The PolySwarm Blog

Verticals Targeted: Not specified
Regions Targeted: Not specified
Related Families: BluelineStealer, ChromElevator

Verticals Targeted: Financial, Cryptocurrency
Regions Targeted: Austria, Global
Related Families: None

Verticals Targeted: Financial
Regions Targeted: Asia
Related Families: Fog Ransomware

Executive Summary

AdaptixC2, an open-source command-and-control framework, has emerged as a potent tool for threat actors, enabling file manipulation, data exfiltration, and covert network communication in attacks. Its modular design and AI-assisted deployment methods underscore the need for robust defenses to counter its evolving tactics.

Verticals Targeted: Not specified 
Regions Targeted: US
Related Families: CastleLoader

Verticals Targeted: Not specified
Regions Targeted: Not specified
Related Families: AHK Bot, Skitnet/Bossnet

Verticals Targeted: Public Sector, Aviation
Regions Targeted: Middle East
Related Families: None

Executive Summary

Charon is a new ransomware family employing advanced APT-style techniques, targeting Middle Eastern public sector and aviation organizations with tailored ransom demands. Its sophisticated attack chain, including DLL sideloading and process injection, underscores the growing convergence of ransomware and APT tactics.

Verticals Targeted: Government, Healthcare, Manufacturing, Transportation, Law and Consulting, IT, Agriculture
Regions Targeted: Brazil, Japan, Canada, Turkey, South Korea, Taiwan, United States
Related Families: Conti

Executive Summary

Gunra ransomware has debuted a Linux variant that boosts encryption speed and flexibility, signaling a shift toward broader cross-platform attacks following its initial Windows campaigns.

Verticals Targeted: Government
Regions Targeted: US
Related Families: StealC, RedLine, NetSupport RAT, DeerStealer, HijackLoader, SectopRAT

Executive Summary

CastleLoader, a versatile malware loader, has infected 469 devices since May 2025, leveraging Cloudflare-themed ClickFix phishing and fake GitHub repositories to deliver information stealers and RATs. Its sophisticated attack chain, high infection rate, and modular design make it a significant threat to organizations, particularly U.S. government entities.