The PolySwarm Blog

Executive Summary

VanHelsing is an emerging ransomware threat. VanHelsing targets an expansive array of platforms, including Windows, Linux, BSD, ARM, and ESXi systems, positioning it as a versatile threat across diverse IT environments.

Related Families: RansomHub
Verticals Targeted: Healthcare, Government, Critical Infrastructure 

Executive Summary

StilachiRAT is a newly discovered remote access trojan (RAT) that employs advanced evasion techniques to conduct system reconnaissance, steal credentials, and target cryptocurrency wallets.

Executive Summary

KoSpy is a sophisticated Android spyware linked to North Korean threat actor Ricochet Chollima. It has been targeting Korean and English-speaking users since March 2022.

Verticals Targeted: Maritime, Nuclear

Executive Summary

SideWinder, an APT group thought to be of Indian nexus, was recently observed using new TTPs and expanding their targeting to include entities in the maritime and nuclear energy sectors.

Verticals Targeted: Government, Telecommunications, Media, Manufacturing 

Related Families: DragonForce, RansomHub, LockBit
Verticals Targeted: Construction, Real Estate, Financial 

Executive Summary

Recent industry reporting highlights the ransomware threats faced by various entities in the Middle East. DragonForce ransomware was recently observed targeting a real estate and construction company in Saudi Arabia. However, this is only the tip of the iceberg, as entities in the Middle East, particularly financial services entities in Saudi Arabia and the UAE, are also being heavily targeted by ransomware.

Related Families: ValleyRAT
Verticals Targeted: Medical

Executive Summary

Chinese threat actor Silver Fox was recently observed targeting medical devices in a sophisticated campaign that delivers multiple malware families, including ValleyRAT.