2024 Recap - Russian Threat Actor Activity
Dec 19, 2024 12:38:53 PM / by The Hivemind posted in Russia, Threat Bulletin, Europe, 2024, Recap
Venomous Bear’s Lunar Toolset
May 28, 2024 1:05:05 PM / by The Hivemind posted in Russia, Threat Bulletin, Government, Venomous Bear, Turla, LunarMail, LunarWeb, LunarLoader
Related Families: LunarMail, LunarLoader, LunarWeb
Verticals Targeted: Government
Executive Summary
Venomous Bear was observed targeting a European Ministry of Foreign Affairs using a new toolset, dubbed the Lunar toolset.
AcidPour Wiper Targets Linux x86 Devices
Mar 29, 2024 12:44:53 PM / by The Hivemind posted in Ukraine, Russia, Threat Bulletin, Linux, AcidRain, AcidPour, x86
Related Families: AcidRain
Verticals Targeted: Telecommunications
Executive Summary
AcidPour, a variant of AcidRain, was recently observed targeting entities in Ukraine. The targets likely included telecommunications entities.
ColdRiver Using Spica Backdoor
Feb 2, 2024 1:06:16 PM / by The Hivemind posted in Russia, Threat Bulletin, Backdoor, Spica, ColdRiver
Executive Summary
Russia nexus threat actor group ColdRiver was recently observed using Spica backdoor in an espionage campaign.
Fancy Bear Campaign Leverages New Malware
Jan 12, 2024 11:42:16 AM / by The Hivemind posted in Ukraine, Russia, Threat Bulletin, Espionage, Government, Fancy Bear, STEELHOOK, OCEANMAP, MASEPIE
Related Families: OCEANMAP, MASEPIE, STEELHOOK
Verticals Targeted: Government
Executive Summary
Fancy Bear was recently observed engaging in a phishing campaign targeting entities in Ukraine. In the campaign, the threat actors used three never before seen malware families, OCEANMAP, MASEPIE, and STEELHOOK.
2023 Recap - Cyberwar and Hacktivism in the Russia-Ukraine Conflict
Dec 8, 2023 1:17:32 PM / by The Hivemind posted in Ukraine, Russia, Threat Bulletin, Primitive Bear, Cozy Bear, Killnet, Cadet Blizzard, LitterDrifter, Ghost Writer, Fancy Bear, VooDoo Bear, RedStinger, Nodaria, Cyber Regiment, IT Army of Ukraine, KibOrg, NLB
Executive Summary
The Russia-Ukraine conflict has continued throughout 2023, with a plethora of both state-sponsored and hacktivist cyber activity taking place alongside kinetic warfare. In this report, PolySwarm provides the highlights of cyber activity associated with the Russia-Ukraine conflict in 2023.
AresLoader
Oct 13, 2023 2:27:36 PM / by The Hivemind posted in Russia, Threat Bulletin, Loader, Cybercrime, AresLoader, MaaS
Executive Summary
AresLoader is a loader malware-as-a-service (MaaS) active in the wild since at least November 2022. AresLoader is designed to masquerade as legitimate software, while covertly downloading malicious payloads.
Cadet Blizzard
Jun 23, 2023 2:09:27 PM / by The Hivemind posted in Russia, Threat Bulletin, Espionage, WhisperGate, Cadet Blizzard, Disruption
Related Families: WhisperGate
Verticals Targeted: Government, Law Enforcement, Non-profits, Information Technology, Emergency Services
Executive Summary
Cadet Blizzard is a Russia nexus state-sponsored threat actor group with potential ties to the GRU. However, their activity seems to be distinct from other GRU-associated threat actor groups.