Verticals Targeted: Government, Defense
Regions Targeted: Ukraine, Bulgaria, Romania, Africa, EU, South America
Related Families: None specified
Fancy Bear's SpyPress Malware
May 23, 2025 1:41:42 PM / by The Hivemind posted in Russia, Threat Bulletin, Espionage, Fancy Bear, SpyPress, Operation RoundPress
Star Blizzard’s LOSTKEYS Malware
May 19, 2025 1:20:19 PM / by The Hivemind posted in Russia, Threat Bulletin, Star Blizzard, LOSTKEYS
Verticals Targeted: NGOs, Diplomats, Government
Regions Targeted: Western countries, Eastern Europe, Ukraine
Related Families: Spica
Executive Summary
Star Blizzard, a Russian state-sponsored threat actor, has deployed a malware family named LOSTKEYS to steal sensitive documents and system information from NGOs, diplomats, and government officials in Western countries and Eastern Europe.
Cozy Bear Uses GRAPELOADER in Recent Phishing Campaign
Apr 21, 2025 2:15:53 PM / by The Hivemind posted in Russia, Threat Bulletin, Cozy Bear, GRAPELOADER
Verticals Targeted: Government, Diplomatic Entities
Regions Targeted: Europe, Middle East
Related Families: WINELOADER, ROOTSAW
Executive Summary
A sophisticated phishing campaign by Cozy Bear, a Russia-linked threat actor, was recently observed targeting European diplomatic entities with GRAPELOADER and WINELOADER malware.
Primitive Bear Using LNK Files to Deploy Remcos Backdoor Against Ukrainian Targets
Apr 4, 2025 2:48:44 PM / by The Hivemind posted in Ukraine, Russia, Threat Bulletin, Primitive Bear, LNK, Gamaredon, Remcos
Related Families: Remcos
Executive Summary
Primitive Bear has been observed targeting Ukrainian users with malicious LNK files since at least November 2024. This operation employs a PowerShell downloader and DLL side-loading techniques to deliver the Remcos RAT, exploiting war-related themed lures to deceive victims.
2024 Recap - Russian Threat Actor Activity
Dec 19, 2024 12:38:53 PM / by The Hivemind posted in Russia, Threat Bulletin, Europe, 2024, Recap
Executive Summary
This Threat Bulletin is part of PolySwarm’s 2024 Recap series. This report provides highlights of activity perpetrated by Russia-based threat actors in 2024.
Venomous Bear’s Lunar Toolset
May 28, 2024 1:05:05 PM / by The Hivemind posted in Russia, Threat Bulletin, Government, Venomous Bear, Turla, LunarMail, LunarWeb, LunarLoader
Related Families: LunarMail, LunarLoader, LunarWeb
Verticals Targeted: Government
Executive Summary
Venomous Bear was observed targeting a European Ministry of Foreign Affairs using a new toolset, dubbed the Lunar toolset.
AcidPour Wiper Targets Linux x86 Devices
Mar 29, 2024 12:44:53 PM / by The Hivemind posted in Ukraine, Russia, Threat Bulletin, Linux, AcidRain, AcidPour, x86
Related Families: AcidRain
Verticals Targeted: Telecommunications
Executive Summary
AcidPour, a variant of AcidRain, was recently observed targeting entities in Ukraine. The targets likely included telecommunications entities.
ColdRiver Using Spica Backdoor
Feb 2, 2024 1:06:16 PM / by The Hivemind posted in Russia, Threat Bulletin, Backdoor, Spica, ColdRiver