The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

Cerber Ransomware Linux Variant Exploiting CVE-2023-22518

Apr 22, 2024 2:02:42 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Linux, Cerber, CVE-2023-22518, Confluence

0 Comments

Related Families: Effluence

Executive Summary

A Linux variant of Cerber ransomware was observed exploiting CVE-2023-22518, a vulnerability affecting Atlassian Confluence.

Read More

INC Ransomware

Apr 8, 2024 2:23:53 PM / by The Hivemind posted in Threat Bulletin, Government, Ransomware, Healthcare, INC

0 Comments

Verticals Targeted: Government, Healthcare

Executive Summary

INC is a relatively new ransomware group that has been active since summer 2023. The group recently claimed responsibility for attacks on Leicester City Council and NHS services in Scotland.

Read More

RA World Ransomware Targets Healthcare Entities

Mar 18, 2024 2:36:58 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Healthcare, Babuk, Latin America, RA World

0 Comments

Related Families: Babuk
Verticals Targeted: Healthcare, Finance, Insurance 

Executive Summary

RA World is a multistage ransomware family that was recently observed targeting healthcare entities in Latin America.

Read More

Phobos Targeting Critical Infrastructure

Mar 15, 2024 2:49:12 PM / by The Hivemind posted in Threat Bulletin, Government, Critical Infrastructure, Ransomware, Healthcare, Energy, Education, Phobos, Emergency Services

0 Comments

Related Families: Elking, Eight, Devos, Backmydata, Faust, Perdak, CrySiS, Dharma, SmokeLoader, Cobalt Strike, Bloodhound
Verticals Targeted: Critical Infrastructure, Government, Emergency Services, Education, Healthcare

Executive Summary

CISA recently released an advisory on Phobos ransomware being used to target critical infrastructure entities, including government entities, emergency services, education, public healthcare, and other unspecified entities.

Read More

A Brief History of LockBit

Mar 4, 2024 1:46:37 PM / by The Hivemind posted in Threat Bulletin, Ransomware, LockBit

0 Comments

Verticals Targeted: Government 

Executive Summary

LockBit has been one of the most prolific RaaS families of all time. Despite being all but dismantled by law enforcement earlier this month, the group appears to be back and is setting its sights on government targets.

Read More

RustDoor MacOS Backdoor

Feb 26, 2024 11:51:18 AM / by The Hivemind posted in Threat Bulletin, Ransomware, ALPHV, Backdoor, MacOS, Mac, Apple, RustDoor, GateDoor

0 Comments

Related Families: GateDoor
Verticals Targeted: Cryptocurrency

Executive Summary

RustDoor is a new MacOS backdoor written in Rust. RustDoor was observed targeting companies in the cryptocurrency sector.

Read More

ALPHV Targeting ONG, Critical Infrastructure Entities

Feb 23, 2024 2:25:34 PM / by The Hivemind posted in Threat Bulletin, Critical Infrastructure, Ransomware, BlackCat, ALPHV, Energy, ONG, Oil & Gas

0 Comments

Verticals Targeted: Critical Infrastructure, Energy, Oil & Gas

Executive Summary

ALPHV recently claimed responsibility for a cybersecurity incident targeting Canada's Trans-Northern Pipelines.

Read More

Faust Ransomware

Feb 12, 2024 1:07:27 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Windows, Faust, Phobos

0 Comments

Related Families: Phobos

Executive Summary

Faust is a newly discovered variant of Phobos ransomware delivered via an office document containing a malicious VBA script.

Read More
All posts

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts

Join the Marketplace

For Enterprises and Businesses

Learn More

For Security Experts and AV Companies

Learn More