Related Families: Remcos
Primitive Bear Using LNK Files to Deploy Remcos Backdoor Against Ukrainian Targets
Apr 4, 2025 2:48:44 PM / by The Hivemind posted in Ukraine, Russia, Threat Bulletin, Primitive Bear, LNK, Gamaredon, Remcos
VanHelsing Ransomware
Mar 31, 2025 2:19:18 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Emerging Threat, VanHelsing
Executive Summary
VanHelsing is an emerging ransomware threat. VanHelsing targets an expansive array of platforms, including Windows, Linux, BSD, ARM, and ESXi systems, positioning it as a versatile threat across diverse IT environments.
RansomHub Affiliate Uses Custom Betruger Backdoor
Mar 28, 2025 1:37:43 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Backdoor, TTPs, Betruger
Related Families: RansomHub
Verticals Targeted: Healthcare, Government, Critical Infrastructure
StilachiRAT
Mar 24, 2025 11:54:35 AM / by The Hivemind posted in Threat Bulletin, Backdoor, Cryptocurrency, RAT, Emerging Threat, StilachiRAT
Executive Summary
StilachiRAT is a newly discovered remote access trojan (RAT) that employs advanced evasion techniques to conduct system reconnaissance, steal credentials, and target cryptocurrency wallets.
Ricochet Chollima Using KoSpy Android Spyware
Mar 17, 2025 1:34:36 PM / by The Hivemind posted in Threat Bulletin, Espionage, North Korea, Android, Spyware, Ricochet Chollima, KoSpy, APT37
Executive Summary
KoSpy is a sophisticated Android spyware linked to North Korean threat actor Ricochet Chollima. It has been targeting Korean and English-speaking users since March 2022.
Sidewinder Using New Tools to Target Maritime and Nuclear Sectors
Mar 14, 2025 3:14:11 PM / by The Hivemind posted in Threat Bulletin, Sidewinder, TTPs, Nuclear, Evolving Threat, Maritime
Verticals Targeted: Maritime, Nuclear
Executive Summary
SideWinder, an APT group thought to be of Indian nexus, was recently observed using new TTPs and expanding their targeting to include entities in the maritime and nuclear energy sectors.
Lotus Panda Uses Sagerunex to Target Multiple Verticals
Mar 10, 2025 2:08:01 PM / by The Hivemind posted in Threat Bulletin, Espionage, China, Lotus Panda, Lotus Blossom, Sagerunex
Verticals Targeted: Government, Telecommunications, Media, Manufacturing
Ransomware Attacks Ramping Up in the Middle East
Mar 7, 2025 1:47:01 PM / by The Hivemind posted in Threat Bulletin, Middle East, Ransomware, LockBit, RansomHub, DragonForce
Related Families: DragonForce, RansomHub, LockBit
Verticals Targeted: Construction, Real Estate, Financial