The PolySwarm Blog

Related Families: AcidRain
Verticals Targeted: Telecommunications 

Executive Summary

AcidPour, a variant of AcidRain, was recently observed targeting entities in Ukraine. The targets likely included telecommunications entities.

Executive Summary

Related Families: OCEANMAP, MASEPIE, STEELHOOK
Verticals Targeted: Government

Executive Summary

Fancy Bear was recently observed engaging in a phishing campaign targeting entities in Ukraine. In the campaign, the threat actors used three never before seen malware families, OCEANMAP, MASEPIE, and STEELHOOK.

Executive Summary

The Russia-Ukraine conflict has continued throughout 2023, with a plethora of both state-sponsored and hacktivist cyber activity taking place alongside kinetic warfare. In this report, PolySwarm provides the highlights of cyber activity associated with the Russia-Ukraine conflict in 2023.

Verticals Targeted: Government, Military, Various

Executive Summary

PicassoLoader, a downloader, was observed targeting government, military, and civilian entities in Ukraine and Poland. CERT-UA attributed this activity to GhostWriter.

Related Families: DboxShell, PowerMagic
Verticals Targeted: Defense, Critical Infrastructure, Transportation 

Executive Summary

RedStinger, a relatively unknown threat actor group, targeted multiple entities in Ukraine, including those in the defense, transportation, and critical infrastructure verticals.

Related Families: Andromeda, Kopiluwak, QuietCanary

Executive Summary

Mandiant recently reported on a Turla campaign targeting Ukraine. The threat actors used multiple malware families in this campaign, including Kopiluwak, QuietCanary, and Andromeda.

Related Families: DoubleZero, IsaacWiper, HermeticWiper, CaddyWiper, WhisperGate, AcidRain, Industroyer2, Azov, CryWiper

Verticals Targeted: defense, government, judicial, telecommunications, energy, non-profit

Executive Summary

In 2022, we observed a significant increase in the number of wiper malware families active in the wild. The majority of this activity appears to be motivated by or conducted in conjunction with the ongoing kinetic warfare taking place between Russia and Ukraine. In this report, we focus on wipers that seem to be connected to the Russia-Ukraine conflict.

Key Takeaways

• In 2022, we observed a significant increase in the number of wiper malware families active in the wild. Many of these appear to be related to the Russia-Ukraine conflict.
• These families include DoubleZero, HermeticWiper, IsaacWiper, CaddyWiper, WhisperGate, AcidRain, Industroyer2, Azov, and CryWiper. 
• The majority of these wiper families targeted entities in Ukraine, while at least one targeted entities in Russia.