The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

Ransomware Attacks Ramping Up in the Middle East

Mar 7, 2025 1:47:01 PM / by The Hivemind posted in Threat Bulletin, Middle East, Ransomware, LockBit, RansomHub, DragonForce

0 Comments

Related Families: DragonForce, RansomHub, LockBit
Verticals Targeted: Construction, Real Estate, Financial 

Executive Summary

Recent industry reporting highlights the ransomware threats faced by various entities in the Middle East. DragonForce ransomware was recently observed targeting a real estate and construction company in Saudi Arabia. However, this is only the tip of the iceberg, as entities in the Middle East, particularly financial services entities in Saudi Arabia and the UAE, are also being heavily targeted by ransomware.

Read More

Silver Fox Targeting Medical Devices

Mar 3, 2025 2:02:05 PM / by The Hivemind posted in Threat Bulletin, China, Evolving Threat, SilverFox, Medical, ValleyRAT

0 Comments

Related Families: ValleyRAT
Verticals Targeted: Medical

Executive Summary

Chinese threat actor Silver Fox was recently observed targeting medical devices in a sophisticated campaign that delivers multiple malware families, including ValleyRAT.

Read More

Wicked Panda’s RevivalStone Campaign Targets Manufacturing Entities in Japan

Feb 28, 2025 1:03:00 PM / by The Hivemind posted in Threat Bulletin, Wicked Panda, Winnti, RevivalStone

0 Comments

Verticals Targeted: Manufacturing

Executive Summary

A persistent and sophisticated espionage campaign by the China-linked threat actor group Wicked Panda was observed targeting Japan’s manufacturing sector. The campaign has been dubbed RevivalStone.

Read More

Ghost (Cring) Ransomware

Feb 24, 2025 11:57:27 AM / by The Hivemind posted in Threat Bulletin, Ransomware, Ghost, Cring

0 Comments

Verticals Targeted: Healthcare, Government, Education, Technology, Manufacturing, SMBs

Executive Summary

Ghost, also known as Cring, is a ransomware family that has been active since at least late 2020. A recent uptick in Ghost activity prompted US agencies to release a joint cybersecurity advisory on Ghost.

Read More

FrigidStealer MacOS Stealer

Feb 21, 2025 1:48:14 PM / by The Hivemind posted in Threat Bulletin, Stealer, Infostealer, MacOS, Emerging Threat, FrigidStealer

0 Comments

Executive Summary

FrigidStealer is a stealer that targets MacOS devices. It has been active since at least late 2024 and is delivered via web injection campaigns.

Read More

SystemBC Now Targeting Linux

Feb 18, 2025 2:05:57 PM / by The Hivemind posted in Threat Bulletin, Linux, RAT, SystemBC, Evolving Threat

0 Comments

Related Families: RIG, Fallout EK

Executive Summary

SystemBC, a RAT that previously only targeted Windows systems was recently observed targeting Linux.

Read More

Chinese Threat Actors Using BadIIS to Manipulate SEO

Feb 14, 2025 1:01:25 PM / by The Hivemind posted in Threat Bulletin, China, BadIIS, SEO manipulation, DragonRank

0 Comments

Verticals Targeted: Government, Education, Technology, Telecommunications

Executive Summary

Chinese threat actors were recently observed using BadIIS to manipulate SEO and direct victims to illegal gambling sites.

Read More

Evasive Panda Uses SSH Backdoor to Target Network Devices

Feb 10, 2025 1:56:30 PM / by The Hivemind posted in Threat Bulletin, China, Linux, Evasive Panda, Daggerfly, ELF/Sshdinjector.A!tr

0 Comments

Executive Summary

Read More
All posts

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts

Join the Marketplace

For Enterprises and Businesses

Learn More

For Security Experts and AV Companies

Learn More