News

City of Torrance Suffers DoppelPaymer Ransomware Attack

Delaware, USA – April 22, 2020 – Adversaries stole 200 GB of data from servers in the City of Torrance of the Los Angeles metropolitan area, California, before encrypting, and now threaten to sell the stolen data in the Dark Web to ‘cover the costs of the attack’. The attack occurred back in early March, and […]

DragonFly Linked to San Francisco Airport Attacks

Delaware, USA – April 17, 2020 – The websites of the San Francisco International Airport used by airport employees and construction contractors became the targets of a cyber attack in March 2020. The airport management reported the incident on the official website: “The attackers inserted malicious computer code on these websites to steal some users’ […]

Ragnar Locker Ransomware Gang Sets Own Record Demanding About $11M From EDP

Delaware, USA – April 15, 2020 – Ragnar Locker ransomware hit Energias de Portugal (EDP), a global energy company and one of the largest producers of wind energy. BleepingComputer informs that attackers claim to have stolen 10TB of sensitive data including employees’ credentials, financial information, and data related to partners and customers. They use the […]

FIN6 Uses TrickBot’s Anchor Malware Framework

Delaware, USA – April 9, 2020 – Trickbot operators began to collaborate with another advanced threat actor and provide hackers with access to infected systems on the networks of high-profile targets and a multi-functional malware framework. Researchers at IBM X-Force have discovered traces of the FIN6 cybercriminal group in a recent Anchor malware distribution campaign […]

TDM at 200% speed & mobile friendly latest MITRE ATT&CK

Delaware, USA – April 8, 2020 – Since October 2019, our R&D team was officially tasked with improving the Threat Detection Marketplace’s overall page and interface performance. First of the three performance releases was rolled out last week!  We are pleased to show the following improvements. Page Load Time is now  faster by up to 787% […]

TDM Update – Page loading improvement, faster than ever!

Delaware, USA – March 27, 2020 – Let’s snap out of all that coronavirus staff for a moment as we have really excellent news to share!  All SOC Prime Team is currently working remotely (hope you do the same) but such conditions didn’t influence our effectiveness and striving to improve TDM platform. For the past month […]

BlackWater Backdoor Finds New Way to Misuse Cloudflare Workers

Delaware, USA – March 16, 2020 – BlackWater backdoor uses legitimate cloud infrastructure to make it harder to track and block its command-and-control communications. Cloudflare Workers platform provides a serverless execution environment for both developers who want to create new apps, and malware authors wanting to hide malicious traffic from security solutions. MalwareHunterTeam found a […]

Turla APT Uses NetFlash Dropper and PyFlash Backdoor in Watering Hole Attacks

Delaware, USA – March 12, 2020 – Russian state-sponsored cyberespionage group compromised several high-profile Armenian websites to deliver their new Python-based backdoor named PyFlash. ESET researchers discovered a watering hole operation that relies on a fake Adobe Flash update lure and delivers two new tools. Adversaries inserted a piece of malicious JavaScript code into the […]

Hacker Wars: njRat Hides in “Free” Hacking Tools Published on Underground Forums

Delaware, USA – March 11, 2020 – Undefined threat actor spreads trojanized hacking tools for free to hack persons who use them. Cybereason Nocturnus team discovered about 1,000 njRAT samples hidden in various tools and cracks for those tools: exploit scanners, site scrapers, Google dork generators, tools for SQL injections, conducting brute-force attacks, and verifying […]

APT Groups Exploit CVE-2020-0688 to Compromise Microsoft Exchange Servers

Delaware, USA – March 10, 2020 – Adversaries switched from searching for vulnerable Microsoft Exchange Servers to exploiting CVE-2020-0688 remote code execution flaw. About two weeks ago, a detailed technical report on the vulnerability was published, and adversaries began scanning the internet to create lists of potential targets. The report has pushed security researchers to […]