Verticals Targeted: Government, Healthcare
INC Ransomware
Apr 8, 2024 2:23:53 PM / by The Hivemind posted in Threat Bulletin, Government, Ransomware, Healthcare, INC
StrelaStealer Campaign Targeted US and EU
Apr 1, 2024 2:28:11 PM / by The Hivemind posted in Threat Bulletin, Government, Stealer, Energy, Manufacturing, Legal Services, Insurance, Construction, StrelaStealer, Email, Finance
Verticals Targeted: Technology, Finance, Legal Services, Manufacturing, Government, Energy, Insurance, Construction
Executive Summary
StrelaStealer was recently used in a widespread campaign targeting over 100 entities in the US and EU. The newest version of StrelaStealer is more advanced than previous versions and includes features to help thwart analysis.
Phobos Targeting Critical Infrastructure
Mar 15, 2024 2:49:12 PM / by The Hivemind posted in Threat Bulletin, Government, Critical Infrastructure, Ransomware, Healthcare, Energy, Education, Phobos, Emergency Services
Related Families: Elking, Eight, Devos, Backmydata, Faust, Perdak, CrySiS, Dharma, SmokeLoader, Cobalt Strike, Bloodhound
Verticals Targeted: Critical Infrastructure, Government, Emergency Services, Education, Healthcare
Executive Summary
CISA recently released an advisory on Phobos ransomware being used to target critical infrastructure entities, including government entities, emergency services, education, public healthcare, and other unspecified entities.
Fancy Bear Campaign Leverages New Malware
Jan 12, 2024 11:42:16 AM / by The Hivemind posted in Ukraine, Russia, Threat Bulletin, Espionage, Government, Fancy Bear, STEELHOOK, OCEANMAP, MASEPIE
Related Families: OCEANMAP, MASEPIE, STEELHOOK
Verticals Targeted: Government
Executive Summary
Fancy Bear was recently observed engaging in a phishing campaign targeting entities in Ukraine. In the campaign, the threat actors used three never before seen malware families, OCEANMAP, MASEPIE, and STEELHOOK.
Rhysida On The Rampage
Nov 27, 2023 1:24:03 PM / by The Hivemind posted in Government, Healthcare, Technology, Education, Manufacturing, Various
Verticals Targeted: Education, Government, Manufacturing, Technology, Healthcare, Various
Executive Summary
New Rhysida activity has prompted the release of a joint cybersecurity advisory providing additional details on the ransomware group’s TTPs and operations.
New MOVEit Activity
Nov 13, 2023 1:31:46 PM / by The Hivemind posted in Threat Bulletin, Government, Defense, CVE-2023-34362, MOVEit, Technology
Verticals Targeted: Defense, Government, Technology
Executive Summary
The MOVEit vulnerability tracked as CVE-2023-34362, was first observed in May 2023. It has since been observed targeting additional entities, including those in the technology, government, and defense verticals.
MOIS Affiliated Threat Actor Using Liontail Framework
Nov 6, 2023 12:58:47 PM / by The Hivemind posted in Threat Bulletin, APT, Financial, Government, Iran, Telecommunications, framework, Military, MOIS, Liontail, OilRig, Scarred Manticore, IT, NGOs
Verticals Targeted: Government, Defense, Telecommunications, Finance, NGO, IT services
Executive Summary
Scarred Manticore, a threat actor group associated with Iran’s MOIS, was observed using Liontail framework in an espionage campaign.
Stayin Alive Campaign Targets Telecoms and Government Entities in Asia
Oct 27, 2023 1:54:59 PM / by The Hivemind posted in Threat Bulletin, Government, Telecommunications, Asia, CurKeep, StayinAlive, ToddyCat, CurCore, CurLog, CurLu, StylerServ
Related Families: CurKeep, CurCore, CurLog, CurLu, StylerServ
Verticals Targeted: Telecommunications, Government