Related Families: DboxShell, PowerMagic
Verticals Targeted: Defense, Critical Infrastructure, Transportation
Executive Summary
RedStinger Targets Critical Infrastructure
May 22, 2023 3:49:00 PM / by The Hivemind posted in Ukraine, Russia, Threat Bulletin, Government, Critical Infrastructure, Transportation, Bad Magic
Tomiris Targets Central Asia in Espionage Campaign
May 5, 2023 2:00:47 PM / by The Hivemind posted in Russia, Threat Bulletin, Kopiluwak, TunnusSched, Roopy, Tomiris, Central Asia, Telemiris, JLORAT
Related Families: Telemiris, TunnusSched, Roopy, JLORAT, KopiLuwak
Verticals Targeted: Government, Diplomatic Entities
Executive Summary
A Russian-speaking threat actor group dubbed Tomiris was recently observed conducting an espionage campaign targeting countries in Central Asia. The group uses a variety of tools, some of which overlap with the Russian threat actor group Venomous Bear.
Recent Turla Activity Targeting Ukraine
Jan 19, 2023 12:39:38 PM / by The Hivemind posted in Ukraine, Russia, Threat Bulletin, Espionage, Venomous Bear, Andromeda, Kopiluwak, Turla, QuietCanary
Related Families: Andromeda, Kopiluwak, QuietCanary
Executive Summary
Mandiant recently reported on a Turla campaign targeting Ukraine. The threat actors used multiple malware families in this campaign, including Kopiluwak, QuietCanary, and Andromeda.
PolySwarm 2022 Recap - Threat Actor Activity Highlights: Russia
Dec 29, 2022 3:17:20 PM / by PolySwarm Tech Team posted in Russia, Threat Bulletin, APT, Europe, 2022 Recap
Executive Summary
This Threat Bulletin is part of PolySwarm’s 2022 Recap series. This report provides highlights of activity perpetrated by Russia-based threat actors in 2022. Russian APT activity in 2022 was heavily focused on targeting Ukraine for espionage and sabotage due to the ongoing Russia-Ukraine conflict. While the Russian cyber threat landscape includes a wide variety of ransomware and cybercrime threat actors, we have limited the scope of this report to state-sponsored threat actor activity.
Key Takeaways
- This report highlights activity perpetrated by Russia-based APT threat actors in 2022.
- Threat actors featured in this report include Cozy Bear, Fancy Bear, Energetic Bear, Venomous Bear, Primitive Bear, VooDoo Bear, Ember Bear, Saint Bear, UAC-0041, UAC-0088, and UAC-0098.
- PolySwarm tracked malware associated with multiple Russia nexus threat actors in 2022.
PolySwarm 2022 Recap - War of the Wipers
Dec 15, 2022 1:04:25 PM / by PolySwarm Tech Team posted in Ukraine, Russia, Threat Bulletin, Wiper, 2022 Recap
Related Families: DoubleZero, IsaacWiper, HermeticWiper, CaddyWiper, WhisperGate, AcidRain, Industroyer2, Azov, CryWiper
Verticals Targeted: defense, government, judicial, telecommunications, energy, non-profit
Executive Summary
In 2022, we observed a significant increase in the number of wiper malware families active in the wild. The majority of this activity appears to be motivated by or conducted in conjunction with the ongoing kinetic warfare taking place between Russia and Ukraine. In this report, we focus on wipers that seem to be connected to the Russia-Ukraine conflict.
Key Takeaways
- In 2022, we observed a significant increase in the number of wiper malware families active in the wild. Many of these appear to be related to the Russia-Ukraine conflict.
- These families include DoubleZero, HermeticWiper, IsaacWiper, CaddyWiper, WhisperGate, AcidRain, Industroyer2, Azov, and CryWiper.
- The majority of these wiper families targeted entities in Ukraine, while at least one targeted entities in Russia.
Cyber Threats to Aviation and Aerospace
Oct 25, 2022 5:02:07 PM / by PolySwarm Tech Team posted in Russia, Threat Bulletin, China, Ransomware, Aerospace, Hacktivism, Aviation, Data Theft, Killnet, Phishing
Executive Summary
The aviation and aerospace verticals face numerous challenges in the form of cyber threats. This report gives an overview of the different threat actor motivations to target aviation and aerospace and the types of threats to these verticals.
New Armageddon Activity Targets Ukraine
Sep 22, 2022 12:45:11 PM / by PolySwarm Tech Team posted in Ukraine, Russia, Threat Bulletin, Infostealer, Armageddon, Gameredon, Primitive Bear, Shuckworm
Executive Summary
Cisco Talos researchers recently reported on new activity perpetrated by Russian nexus threat actor group Armageddon. The group is using a new infostealer to target entities in Ukraine.
Key Takeaways
Woody RAT Targets Russia
Aug 15, 2022 2:18:29 PM / by PolySwarm Tech Team posted in Russia, Threat Bulletin, Woody RAT, RAT
Executive Summary
Malwarebytes recently reported on Woody RAT, a RAT being used to target entities in Russia.