Related Families: Knight
Verticals Targeted: Healthcare, Financial, Auction House, Technology, Government
RansomHub
Jun 14, 2024 2:22:45 PM / by The Hivemind posted in Threat Bulletin, Ransomware, RansomHub, Knight
TargetCompany Ransomware Linux Variant
Jun 10, 2024 2:25:02 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Linux, Asia, APAC, TargetCompany, ESXi
Verticals Targeted: Healthcare, Finance, Government, Manufacturing, Education, Information Technology, Retail, Transportation, Utilities, Telecommunications
Executive Summary
A new Linux variant of TargetCompany ransomware was recently discovered that uses a custom shell script to deliver and execute payloads in ESXi environments.
New North Korean Threat Actor Group Moonstone Sleet
Jun 7, 2024 12:58:01 PM / by The Hivemind posted in Threat Bulletin, North Korea, MoonstoneSleet, YouieLoad, Threat Actor Profile, SplitLoader
Related Families: SplitLoader, YouieLoad
Verticals Targeted: Education, Software, Information Technology, Defense, Aerospace
Executive Summary
Moonstone Sleet is a newly identified North Korea nexus threat actor group. The group leverages a combination of commonly used North Korean threat actor TTPs, along with their own unique attack methodologies.
BloodAlchemy Targeted Government Entities in Asia
Jun 3, 2024 1:36:40 PM / by The Hivemind posted in Threat Bulletin, Government, China, Backdoor, Deed RAT, Asia, APAC, ShadowPad, BloodAlchemy
Related Families: ShadowPad, Deed RAT
Verticals Targeted: Government
Venomous Bear’s Lunar Toolset
May 28, 2024 1:05:05 PM / by The Hivemind posted in Russia, Threat Bulletin, Government, Venomous Bear, Turla, LunarMail, LunarWeb, LunarLoader
Related Families: LunarMail, LunarLoader, LunarWeb
Verticals Targeted: Government
Executive Summary
Venomous Bear was observed targeting a European Ministry of Foreign Affairs using a new toolset, dubbed the Lunar toolset.
Velvet Chollima Using Gomir Linux Backdoor
May 24, 2024 11:58:05 AM / by The Hivemind posted in Threat Bulletin, Espionage, North Korea, Linux, Kimsuky, GoBear, Velvet Chollima, Gomir, Troll Stealer
Related Families: GoBear, Troll Stealer, BetaSeed, Endor
Verticals Targeted: Government
Executive Summary
North Korea nexus threat actor group Velvet Chollima was observed using a new Linux backdoor, dubbed Gomir, to target entities in South Korea.
Ebury Compromised 400K Linux Servers
May 20, 2024 2:59:44 PM / by The Hivemind posted in Threat Bulletin, Stealer, Linux, Backdoor, Cryptocurrency, Ebury, HelimodSteal, HelimodProxy, HelimodRedirect
Related Families: HelimodSteal, HelimodProxy, HelimodRedirect
Executive Summary
A longstanding botnet campaign is known to deliver Ebury, an OpenSSH backdoor and credential stealer.
Black Basta Targeting Critical Infrastructure
May 17, 2024 2:19:41 PM / by The Hivemind posted in Threat Bulletin, Critical Infrastructure, Ransomware, Black Basta, Healthcare, Emerging Threat
Related Families: Qakbot
Verticals Targeted: Critical Infrastructure, Healthcare