The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

IcedID and Zimbra Exploits Target Ukrainian Government Entities

Apr 22, 2022 1:38:37 PM / by PolySwarm Tech Team posted in Ukraine, Threat Bulletin, Infostealer, IcedID, BokBot, UAC-0098, UAC-0097, Zimbra

0 Comments



Background

CERT-UA recently released an advisory on IcedID, a modular banking trojan being dropped via a social engineering campaign targeting Ukrainian government entities, and related Zimbra exploits.

Read More

Industroyer2 Targets Ukrainian Energy Company

Apr 15, 2022 1:06:29 PM / by PolySwarm Tech Team posted in Ukraine, Russia, Threat Bulletin, Wiper, Critical Infrastructure, Industroyer2, Sandworm, Voodoobear

0 Comments



Background

ESET recently reported on Industroyer2, a multi-component ICS malware used to target a Ukrainian energy company.

Read More

CaddyWiper

Mar 21, 2022 1:45:31 PM / by PolySwarm Tech Team posted in Ukraine, Threat Bulletin, Wiper, CaddyWiper

0 Comments



Background

Since January, Ukraine has been targeted by several wiper malware families. In early February, we reported on the WhisperGate wiper. Earlier this month we spotlighted HermeticWiper and IsaacWiper. Ukraine was recently under attack by yet another wiper malware. ESET announced the discovery of CaddyWiper on March 14th in a tweet. Cisco Talos followed up a day later with more information on this malware.

Read More

MicroBackdoor

Mar 11, 2022 1:28:25 PM / by PolySwarm Tech Team posted in Ukraine, Threat Bulletin, MicroBackdoor, UNC1151, Belarus, First Seen

0 Comments



Background

CERT-UA, the Ukraine government’s incident response team, recently released a report on MicroBackdoor. CERT-UA did not provide further information on the scope of the incident leading to the discovery of this malware.

Read More

HermeticWiper & IsaacWiper Target Ukraine

Mar 9, 2022 1:34:55 PM / by PolySwarm Tech Team posted in Ukraine, Threat Bulletin, IsaacWiper, HermeticWiper, WhisperGate, HermeticWizard, HermeticRansom, FoxBlade

0 Comments



Background

Ukraine was recently targeted by several wiper malware families. In January,
WhisperGate, which was attributed to a Belarusian threat actor group known as Ghostwriter/UNC1151, targeted Ukraine’s government, non-profit, and technology verticals. On February 23, another wiper malware dubbed HermeticWiper or FoxBlade was used to target Ukraine. On February 24, a third wiper malware was observed targeting Ukrainian entities. This new malware was dubbed IsaacWiper. ESET recently published research on HermeticWiper and IsaacWiper.

Read More

Russian Websites Down As Russia Fears Critical Infrastructure Attacks

Feb 25, 2022 4:06:31 PM / by PolySwarm Tech Team posted in Ukraine, Russia, Threat Bulletin, Critical Infrastructure

0 Comments


PolySwarm Threat Bulletin

THIS THREAT BULLETIN IS PROVIDED FOR SITUATIONAL AWARENESS


Background

This report is part of our ongoing coverage of the Russia-Ukraine conflict and cyber implications.

PolySwarm recently released the following publications and blog posts discussing Russia-Ukraine tensions and the potential for both kinetic and cyber conflict:

Read More

DDoS Attacks and New Wiper Malware Target Ukraine

Feb 25, 2022 2:37:21 PM / by PolySwarm Tech Team posted in Ukraine, Russia, Threat Bulletin, Financial, Wiper, Malware, DDoS, Katana, Government, Defense

0 Comments



PolySwarm Threat Bulletin
THIS THREAT BULLETIN IS PROVIDED FOR SITUATIONAL AWARENESS

Background

PolySwarm recently released several publications and blog posts discussing Russia-Ukraine tensions and the potential for both kinetic and cyber conflict:

Read More

PolySwarm Threat Bulletin: Armageddon Activity Targeting Ukraine

Feb 9, 2022 2:16:05 PM / by PolySwarm Team posted in Ukraine, Russia, Threat Bulletin

0 Comments



Background


Last week we released a report and blog post on the Russia-Ukraine conflict, past cyber altercations between the two nations, and potential cyber implications if the current conflict escalates. In our report, we mentioned historical activity perpetrated by the threat actor group Armageddon. Palo Alto’s Unit 42 recently reported ongoing activity targeting Ukraine, which they attributed to Armageddon, also known in the industry as Gameredon or Primitive Bear. While Unit 42 did not elaborate on the magnitude or implications of these attacks, they did provide a breakdown of Armageddon’s infrastructure.

Read More

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts