ColdRiver Using Spica Backdoor
Feb 2, 2024 1:06:16 PM / by The Hivemind posted in Russia, Threat Bulletin, Backdoor, Spica, ColdRiver
Fancy Bear Campaign Leverages New Malware
Jan 12, 2024 11:42:16 AM / by The Hivemind posted in Ukraine, Russia, Threat Bulletin, Espionage, Government, Fancy Bear, STEELHOOK, OCEANMAP, MASEPIE
Related Families: OCEANMAP, MASEPIE, STEELHOOK
Verticals Targeted: Government
Executive Summary
Fancy Bear was recently observed engaging in a phishing campaign targeting entities in Ukraine. In the campaign, the threat actors used three never before seen malware families, OCEANMAP, MASEPIE, and STEELHOOK.
2023 Recap - Cyberwar and Hacktivism in the Russia-Ukraine Conflict
Dec 8, 2023 1:17:32 PM / by The Hivemind posted in Ukraine, Russia, Threat Bulletin, Primitive Bear, Cozy Bear, Killnet, Cadet Blizzard, LitterDrifter, Ghost Writer, Fancy Bear, VooDoo Bear, RedStinger, Nodaria, Cyber Regiment, IT Army of Ukraine, KibOrg, NLB
Executive Summary
The Russia-Ukraine conflict has continued throughout 2023, with a plethora of both state-sponsored and hacktivist cyber activity taking place alongside kinetic warfare. In this report, PolySwarm provides the highlights of cyber activity associated with the Russia-Ukraine conflict in 2023.
AresLoader
Oct 13, 2023 2:27:36 PM / by The Hivemind posted in Russia, Threat Bulletin, Loader, Cybercrime, AresLoader, MaaS
Executive Summary
AresLoader is a loader malware-as-a-service (MaaS) active in the wild since at least November 2022. AresLoader is designed to masquerade as legitimate software, while covertly downloading malicious payloads.
Cadet Blizzard
Jun 23, 2023 2:09:27 PM / by The Hivemind posted in Russia, Threat Bulletin, Espionage, WhisperGate, Cadet Blizzard, Disruption
Related Families: WhisperGate
Verticals Targeted: Government, Law Enforcement, Non-profits, Information Technology, Emergency Services
Executive Summary
Cadet Blizzard is a Russia nexus state-sponsored threat actor group with potential ties to the GRU. However, their activity seems to be distinct from other GRU-associated threat actor groups.
RedStinger Targets Critical Infrastructure
May 22, 2023 3:49:00 PM / by The Hivemind posted in Ukraine, Russia, Threat Bulletin, Government, Critical Infrastructure, Transportation, Bad Magic
Related Families: DboxShell, PowerMagic
Verticals Targeted: Defense, Critical Infrastructure, Transportation
Executive Summary
RedStinger, a relatively unknown threat actor group, targeted multiple entities in Ukraine, including those in the defense, transportation, and critical infrastructure verticals.
Tomiris Targets Central Asia in Espionage Campaign
May 5, 2023 2:00:47 PM / by The Hivemind posted in Russia, Threat Bulletin, Kopiluwak, TunnusSched, Roopy, Tomiris, Central Asia, Telemiris, JLORAT
Related Families: Telemiris, TunnusSched, Roopy, JLORAT, KopiLuwak
Verticals Targeted: Government, Diplomatic Entities
Executive Summary
A Russian-speaking threat actor group dubbed Tomiris was recently observed conducting an espionage campaign targeting countries in Central Asia. The group uses a variety of tools, some of which overlap with the Russian threat actor group Venomous Bear.
Recent Turla Activity Targeting Ukraine
Jan 19, 2023 12:39:38 PM / by The Hivemind posted in Ukraine, Russia, Threat Bulletin, Espionage, Venomous Bear, Andromeda, Kopiluwak, Turla, QuietCanary
Related Families: Andromeda, Kopiluwak, QuietCanary
Executive Summary
Mandiant recently reported on a Turla campaign targeting Ukraine. The threat actors used multiple malware families in this campaign, including Kopiluwak, QuietCanary, and Andromeda.