Year: 2019

Cybercriminals Exploit CVE-2019-11510 to Breach Telecoms and Financial Companies

Delaware, USA – December 30, 2019 – Financial and telecommunications companies in Eastern Europe and Central Asia were breached by the undefined threat actor in a series of cyberattacks. According to Kaspersky Lab, the cybercriminals are interested in huge sums, they attempted to steal several million dollars from each financial organization, and in the networks […]

Read More
Entercom Communications Corporation is Hit Again

Delaware, USA – December 26, 2019 – Over the past few months, Entercom has become the second time the target of a cyberattack: in September, the radio network suffered a ransomware attack and attackers demanded $500,000 for decrypting the files. As a result of that attack, the radio network lost about $1.4 million and spent […]

Read More
APT20 Finds Their Way to Bypass 2FA

Delaware, USA – December 23, 2019 – Chinese state-sponsored cyberespionage group resurfaced with new operations targeted at multiple industries, Managed Service Providers, and government entities. Fox-IT experts discovered the APT20 group’s activity during the investigation of a data breach in one of the attacked organization and dubbed the campaign “Operation Wocao.” The group has been […]

Read More
SOC Prime special gifts for Threat Bounty Hunters

Delaware, USA – December 18, 2019 – We are excited to announce that 10 of the most active developers submitting content to SOC Prime’s Threat Bounty Program (https://my.socprime.com/en/tdm-developers) will receive special gifts for 2019 Holiday Season! Together with our partner Elastic, we are giving 10 certificates to attend online training course of Elastic Machine Learning […]

Read More
TrickBot Anchor Project Welcomes APT Groups with Open Arms

Delaware, USA – December 12, 2019 – TrickBot operators offer access to high-profile targets not only to other cybercriminals but also to state-sponsored threat actors. In October, NTT Security published a report on the appearance of a new and much more advanced version of the TrickBot – Anchor project. Researchers believe that attackers evaluate the […]

Read More
Waterbear Malware Now Uses API Hooking to Stay Undetected

Delaware, USA – December 11, 2019 – Waterbear modular malware is a development of cyberespionage group BlackTech and is often used in attacks on technology companies and government agencies in East Asia. Last year the group made the headlines distributing Plead backdoor signed with legitimate code-signing certificates previously stolen from Taiwanese companies: D-LINK and Changing […]

Read More
Snatch Ransomware: Just One More Threat to Corporate Networks

Delaware, USA – December 10, 2019 – The relatively new ransomware strain is used in targeted attacks on organizations, and its authors are looking for affiliates with access to corporate networks. During an investigation of the ransomware outbreak in one of the customers, researchers at Sophos drew attention to Snatch ransomware, which appeared about a […]

Read More
Interview with Developer: Adam Swan

We continue our series of interviews with participants of the Developer Program (https://my.socprime.com/en/tdm-developers), threat hunters and cybersecurity enthusiasts to introduce you to these wonderful people who are searching the web for relevant threats and create unique content for their detection. Meet SOC Prime’s Senior Threat Hunting Engineer – Adam Swan. Adam, tell us a bit […]

Read More
OceanLotus APT Breaches BMW and Hyundai

Delaware, USA – December 9, 2019 – Since at least the spring of 2019, the Vietnamese APT group has had access to the networks of the German manufacturer BMW – Bayerischer Rundfunk reports. The fact of compromise became known when the security team discovered the Cobalt Strike penetration testing tool on the company’s computers, which has […]

Read More
CyrusOne Becomes the Latest Victim of Sodinokibi Ransomware

Delaware, USA – December 6, 2019 – One of the biggest data center providers in the United States confirmed the cybersecurity incident affected customers primarily serviced by CyrusOne’s New York Data Center. CyrusOne does not disclose the details of the attack and conducts an investigation. At the same time, ZDNet has evidence indicating that Sodinokibi […]

Read More