Verticals Targeted: Government, Defense, Telecommunications, Finance, NGO, IT services
Executive Summary
Scarred Manticore, a threat actor group associated with Iran’s MOIS, was observed using Liontail framework in an espionage campaign.
Verticals Targeted: Automotive, Communications, Engineering, Financial Services, Healthcare, Insurance, Legal, Manufacturing, Retail, Technology, Telecommunications
Executive Summary
Charming Kitten, an Iran nexus threat actor group, was recently observed using Sponsor backdoor to target at least 34 entities in Brazil, Israel, and UAE.
Related Families: Drokbk, Soldier
Verticals Targeted: Critical Infrastructure, Telecommunications, Government, Energy, Transportation. Utilities, Oil & Gas
Executive Summary
Mint Sandstorm was recently observed targeting US critical infrastructure entities. These include seaports, energy companies, transportation systems, and a US utility and gas entity.
Executive Summary
Iranian threat actors were observed targeting a hybrid environment using ransomware as a decoy for destructive attacks.
Key Takeaways
Executive Summary
This Threat Bulletin is part of PolySwarm’s 2022 Recap series. This report highlights activity perpetrated by Iran-based threat actors in 2022.
Key Takeaways
- This report provides highlights of activity perpetrated by Iran-based threat actors in 2022.
- Threat actors featured in this report include Static Kitten, Charming Kitten, Siamese Kitten, Fox Kitten, Helix Kitten, Nemesis Kitten, Refined Kitten, Moses Staff, Cobalt Mirage, and APT42.
- PolySwarm tracked malware associated with multiple Iran nexus threat actors in 2022.
Executive Summary
Google’s Threat Analysis Group (TAG) recently reported on Hyperscrape, a new data extraction tool used by the Iranian nexus threat actor group Charming Kitten.
Key Takeaways
Executive Summary
Multiple ransomware families have been used to target the healthcare vertical in the past year. In this report, we cover recently reported attacks on the healthcare vertical leveraging Maui and Quantum ransomware families.
Background
Iranian threat actor group Muddy Water has been very active in the last few months. In February, CISA issued an alert warning that the group was conducting a campaign targeting global government and commercial networks. Earlier this month, Cisco’s Talos Intelligence published a blog post on Muddy Water activity targeting Turkey and other countries.