The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

DDoS Attacks and New Wiper Malware Target Ukraine

Feb 25, 2022 11:37:21 AM / by PolySwarm Tech Team posted in Ukraine, Russia, Threat Bulletin, Financial, Wiper, Malware, DDoS, Katana, Government, Defense


PolySwarm Threat Bulletin


PolySwarm recently released several publications and blog posts discussing Russia-Ukraine tensions and the potential for both kinetic and cyber conflict:

Read More

PolySwarm Threat Bulletin: Armageddon Activity Targeting Ukraine

Feb 9, 2022 11:16:05 AM / by PolySwarm Team posted in Ukraine, Russia, Threat Bulletin



Last week we released a report and blog post on the Russia-Ukraine conflict, past cyber altercations between the two nations, and potential cyber implications if the current conflict escalates. In our report, we mentioned historical activity perpetrated by the threat actor group Armageddon. Palo Alto’s Unit 42 recently reported ongoing activity targeting Ukraine, which they attributed to Armageddon, also known in the industry as Gameredon or Primitive Bear. While Unit 42 did not elaborate on the magnitude or implications of these attacks, they did provide a breakdown of Armageddon’s infrastructure.

Read More

Russia-Ukraine Conflict and Cyberwar Implications

Feb 4, 2022 11:40:46 AM / by PolySwarm Team posted in Ukraine, Russia, Special Report



  • Ongoing political tensions between Russia and Ukraine are at a breaking point, with the US and other NATO nations preparing to assist Ukraine if a military conflict arises.
  • Russia and Ukraine have a long history of state-sponsored cyber conflicts, including both espionage and disruptive attacks.
  • Recent cyber activity targeting Ukraine includes multiple government website defacements and WhisperGate, a wiper malware disguised as ransomware. IOCs for PolySwarm’s samples of WhisperGate are provided.
  • Hacktivists recently attacked Belarus Railway to protest Russian troop transport and demand the release of “political prisoners.” This incident marked the first time hacktivists have leveraged ransomware in pursuit of political objectives.
  • The cyber struggle between Russia and Ukraine has the potential to spill over and have a real-world kinetic impact. Our analysts provide a list of implications.
Read More

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts