Verticals Targeted: Government, Defense
Regions Targeted: Ukraine, Bulgaria, Romania, Africa, EU, South America
Related Families: None specified
Verticals Targeted: NGOs, Diplomats, Government
Regions Targeted: Western countries, Eastern Europe, Ukraine
Related Families: Spica
Executive Summary
Star Blizzard, a Russian state-sponsored threat actor, has deployed a malware family named LOSTKEYS to steal sensitive documents and system information from NGOs, diplomats, and government officials in Western countries and Eastern Europe.
Verticals Targeted: Government, Diplomatic Entities
Regions Targeted: Europe, Middle East
Related Families: WINELOADER, ROOTSAW
Executive Summary
A sophisticated phishing campaign by Cozy Bear, a Russia-linked threat actor, was recently observed targeting European diplomatic entities with GRAPELOADER and WINELOADER malware.
Related Families: Remcos
Executive Summary
Primitive Bear has been observed targeting Ukrainian users with malicious LNK files since at least November 2024. This operation employs a PowerShell downloader and DLL side-loading techniques to deliver the Remcos RAT, exploiting war-related themed lures to deceive victims.
Executive Summary
This Threat Bulletin is part of PolySwarm’s 2024 Recap series. This report provides highlights of activity perpetrated by Russia-based threat actors in 2024.
Related Families: LunarMail, LunarLoader, LunarWeb
Verticals Targeted: Government
Executive Summary
Venomous Bear was observed targeting a European Ministry of Foreign Affairs using a new toolset, dubbed the Lunar toolset.
Related Families: AcidRain
Verticals Targeted: Telecommunications
Executive Summary
AcidPour, a variant of AcidRain, was recently observed targeting entities in Ukraine. The targets likely included telecommunications entities.
