News

TDM Update – Page loading improvement, faster than ever!

Delaware, USA – March 27, 2020 – Let’s snap out of all that coronavirus staff for a moment as we have really excellent news to share!  All SOC Prime Team is currently working remotely (hope you do the same) but such conditions didn’t influence our effectiveness and striving to improve TDM platform. For the past month […]

BlackWater Backdoor Finds New Way to Misuse Cloudflare Workers

Delaware, USA – March 16, 2020 – BlackWater backdoor uses legitimate cloud infrastructure to make it harder to track and block its command-and-control communications. Cloudflare Workers platform provides a serverless execution environment for both developers who want to create new apps, and malware authors wanting to hide malicious traffic from security solutions. MalwareHunterTeam found a […]

Turla APT Uses NetFlash Dropper and PyFlash Backdoor in Watering Hole Attacks

Delaware, USA – March 12, 2020 – Russian state-sponsored cyberespionage group compromised several high-profile Armenian websites to deliver their new Python-based backdoor named PyFlash. ESET researchers discovered a watering hole operation that relies on a fake Adobe Flash update lure and delivers two new tools. Adversaries inserted a piece of malicious JavaScript code into the […]

Hacker Wars: njRat Hides in “Free” Hacking Tools Published on Underground Forums

Delaware, USA – March 11, 2020 – Undefined threat actor spreads trojanized hacking tools for free to hack persons who use them. Cybereason Nocturnus team discovered about 1,000 njRAT samples hidden in various tools and cracks for those tools: exploit scanners, site scrapers, Google dork generators, tools for SQL injections, conducting brute-force attacks, and verifying […]

APT Groups Exploit CVE-2020-0688 to Compromise Microsoft Exchange Servers

Delaware, USA – March 10, 2020 – Adversaries switched from searching for vulnerable Microsoft Exchange Servers to exploiting CVE-2020-0688 remote code execution flaw. About two weeks ago, a detailed technical report on the vulnerability was published, and adversaries began scanning the internet to create lists of potential targets. The report has pushed security researchers to […]

10 Years Old Trojan is Still Used by Tonto Team

Delaware, USA – March 6, 2020 – Chinese threat actor continues to update and use the Bisonal Remote Access Trojan, which first appeared on researchers’ radars more than 10 years ago. Cisco Talos researchers uncovered a new version of this trojan in recent cyber espionage campaigns by Tonto Team targeting Japanese, South Korean and Russian […]

Compromised Websites Distribute Buerak and Mokes Malware

Delaware, USA – March 5, 2020 – Cybercriminals compromise websites and convince visitors to install malware by informing them that some kind of security certificate had expired. Kaspersky Lab researchers have spotted new method adversaries use to convince victims to install malware on their own, which is used in the wild since mid-January. Cybercriminals insert a […]

Kimsuky APT Uses New Malware Implant

Delaware, USA – March 4, 2020 – North Korean APT group conducts a cyber-espionage campaign using new malware implants updated after their recent analysis. Kimsuky APT has been active since at least September 2013 targeting South Korean think tank as well as DPRK/nuclear-related targets. Cybaze-Yoroi ZLab analyzed the sample discovered on February 28 and compared […]

A Fistful of Bitcoins: Pwndlocker Ransomware Threatens Cities and Enterprises

Delaware, USA – March 3, 2020 – Another group of cybercriminals is hunting for big payouts attacking systems of local governments and companies encrypting them with PwndLocker ransomware. As reported by BleepingComputer, the new ransomware strain appeared at the end of last year and since then the group conducted a number of successful attacks demanding […]

Trickbot Operators Find the Way to Abuse RDP ActiveX Control for Malware Delivery

Delaware, USA – March 2, 2020 – One of the most dangerous malware received the updated downloader that abuses RDP ActiveX control in order to successfully infect Windows 10 systems. Morphisec Labs researchers discovered multiple documents that execute the javascript downloader to deploy TrickBot malware on the victim’s system. Adversaries use OSTAP downloader since August […]