The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

SHADOW-EARTH-053 Uses Legacy Exchange Exploitation to Target Asia-Pacific Governments

May 15, 2026 2:02:38 PM / by The Hivemind posted in Threat Bulletin, APT41, ShadowPad, Cybersecurity, government targeting, CyberEspionage, ChinaAPT, ExchangeServer, ProxyLogon, ThreatIntelligence, ShadowEarth053

0 Comments

Verticals Targeted: Government, Defense, Technology, Transportation, Critical Infrastructure
Regions Targeted: South Asia, Southeast Asia, East Asia
Related Families: ShadowPad, GODZILLA, NOODLERAT, IOX, GOST, Wstunnel, RingQ, VShell

Executive Summary

A newly identified China-aligned cyberespionage campaign tracked as SHADOW-EARTH-053 is targeting government agencies, defense-adjacent contractors, and critical infrastructure organizations across Asia through exploitation of unpatched Microsoft Exchange and IIS vulnerabilities. The operation relies heavily on legacy Exchange flaws, web shell persistence, ShadowPad malware deployment, credential theft, and covert tunneling infrastructure to maintain long-term access within victim environments. The campaign demonstrates that older but still-exploitable enterprise infrastructure continues to provide reliable access opportunities for state-aligned espionage operators and reinforces the operational importance of proactive detection, behavioral monitoring, and layered telemetry visibility.

Read More

AI Agents: the New Shadow IT

May 5, 2026 1:41:07 PM / by PolySwarm Team posted in Cybersecurity, AI Agents, Zero Trust, AI Security, Security Risk, Threat Detection, Enterprise Security

0 Comments

 

Executive Summary

65% of organizations report experiencing at least one AI agent-related security incident in the past year. That’s not a projection. It’s a warning about the future. And it’s already happening.

Read More

New Chaos RAT Variants Observed

Jun 16, 2025 1:57:09 PM / by The Hivemind posted in Threat Bulletin, Malware, Data Theft, Evolving Threat, Cybersecurity, Chaos RAT, Remote Administration Tool, Linux Malware, Windows Malware, Phishing Attacks, Cryptocurrency Mining

0 Comments

Verticals Targeted: Not specified
Regions Targeted: Not specified
Related Families: None identified

Executive Summary

New variants of Chaos RAT, an open-source remote administration tool (RAT) first observed in 2022, have been identified. The new variants target both Windows and Linux systems through sophisticated phishing campaigns. This evolving malware deploys cryptominers, steals sensitive data, and establishes persistent control over infected devices.

Read More

EDDIESTEALER

Jun 9, 2025 12:29:15 PM / by The Hivemind posted in Threat Bulletin, Infostealer, Data Theft, social engineering, Emerging Threat, EDDIESTEALER, Rust Malware, CAPTCHA Campaign, ClickFix, PowerShell Attack, ChromeKatz, Cybersecurity

0 Comments

Verticals Targeted: Not specified
Regions Targeted: Not specified
Related Families: None

Executive Summary

EDDIESTEALER is a Rust-based infostealer distributed through deceptive CAPTCHA campaigns, leveraging social engineering to steal sensitive data like credentials and cryptocurrency wallet details. Its advanced obfuscation and ChromeKatz integration highlight the growing sophistication of commodity malware.

Read More
All posts

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts

Join the Marketplace

For Enterprises and Businesses

Learn More

For Security Experts and AV Companies

Learn More