Related Families: Elking, Eight, Devos, Backmydata, Faust, Perdak, CrySiS, Dharma, SmokeLoader, Cobalt Strike, Bloodhound
Verticals Targeted: Critical Infrastructure, Government, Emergency Services, Education, Healthcare
Phobos Targeting Critical Infrastructure
Mar 15, 2024 2:49:12 PM / by The Hivemind posted in Threat Bulletin, Government, Critical Infrastructure, Ransomware, Healthcare, Energy, Education, Phobos, Emergency Services
Rhadamanthys Targeting ONG Sector
Mar 8, 2024 1:36:26 PM / by The Hivemind posted in Threat Bulletin, Critical Infrastructure, Stealer, Phishing, Energy, ONG, Oil & Gas, Rhadamanthys
Verticals Targeted: Oil & Gas, Energy, Critical Infrastructure
ALPHV Targeting ONG, Critical Infrastructure Entities
Feb 23, 2024 2:25:34 PM / by The Hivemind posted in Threat Bulletin, Critical Infrastructure, Ransomware, BlackCat, ALPHV, Energy, ONG, Oil & Gas
Verticals Targeted: Critical Infrastructure, Energy, Oil & Gas
Executive Summary
ALPHV recently claimed responsibility for a cybersecurity incident targeting Canada's Trans-Northern Pipelines.
Cactus Ransomware
Feb 5, 2024 2:04:38 PM / by The Hivemind posted in Threat Bulletin, Critical Infrastructure, Ransomware, Energy, Cactus
Verticals Targeted: Energy
Executive Summary
Cactus is a ransomware family that has been active since at least March 2023 and has been gaining momentum in recent months. Cactus recently claimed an attack on Schneider Electric.
2023 Recap - Cyber Threats to the Energy Vertical
Jan 2, 2024 11:43:43 AM / by The Hivemind posted in Threat Bulletin, Europe, LockBit, ALPHV, Charming Kitten, 2023, Cl0p, YoroTrooper, Energy, Bitter APT, Volt Typhoon, SpyNote, Rhysida, DroxiDat, VooDoo Bear, RedStinger, 2023 Recap, BlackBasta, Earth Yako, Prophet Spider, Cuba Ransomware
Executive Summary
Cyber threats pose a significant risk to the energy vertical, which encompasses various sectors such as oil, gas, electricity, renewable energy, utilities, and related critical infrastructure entities. PolySwarm has been tracking cyber activity targeting the energy vertical in 2023. In this report, we provide highlights of this year’s threat actors and cyber attacks known to target the energy sector.
DroxiDat Targets African Power Company
Aug 18, 2023 2:54:28 PM / by The Hivemind posted in Threat Bulletin, Critical Infrastructure, Energy, DroxiDat, Pistachio Tempest, SystemBC, Fin12
Related Families: SystemBC
Verticals Targeted: Energy
Executive Summary
An African energy sector entity was recently targeted using DroxiDat, a variant of SystemBC.
SpyNote Targets Utility Company Customers
Aug 4, 2023 2:38:03 PM / by The Hivemind posted in Threat Bulletin, Android, Critical Infrastructure, Mobile, Energy, Utilities, SpyNote
Verticals Targeted: Utilities, Energy, Water, Critical Infrastructure
CosmicEnergy
Jun 9, 2023 2:23:26 PM / by The Hivemind posted in Critical Infrastructure, ICS, Energy, CosmicEnergy, OT
Verticals Targeted: Energy, Critical Infrastructure
Executive Summary
CosmicEnergy is a novel malware targeting operational technology (OT) and ICS.