The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

TheWizards Use Spellbinder to Conjure Lateral Movement

May 5, 2025 11:09:59 AM / by The Hivemind posted in Threat Bulletin, China, TheWizards, Spellbinder, WizardNet

0 Comments

Verticals Targeted: Gambling
Regions Targeted: Philippines, Cambodia, United Arab Emirates, China, Hong Kong
Related Families: WizardNet, DarkNights (DarkNimbus)

Executive Summary

TheWizards APT group leverages Spellbinder, a sophisticated lateral movement tool, to conduct adversary-in-the-middle (AitM) attacks, hijacking legitimate Chinese software updates to deploy the WizardNet backdoor. This activity targets gambling companies and individuals across Asia and the Middle East.

Read More

Mustang Panda Emerges With New TTPs

Apr 25, 2025 1:46:23 PM / by The Hivemind posted in Threat Bulletin, China, TTPs, Mustang Panda, ToneShell, StarProxy

0 Comments

Verticals Targeted: Government, Military, NGOs
Regions Targeted: Myanmar, East Asia, Europe

Executive Summary

Mustang Panda has enhanced its arsenal with updated ToneShell backdoor variants and a new lateral movement tool, StarProxy, targeting organizations in Myanmar and other regions. These tools employ advanced evasion techniques, including FakeTLS protocols and DLL sideloading, to facilitate espionage.

Read More

BPFDoor Campaign Targets Asia and Middle East

Apr 18, 2025 1:50:39 PM / by The Hivemind posted in Threat Bulletin, China, Linux, Backdoor, Red Menshen, BPFDoor

0 Comments

Verticals Targeted: Telecommunications, Financial, Retail
Regions Targeted: South Korea, Hong Kong, Myanmar, Malaysia, Egypt
Related Families: Symbiote

Executive Summary

A newly discovered BPFDoor controller enhances the backdoor’s stealth, targeting Linux and Solaris systems in Asia and the Middle East. Attributed to Red Menshen, this state-sponsored threat compromises critical sectors with advanced evasion techniques.

Read More

Lotus Panda Uses Sagerunex to Target Multiple Verticals

Mar 10, 2025 2:08:01 PM / by The Hivemind posted in Threat Bulletin, Espionage, China, Lotus Panda, Lotus Blossom, Sagerunex

0 Comments

Verticals Targeted: Government, Telecommunications, Media, Manufacturing 

Read More

Silver Fox Targeting Medical Devices

Mar 3, 2025 2:02:05 PM / by The Hivemind posted in Threat Bulletin, China, Evolving Threat, SilverFox, Medical, ValleyRAT

0 Comments

Related Families: ValleyRAT
Verticals Targeted: Medical

Executive Summary

Chinese threat actor Silver Fox was recently observed targeting medical devices in a sophisticated campaign that delivers multiple malware families, including ValleyRAT.

Read More

Chinese Threat Actors Using BadIIS to Manipulate SEO

Feb 14, 2025 1:01:25 PM / by The Hivemind posted in Threat Bulletin, China, BadIIS, SEO manipulation, DragonRank

0 Comments

Verticals Targeted: Government, Education, Technology, Telecommunications

Executive Summary

Chinese threat actors were recently observed using BadIIS to manipulate SEO and direct victims to illegal gambling sites.

Read More

Evasive Panda Uses SSH Backdoor to Target Network Devices

Feb 10, 2025 1:56:30 PM / by The Hivemind posted in Threat Bulletin, China, Linux, Evasive Panda, Daggerfly, ELF/Sshdinjector.A!tr

0 Comments

Executive Summary

Read More

Salt Typhoon Targets Telecoms With GhostSpider

Dec 6, 2024 1:33:32 PM / by The Hivemind posted in Threat Bulletin, APT, China, Emerging Threat, Salt Typhoon, GhostSpider

0 Comments

Related Families: Demodex
Verticals Targeted: Telecommunications 

Executive Summary

Salt Typhoon, a China nexus APT group, was recently observed using GhostSpider backdoor to target telecommunications companies.

Read More
All posts

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts

Join the Marketplace

For Enterprises and Businesses

Learn More

For Security Experts and AV Companies

Learn More