News

Chinese Cyberspies Deploy PcShare Trojan on Asian Technology Firms

Delaware, USA – October 2, 2019 – An ongoing campaign by one of the Chinese cyber-espionage groups targets technology companies in Southeast Asia. BlackBerry Cylance discovered a campaign lasting about two years and distributing a modified PcShare backdoor and trojanized Narrator executable. According to a recent Crowdstrike report on the activity of state-sponsored hackers, Chinese […]

ODT Files Used to Deliver Trojans and Infostealer

Delaware, USA – October 1, 2019 – Adversaries take advantage of the fact that many antivirus solutions do not carefully scan OpenDocument Text files. Security researchers at the Cisco Talos team have discovered the use of ODT files to spread malware in several campaigns targeting English and Arabic speaking users. The files used are archives […]

Magecart Group Plans to Inject Skimmers at the Router Level

Delaware, USA – September 30, 2019 – One of the most sophisticated Magecart groups is exploring new ways to steal payment card data. IBM X-Force team discovered Magecart scripts which can be deployed on Level 7 routers that are capable of manipulating traffic at the application level. It is not known whether scripts were used […]

Thomas Patzke Joins SOC Prime Advisory Board

Delaware, USA – September 25, 2019 – SOC Prime, Inc. is pleased to announce Thomas Patzke joins our Advisory Board. Thomas is one of the most inspiring experts in the cyber security community who has 13+ years of experience in the area of information security, currently works as blue teamer and threat hunter at thyssenkrupp […]

Fancy Bear Returns With New Zebrocy Backdoor

Delaware, USA – September 24, 2019 – In late summer, Fancy Bear launched a new campaign targeting Ministries of Foreign Affairs and embassies in Europe and Central Asia with rewritten Zebrocy backdoor. The campaign started on August 20, and two days later it was discovered by Telsy’s researchers. Unlike past companies, cybercriminals send an empty […]

LookBack Campaign Continues After Exposure

Delaware, USA – September 24, 2019 – Instead of stopping the campaign, the LookBack trojan operators changed the text of the phishing emails and continued to attack organizations in the US Utilities Sector. Proofpoint researchers continued their investigation of LookBack malware attacks and found that there were significantly more attacked companies, and the campaign itself […]

Dtrack RAT on the Service of Lazarus Group

Delaware, USA – September 23, 2019 – Lazarus group expanded their toolset with Dtrack remote access trojan to attack research centers and financial organizations in India. Kaspersky Lab published the report describing the infection process and malware capabilities. Researchers discovered ATMDtrack malware used in attacks on Indian banks a year ago, and a search for […]

Changes in Emotet Behaviour in Ongoing Spam Campaigns

Delaware, USA – September 20, 2019 – The triumphant return of Emotet botnet with the new campaign this week made a lot of noise, and in addition to the scale of the campaign, researchers noted significant changes in both the botnet’s infrastructure and the infection methods. The campaign started on Monday, cybercriminals attacked users from […]

Smominru Botnet Rises Again

Delaware, USA – September 19, 2019 – The growth of the Monero cryptocurrency price provokes the return of major players to the race for other people’s computing power. Guardicore Labs uncovered winning streak of infamous Smominru botnet infecting about 4.7k systems per day. The botnet appeared in May 2017 and used mainly EternalBlue exploit to […]

TortoiseShell Group Compromises IT Providers in the Middle East

Delaware, USA – September 18, 2019 – Another young hacking group hacks IT providers in the Middle East to prepare supply chain attacks. Symantec’s researchers have revealed the activity of the group, which they called Tortoiseshell, operating since last July. During this time, attackers compromised at least 11 IT providers, most of their targets are […]