Year: 2019

SOC Prime is Attending Hack.lu 2019

Delaware, USA – October 21, 2019 – SOC Prime team is heading to Luxembourg where the 15th edition of Hack.lu conference will be held on October 22-24, 2019. Hack.lu is an open convention/conference where technical and non-technical people can discuss the implication of new technologies and the latest cybersecurity trends. Event’s agenda includes workshops, practical […]

Read More
Silent Operation of APT29 Lasts for Years

Delaware, USA – October 18, 2019 – The campaign of the Russian APT group began in 2013 and remained undetected until recently. Researchers from ESET named it Operation Ghost, its targets were the US embassy of a European Union, as well as ministries of foreign affairs in several European countries. In addition to the well-known […]

Read More
PortReuse Malware Discovered in Recent Winnti Campaign

Delaware, USA – October 16, 2019 – Chinese cyber espionage group Winnti used a new Windows backdoor in the attack on a major mobile hardware and software manufacturer based in Asia. ESET team discovered PortReuse malware during an investigation of supply-chain attacks conducted by the group. The researchers found that the attackers used the same […]

Read More
Interview with Developer: Nate Guagenti

Meet Nate Guagenti Over a decade, Nate has both deployed and engineered network and endpoint SIEMs that have scaled to multiple-TB/day of ingest, while simultaneously using and training others on the deployed solution. As Nate has worked in all facets of IT, he adds the unique experience of someone who has performed both endpoint and network […]

Read More
ANSSI Reports on Ongoing Campaigns Targeting Government Bodies and Service Providers

Delaware, USA – October 10, 2019 – The National Cybersecurity Agency of France (ANSSI) published two reports on cyberattacks targeted at service providers, design offices, government bodies, and other strategic entities. The first report reveals details about separate attacks on service providers and design offices, in one of which attackers use mainly the PlugX backdoor. PlugX […]

Read More
Interview with Developer: Thomas Patzke

We keep interviewing the developers of our Threat Bounty Program  (https://my.socprime.com/en/tdm-developers) to encourage cybersecurity professionals to develop more Sigma rules, share their threat-detection content and build a stronger community. The previous interview is here https://socprime.com/blog/interview-with-developer-florian-roth/ Meet Thomas Patzke Thomas is one of the most inspiring experts in the cybersecurity community who has 13+ years of […]

Read More
FIN7 Group Involved in Skimming Attacks

Delaware, USA – October 8, 2019 – Well-known groups of financially-motivated cybercriminals not only do not remain aloof from continuing to gain popularity in skimming attacks but in fact, are leaders against the background of young hacking teams. At the end of summer, IBM X-Force IRIS linked Magecart Group 6 to FIN6, showing that the […]

Read More
Ryuk Operators Obtain Payment from DCH Health System

Delaware, USA – October 7, 2019 – Last week, three hospitals of the DCH Health System were attacked by the Ryuk gang and were forced to close the doors and accept only critical patients. The attack took place on October 1, and for several days IT personal with the help of law enforcement and independent […]

Read More
Turla Group Uses Reductor RAT to Compromise TLS Traffic

Delaware, USA – October 4, 2019 – The new sophisticated remote access trojan by Turla APT not only provides attackers with full access to the victim’s system but also modifies Chrome and Firefox browsers to manipulate digital certificates and mark outbound TLS traffic with unique host-related identifiers. Kaspersky Lab researchers discovered Reductor RAT during the […]

Read More
Pastebin, BlogSpot, and Bit.ly Used to Spread RevengeRAT and Azorult, Again

Delaware, USA – October 3, 2019 – The campaign lasted at least until the end of September, and researchers associate it with the activities of the Gorgon group. The Prevailion team found a financially motivated campaign, which began last year and uses legitimate resources to infect victims with Azorult or RevengeRAT malware, and for command-and-control […]

Read More