Related Families: RustyStealer
Ymir Ransomware
Nov 18, 2024 2:19:58 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Extortion, RustyStealer, Ymir
HellCat Ransomware Targets Energy Giant Schneider Electric
Nov 15, 2024 12:52:13 PM / by The Hivemind posted in Threat Bulletin, Critical Infrastructure, Ransomware, Energy, Emerging Threat, Evolving Threat
Related Families: HellDown
Verticals Targeted: Energy
Executive Summary
HellCat ransomware recently targeted French energy giant Schneider Electric. PolySwarm analysts consider HellCat to be an emerging threat.
ToxicPanda Android Banking Trojan
Nov 12, 2024 12:41:07 PM / by The Hivemind posted in Threat Bulletin, Android, Mobile, Banker, Banking Trojan, ToxicPanda, TgToxic
Related Families: TgToxic
Verticals Targeted: Financial
Executive Summary
ToxicPanda is an Android banking trojan that was first seen in the wild in October 2024. It allows threat actors to steal a victim’s money via account takeover (ATO) using On-Device Fraud (ODF).
NotLockBit Ransomware Targets MacOS
Nov 8, 2024 1:45:18 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Windows, LockBit, MacOS, NotLockBit
Executive Summary
NotLockBit is a ransomware family that mimics LockBit. NotLockBit is unique in that it is one of the first fully functional ransomware families to target MacOS systems.
FASTCash Linux Variant
Nov 4, 2024 1:04:08 PM / by The Hivemind posted in Threat Bulletin, Linux, FastCash, Payment Switch
Verticals Targeted: Financial
Executive Summary
A Linux variant of FASTCash “payment switch” malware was recently discovered. This malware is typically used by North Korea nexus threat actor groups to make unauthorized cash withdrawals from ATMs.
The Evolution of Akira Ransomware
Nov 1, 2024 12:21:19 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Akira, Evolving Threat
Verticals Targeted: Aerospace, Manufacturing, Professional Services, Scientific and Technical Services, Retail, Construction, Insurance, Telecommunications, Hospitality, and Legal Services
Executive Summary
Akira ransomware is one of the most prolific ransomware families of 2024. Active in the wild since April 2023, Akira has continued to evolve, maintaining its relevance on the threat landscape.
BumbleBee Returns With New Infection Chain
Oct 28, 2024 12:26:54 PM / by The Hivemind posted in Threat Bulletin, Loader, Bumblebee, Operation Endgame, Evolving Threat
Related Families: BazarLoader, BazaLoader
Executive Summary
BumbleBee is a sophisticated loader. It was first seen in the wild in 2022 and was a replacement for BazarLoader. It recently re-emerged with a new infection chain, indicating an evolving threat.
GorillaBot
Oct 23, 2024 11:56:41 AM / by The Hivemind posted in Threat Bulletin, DDoS, Mirai, Emerging Threat, GorillaBot, Gorilla Botnet
Related Families: Mirai
Verticals Targeted: Education, Government, Telecommunications, Financial, Gaming