The PolySwarm Blog

Related Families: GateDoor
Verticals Targeted: Cryptocurrency

Executive Summary

RustDoor is a new MacOS backdoor written in Rust. RustDoor was observed targeting companies in the cryptocurrency sector.

Verticals Targeted: Critical Infrastructure, Energy, Oil & Gas

Executive Summary

ALPHV recently claimed responsibility for a cybersecurity incident targeting Canada's Trans-Northern Pipelines.

Related Families: Phobos

Executive Summary

Faust is a newly discovered variant of Phobos ransomware delivered via an office document containing a malicious VBA script.

Verticals Targeted: Energy

Executive Summary

Cactus is a ransomware family that has been active since at least March 2023 and has been gaining momentum in recent months. Cactus recently claimed an attack on Schneider Electric.

Related Families: Cerber

Executive Summary

A new Cerber variant tracked as C3RB3R was recently observed leveraging CVE-2023-22518.

Related Families: Megazord
Verticals Targeted: Manufacturing, Business Services, Construction, Education, Finance, Legal Services, Retail, Architecture, Engineering and Design, and Investment Banking

Executive Summary

Akira ransomware, active since April 2023, was recently observed targeting Windows and Linux systems.

Verticals Targeted: Gambling, Hospitality, Recreation

Executive Summary

MGM Resorts International was the victim of a recent cyber attack that impacted several systems, including its website, reservations, and in-casino services such as ATMs, slot machines, and credit card machines. ALPHV has taken credit for the attack.

Related Families: Remcos RAT, Metasploit
Verticals Targeted:  Manufacturing, Retail, Wholesale, Legal, Professional Services

Executive Summary

Mallox, also known as TargetCompany, FARGO, and Tohnichi, is a ransomware family targeting Windows systems, particularly unsecured MS-SQL servers, to compromise victim networks.