommunications, ShroudedSnooper, HTTPSnoop, PipeSnoop

0 Comments

Related Families: HTTPSnoop, PipeSnoop
Verticals Targeted: Telecommunications 

Executive Summary

ShroudedSnooper used the novel implants HTTPSnoop and PipeSnoop to target telecommunications entities in the Middle East.

Read More

Charming Kitten Using Sponsor Backdoor

Sep 18, 2023 2:00:54 PM / by The Hivemind posted in Threat Bulletin, Middle East, Iran, Charming Kitten, Sponsor

0 Comments

Verticals Targeted: Automotive, Communications, Engineering, Financial Services, Healthcare, Insurance, Legal, Manufacturing, Retail, Technology, Telecommunications

Executive Summary

Charming Kitten, an Iran nexus threat actor group, was recently observed using Sponsor backdoor to target at least 34 entities in Brazil, Israel, and UAE.

Read More

Mint Sandstorm Targets US Critical Infrastructure

May 1, 2023 3:22:04 PM / by The Hivemind posted in Threat Bulletin, Middle East, Government, Critical Infrastructure, Iran, Telecommunications, Charming Kitten, MENA, Energy, Mint Sandstorm, North Africa, Transportation

0 Comments

Related Families: Drokbk, Soldier
Verticals Targeted:
Critical Infrastructure, Telecommunications, Government, Energy, Transportation. Utilities, Oil & Gas

Executive Summary

Mint Sandstorm was recently observed targeting US critical infrastructure entities. These include seaports, energy companies, transportation systems, and a US utility and gas entity.

Read More

PolySwarm 2022 Recap - Threat Actor Activity Highlights: Iran

Dec 19, 2022 2:03:57 PM / by PolySwarm Tech Team posted in Threat Bulletin, Middle East, Iran, 2022 Recap, MENA

0 Comments



Executive Summary

This Threat Bulletin is part of PolySwarm’s 2022 Recap series. This report highlights activity perpetrated by Iran-based threat actors in 2022.


Key Takeaways

  • This report provides highlights of activity perpetrated by Iran-based threat actors in 2022.
  • Threat actors featured in this report include Static Kitten, Charming Kitten, Siamese Kitten, Fox Kitten, Helix Kitten, Nemesis Kitten, Refined Kitten, Moses Staff, Cobalt Mirage, and APT42. 
  • PolySwarm tracked malware associated with multiple Iran nexus threat actors in 2022.
Read More

PolySwarm Threat Bulletin: Molerats NimbleMamba Espionage Campaign Targeting MENA Countries

Feb 16, 2022 2:55:24 PM / by PolySwarm Tech Team posted in Threat Bulletin, Middle East, Molerats, Espionage, Gaza, Gaza Cyber Gang, Nimblemamba

0 Comments


Background

Proofpoint recently posted their findings on a Molerats espionage campaign leveraging a new implant dubbed NimbleMamba. In this campaign, Molerats employed a complex attack chain that uses a combination of geofencing and URL redirects to legitimate sites to evade detection. Targets of this campaign included Middle Eastern governments, foreign policy think tanks, and an airline.
Read More

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts