Related Families: Elking, Eight, Devos, Backmydata, Faust, Perdak, CrySiS, Dharma, SmokeLoader, Cobalt Strike, Bloodhound
Verticals Targeted: Critical Infrastructure, Government, Emergency Services, Education, Healthcare
Phobos Targeting Critical Infrastructure
Mar 15, 2024 2:49:12 PM / by The Hivemind posted in Threat Bulletin, Government, Critical Infrastructure, Ransomware, Healthcare, Energy, Education, Phobos, Emergency Services
KrustyLoader Backdoor
Mar 11, 2024 3:09:11 PM / by The Hivemind posted in Threat Bulletin, Windows, Linux, Backdoor, KrustyLoader, Avanti, UNC5221
Verticals Targeted: Government, Defense, Finance, Technology, Telecommunications, Aerospace, Pharmaceuticals
Executive Summary
Multiple industry sources recently reported on KrustyLoader, a Rust-based backdoor with both Windows and Linux variants.
Rhadamanthys Targeting ONG Sector
Mar 8, 2024 1:36:26 PM / by The Hivemind posted in Threat Bulletin, Critical Infrastructure, Stealer, Phishing, Energy, ONG, Oil & Gas, Rhadamanthys
Verticals Targeted: Oil & Gas, Energy, Critical Infrastructure
A Brief History of LockBit
Mar 4, 2024 1:46:37 PM / by The Hivemind posted in Threat Bulletin, Ransomware, LockBit
Verticals Targeted: Government
Executive Summary
LockBit has been one of the most prolific RaaS families of all time. Despite being all but dismantled by law enforcement earlier this month, the group appears to be back and is setting its sights on government targets.
Mustang Panda Used DOPLUGS PlugX Variant to Target Asia
Mar 1, 2024 12:24:02 PM / by The Hivemind posted in Threat Bulletin, China, Asia, APAC, DOPLUGS, Mustang Panda, SMUGX
Related Families: KillSomeOne, PlugX, Hodur, REDDELTA
Executive Summary
Mustang Panda was observed leveraging DOPLUGS to target entities in Asia. DOPLUGS is a custom PlugX variant.
RustDoor MacOS Backdoor
Feb 26, 2024 11:51:18 AM / by The Hivemind posted in Threat Bulletin, Ransomware, ALPHV, Backdoor, MacOS, Mac, Apple, RustDoor, GateDoor
Related Families: GateDoor
Verticals Targeted: Cryptocurrency
Executive Summary
RustDoor is a new MacOS backdoor written in Rust. RustDoor was observed targeting companies in the cryptocurrency sector.
ALPHV Targeting ONG, Critical Infrastructure Entities
Feb 23, 2024 2:25:34 PM / by The Hivemind posted in Threat Bulletin, Critical Infrastructure, Ransomware, BlackCat, ALPHV, Energy, ONG, Oil & Gas
Verticals Targeted: Critical Infrastructure, Energy, Oil & Gas
Executive Summary
ALPHV recently claimed responsibility for a cybersecurity incident targeting Canada's Trans-Northern Pipelines.
VajraSpy Android Spyware
Feb 20, 2024 12:02:15 PM / by The Hivemind posted in Threat Bulletin, APT, Android, Malware, Spyware, Mobile, VajraSpy