Related Families: DragonForce, RansomHub, LockBit
Verticals Targeted: Construction, Real Estate, Financial
Ransomware Attacks Ramping Up in the Middle East
Mar 7, 2025 1:47:01 PM / by The Hivemind posted in Threat Bulletin, Middle East, Ransomware, LockBit, RansomHub, DragonForce
Silver Fox Targeting Medical Devices
Mar 3, 2025 2:02:05 PM / by The Hivemind posted in Threat Bulletin, China, Evolving Threat, SilverFox, Medical, ValleyRAT
Related Families: ValleyRAT
Verticals Targeted: Medical
Executive Summary
Chinese threat actor Silver Fox was recently observed targeting medical devices in a sophisticated campaign that delivers multiple malware families, including ValleyRAT.
Wicked Panda’s RevivalStone Campaign Targets Manufacturing Entities in Japan
Feb 28, 2025 1:03:00 PM / by The Hivemind posted in Threat Bulletin, Wicked Panda, Winnti, RevivalStone
Verticals Targeted: Manufacturing
Executive Summary
A persistent and sophisticated espionage campaign by the China-linked threat actor group Wicked Panda was observed targeting Japan’s manufacturing sector. The campaign has been dubbed RevivalStone.
Ghost (Cring) Ransomware
Feb 24, 2025 11:57:27 AM / by The Hivemind posted in Threat Bulletin, Ransomware, Ghost, Cring
Verticals Targeted: Healthcare, Government, Education, Technology, Manufacturing, SMBs
Executive Summary
Ghost, also known as Cring, is a ransomware family that has been active since at least late 2020. A recent uptick in Ghost activity prompted US agencies to release a joint cybersecurity advisory on Ghost.
FrigidStealer MacOS Stealer
Feb 21, 2025 1:48:14 PM / by The Hivemind posted in Threat Bulletin, Stealer, Infostealer, MacOS, Emerging Threat, FrigidStealer
Executive Summary
FrigidStealer is a stealer that targets MacOS devices. It has been active since at least late 2024 and is delivered via web injection campaigns.
SystemBC Now Targeting Linux
Feb 18, 2025 2:05:57 PM / by The Hivemind posted in Threat Bulletin, Linux, RAT, SystemBC, Evolving Threat
Related Families: RIG, Fallout EK
Executive Summary
SystemBC, a RAT that previously only targeted Windows systems was recently observed targeting Linux.
Chinese Threat Actors Using BadIIS to Manipulate SEO
Feb 14, 2025 1:01:25 PM / by The Hivemind posted in Threat Bulletin, China, BadIIS, SEO manipulation, DragonRank
Verticals Targeted: Government, Education, Technology, Telecommunications
Executive Summary
Chinese threat actors were recently observed using BadIIS to manipulate SEO and direct victims to illegal gambling sites.
Evasive Panda Uses SSH Backdoor to Target Network Devices
Feb 10, 2025 1:56:30 PM / by The Hivemind posted in Threat Bulletin, China, Linux, Evasive Panda, Daggerfly, ELF/Sshdinjector.A!tr