The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

2023 Recap - Cyberwar and Hacktivism in the Russia-Ukraine Conflict

Dec 8, 2023 1:17:32 PM / by The Hivemind posted in Ukraine, Russia, Threat Bulletin, Primitive Bear, Cozy Bear, Killnet, Cadet Blizzard, LitterDrifter, Ghost Writer, Fancy Bear, VooDoo Bear, RedStinger, Nodaria, Cyber Regiment, IT Army of Ukraine, KibOrg, NLB

0 Comments

Executive Summary

The Russia-Ukraine conflict has continued throughout 2023, with a plethora of both state-sponsored and hacktivist cyber activity taking place alongside kinetic warfare. In this report, PolySwarm provides the highlights of cyber activity associated with the Russia-Ukraine conflict in 2023.

Read More

Kinsing Exploiting CVE-2023-46604

Dec 4, 2023 1:29:39 PM / by The Hivemind posted in Threat Bulletin, Cryptominer, Kinsing, CVE-2023-46604

0 Comments

Executive Summary

Kinsing threat actors were recently observed leveraging CVE-2023-46604, a vulnerability affecting Apache ActiveMQ, to infect Linux systems with cryptominers and rootkits.

Read More

LummaC2

Dec 1, 2023 12:48:51 PM / by The Hivemind posted in Threat Bulletin, Stealer, LummaC2, Lumma

0 Comments

Executive Summary

A new variant of LummaC2 was observed using a unique trigonometry-based anti-sandboxing technique.

Read More

C3RB3R Exploiting CVE-2023-22518

Nov 20, 2023 2:13:05 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Cerber, C3RB3R, CVE-2023-22518

0 Comments

Related Families: Cerber

Executive Summary

A new Cerber variant tracked as C3RB3R was recently observed leveraging CVE-2023-22518.

Read More

SecuriDropper Android Malware

Nov 17, 2023 1:27:39 PM / by The Hivemind posted in Threat Bulletin, Android, Mobile, Ermac, SpyNote, SecuriDropper, Dropper-as-a-service

0 Comments

Related Families: SpyNote, Ermac

Executive Summary

SecuriDropper is a widely distributed dropper-as-a-service that bypasses Android Restricted Settings.

Read More

New MOVEit Activity

Nov 13, 2023 1:31:46 PM / by The Hivemind posted in Threat Bulletin, Government, Defense, CVE-2023-34362, MOVEit, Technology

0 Comments

Verticals Targeted: Defense, Government, Technology 

Executive Summary

The MOVEit vulnerability tracked as CVE-2023-34362, was first observed in May 2023. It has since been observed targeting additional entities, including those in the technology, government, and defense verticals.

Read More

BiBi-Linux Wiper

Nov 10, 2023 12:18:01 PM / by The Hivemind posted in Threat Bulletin, Middle East, Wiper, Hacktivism, Palestine, Israel, Hamas, BiBi-Linux

0 Comments

Executive Summary

A wiper known as BiBi-Linux was recently observed targeting entities in Israel. A pro-Hamas hacktivist group was behind the attacks.

Read More

MOIS Affiliated Threat Actor Using Liontail Framework

Nov 6, 2023 12:58:47 PM / by The Hivemind posted in Threat Bulletin, APT, Financial, Government, Iran, Telecommunications, framework, Military, MOIS, Liontail, OilRig, Scarred Manticore, IT, NGOs

0 Comments

Verticals Targeted: Government, Defense, Telecommunications, Finance, NGO, IT services  

Executive Summary

Scarred Manticore, a threat actor group associated with Iran’s MOIS, was observed using Liontail framework in an espionage campaign. 

Read More

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts