Insights, news, education and announcements from PolySwarm

2024 Recap - Iranian Threat Actor Activity

Dec 16, 2024 1:42:43 PM / by The Hivemind posted in Threat Bulletin, Middle East, Iran, MENA, 2024, Recap

Executive Summary

This Threat Bulletin is part of PolySwarm’s 2024 Recap series. This report provides highlights of activity perpetrated by Iran-based threat actors in 2024.

MuddyWater Using New Backdoor to Target Middle East

Jul 22, 2024 1:09:20 PM / by The Hivemind posted in Threat Bulletin, Middle East, Static Kitten, MuddyWater, MuddyRot, BugSleep

0 Comments

Related Families: MuddyRot aka BugSleep
Verticals Targeted: Transportation, Government, Media, Travel

Executive Summary

Iran nexus threat actor group MuddyWater was recently observed using a new backdoor to target entities in the Middle East. Dubbed MuddyRot by Sekoia and BugSleep by Check Point Research, the backdoor appears to indicate a shift in MuddyWater’s TTPs.

BiBi-Linux Wiper

Nov 10, 2023 12:18:01 PM / by The Hivemind posted in Threat Bulletin, Middle East, Wiper, Hacktivism, Palestine, Israel, Hamas, BiBi-Linux

0 Comments

Executive Summary

A wiper known as BiBi-Linux was recently observed targeting entities in Israel. A pro-Hamas hacktivist group was behind the attacks.

Stealth Falcon's Deadglyph Backdoor

Oct 6, 2023 1:42:37 PM / by The Hivemind posted in Threat Bulletin, Middle East, Backdoor, Stealth Falcon, Deadglyph, UAE

0 Comments

Verticals Targeted: Government

Executive Summary

Deadglyph is a backdoor used by the Stealth Falcon threat actor group for espionage operations targeting entities in the Middle East.

ShroudedSnooper Targeting Telecommunications in the Middle East

Sep 29, 2023 1:35:33 PM / by The Hivemind posted in Threat Bulletin, Middle East, Telecommunications, ShroudedSnooper, HTTPSnoop, PipeSnoop

0 Comments

Related Families: HTTPSnoop, PipeSnoop
Verticals Targeted: Telecommunications

Executive Summary

ShroudedSnooper used the novel implants HTTPSnoop and PipeSnoop to target telecommunications entities in the Middle East.

Charming Kitten Using Sponsor Backdoor

Sep 18, 2023 2:00:54 PM / by The Hivemind posted in Threat Bulletin, Middle East, Iran, Charming Kitten, Sponsor

0 Comments

Verticals Targeted: Automotive, Communications, Engineering, Financial Services, Healthcare, Insurance, Legal, Manufacturing, Retail, Technology, Telecommunications

Executive Summary

Charming Kitten, an Iran nexus threat actor group, was recently observed using Sponsor backdoor to target at least 34 entities in Brazil, Israel, and UAE.

Mint Sandstorm Targets US Critical Infrastructure

May 1, 2023 3:22:04 PM / by The Hivemind posted in Threat Bulletin, Middle East, Government, Critical Infrastructure, Iran, Telecommunications, Charming Kitten, MENA, Energy, Mint Sandstorm, North Africa, Transportation

0 Comments

Related Families: Drokbk, Soldier
Verticals Targeted: Critical Infrastructure, Telecommunications, Government, Energy, Transportation. Utilities, Oil & Gas

Executive Summary

Mint Sandstorm was recently observed targeting US critical infrastructure entities. These include seaports, energy companies, transportation systems, and a US utility and gas entity.

PolySwarm 2022 Recap - Threat Actor Activity Highlights: Iran

Dec 19, 2022 2:03:57 PM / by PolySwarm Tech Team posted in Threat Bulletin, Middle East, Iran, 2022 Recap, MENA

0 Comments

Executive Summary

This Threat Bulletin is part of PolySwarm’s 2022 Recap series. This report highlights activity perpetrated by Iran-based threat actors in 2022.

Key Takeaways

This report provides highlights of activity perpetrated by Iran-based threat actors in 2022.
Threat actors featured in this report include Static Kitten, Charming Kitten, Siamese Kitten, Fox Kitten, Helix Kitten, Nemesis Kitten, Refined Kitten, Moses Staff, Cobalt Mirage, and APT42.
PolySwarm tracked malware associated with multiple Iran nexus threat actors in 2022.

The PolySwarm Blog

2024 Recap - Iranian Threat Actor Activity

Executive Summary

This Threat Bulletin is part of PolySwarm’s 2024 Recap series. This report provides highlights of activity perpetrated by Iran-based threat actors in 2024.

MuddyWater Using New Backdoor to Target Middle East

Executive Summary

Iran nexus threat actor group MuddyWater was recently observed using a new backdoor to target entities in the Middle East. Dubbed MuddyRot by Sekoia and BugSleep by Check Point Research, the backdoor appears to indicate a shift in MuddyWater’s TTPs.

BiBi-Linux Wiper

Executive Summary

A wiper known as BiBi-Linux was recently observed targeting entities in Israel. A pro-Hamas hacktivist group was behind the attacks.

Stealth Falcon's Deadglyph Backdoor

Executive Summary

Deadglyph is a backdoor used by the Stealth Falcon threat actor group for espionage operations targeting entities in the Middle East.

ShroudedSnooper Targeting Telecommunications in the Middle East

Executive Summary

ShroudedSnooper used the novel implants HTTPSnoop and PipeSnoop to target telecommunications entities in the Middle East.

Charming Kitten Using Sponsor Backdoor

Executive Summary

Charming Kitten, an Iran nexus threat actor group, was recently observed using Sponsor backdoor to target at least 34 entities in Brazil, Israel, and UAE.

Mint Sandstorm Targets US Critical Infrastructure

PolySwarm 2022 Recap - Threat Actor Activity Highlights: Iran

Subscribe to Email Updates

Lists by Topic

Posts by Topic

Recent Posts

Join the Marketplace

For Enterprises and Businesses

For Security Experts and AV Companies