AresLoader is a loader malware-as-a-service (MaaS) active in the wild since at least November 2022. AresLoader is designed to masquerade as legitimate software, while covertly downloading malicious payloads.
Related Families: WhisperGate
Verticals Targeted: Government, Law Enforcement, Non-profits, Information Technology, Emergency Services
Related Families: DboxShell, PowerMagic
Verticals Targeted: Defense, Critical Infrastructure, Transportation
Related Families: Telemiris, TunnusSched, Roopy, JLORAT, KopiLuwak
Verticals Targeted: Government, Diplomatic Entities
A Russian-speaking threat actor group dubbed Tomiris was recently observed conducting an espionage campaign targeting countries in Central Asia. The group uses a variety of tools, some of which overlap with the Russian threat actor group Venomous Bear.
Related Families: Andromeda, Kopiluwak, QuietCanary
Mandiant recently reported on a Turla campaign targeting Ukraine. The threat actors used multiple malware families in this campaign, including Kopiluwak, QuietCanary, and Andromeda.
This Threat Bulletin is part of PolySwarm’s 2022 Recap series. This report provides highlights of activity perpetrated by Russia-based threat actors in 2022. Russian APT activity in 2022 was heavily focused on targeting Ukraine for espionage and sabotage due to the ongoing Russia-Ukraine conflict. While the Russian cyber threat landscape includes a wide variety of ransomware and cybercrime threat actors, we have limited the scope of this report to state-sponsored threat actor activity.
Related Families: DoubleZero, IsaacWiper, HermeticWiper, CaddyWiper, WhisperGate, AcidRain, Industroyer2, Azov, CryWiper
Verticals Targeted: defense, government, judicial, telecommunications, energy, non-profit
In 2022, we observed a significant increase in the number of wiper malware families active in the wild. The majority of this activity appears to be motivated by or conducted in conjunction with the ongoing kinetic warfare taking place between Russia and Ukraine. In this report, we focus on wipers that seem to be connected to the Russia-Ukraine conflict.
The aviation and aerospace verticals face numerous challenges in the form of cyber threats. This report gives an overview of the different threat actor motivations to target aviation and aerospace and the types of threats to these verticals.