Tag: Cyberattack

UAC-0006 Strikes Again
Detect SmokeLoader Malware: UAC-0006 Strikes Again to Target Ukraine in a Series of Phishing Attacks

Hot on the heels of the massive phishing attacks launched by UAC-0006 at the beginning of  May 2023, CERT-UA warns cyber defenders of a new wave of cyber attacks resulting in SmokeLoader infections. The latest investigation indicates that adversaries increasingly spread phishing emails with financial subject lures and use ZIP/RAR attachments to drop malicious samples […]

Read More
UAC-0063 Cyber-Espionage Activity Detection
UAC-0063 Cyber-Espionage Activity Detection: Hackers Target Organizations in Ukraine, Kazakhstan, Kyrgyzstan, Mongolia, Izrael, and India to Gather Intelligence

Since the outbreak of the full-scale war in Ukraine, cyber defenders have identified the growing volumes of cyber-espionage campaigns aimed at collecting intelligence from the Ukrainian state bodies. On May 22, 2023, CERT-UA researchers issued a new alert warning the global cyber defender community of an ongoing cyber-espionage campaign targeting the information and communication system […]

Read More
Detecting Abused Legitimate Tools Applied by Hackers in the Human-Operated Ransomware Attacks

With the constantly changing cyber threat landscape and the increasing sophistication of the adversary toolkit, information exchange between cybersecurity experts is of paramount value.  On January 25 and 26, 2023, the global cyber defender community welcomed the sixth JSAC2023 conference for security analysts aimed to boost their expertise in the field. This annual cybersecurity event […]

Read More
UAC-0006 Resurfaces
SmokeLoader Malware Detection: UAC-0006 Group Reemerges to Launch Phishing Attacks Against Ukraine Using Financial Subject Lures

The financially-motivated hacking collective tracked as UAC-0006 comes back to the cyber threat arena exploiting the phishing attack vector and distributing the SmokeLoader malware. According to the latest CERT-UA cybersecurity alert, threat actors massively distribute phishing emails exploiting the compromised accounts with the financially related email subject and using a malicious ZIP attachment to deploy […]

Read More
UAC-0001 (APT28) Resurfaces
APT28 aka UAC-0001 Group Leverages Phishing Emails Disguised As Instructions for OS Updates Targeting Ukrainian State Bodies

The infamous russian nation-backed hacking collective tracked as APT28 or UAC-0001, which has a history of targeted attacks against Ukrainian government agencies, reemerges in the cyber threat arena.  The latest CERT-UA#6562 alert confirms that over April 2023, the hacking collective has been leveraging the phishing attack vector to massively distribute spoofed emails among Ukrainian state […]

Read More
Detect CVE-2023-28252 & CVE-2023-21554 Exploitation Attempts
Detect CVE-2023-28252 & CVE-2023-21554 Exploitation Attempts: Windows Zero-Day Actively Used in Ransomware Attacks and a Critical RCE Flaw

With a growing number of zero-day flaws affecting widely used software products, proactive detection of vulnerability exploitation has been among the most prevalent security use cases since 2021.  Microsoft has recently issued a series of security updates relevant to critical flaws affecting its products, including a patch for a zero-day actively exploited in the wild […]

Read More
DarkCrystal RAT Malware Detection
DarkCrystal RAT Malware Detection: UAC-0145 Hackers Exploit Unlicensed Microsoft Office Software as the Initial Attack Vector

With a 250% surge of cyber attacks against Ukraine in 2022 and over 2,000 of them launched by russia-affiliated threat actors since the outbreak of the full-fledged war, cyber defenders are looking for ways to help Ukraine and its allies boost their cyber resilience. On April 3, 2023, CERT-UA issued a new alert covering the […]

Read More
3CXDesktopApp Supply Chain Attack Detection
3CXDesktopApp Supply Chain Attack Detection: Active Intrusion Campaign Targeting Millions of 3CX Customers

Cybersecurity experts have uncovered an ongoing adversary campaign exploiting 3CXDesktopApp, a software application for business communication used by 12 million customers worldwide. According to the reports, threat actors gain initial access to the compromised environment, deploy payloads, and then attempt to drop info-stealing malware capable of hijacking login credentials at the final attack stage. Detecting […]

Read More
Ferrari Discloses a Data Breach
Ferrari Data Breach Disclosed: Attackers Gain Access to the Company’s Network While Demanding Ransom to Prevent Data Leakage

The massive cyber incident at Ferrari that compromised some of the company customers’ personal data has recently hit the headlines. Ferrari, the Italian industry-leading car manufacturer, covered the company’s data breach after threat actors that gained access to part of the organization’s IT infrastructure demanded a ransom not to leak the stolen data. Ferrari uncovered […]

Read More
CVE-2023-23397 Detection
Detect CVE-2023-23397 Exploits: Critical Elevation of Privilege Vulnerability in Microsoft Outlook Leveraged in the Wild to Target European Government and Military

Security heads-up for cyber defenders! Microsoft has recently fixed a critical elevation of privilege vulnerability (CVE-2023-23397) affecting Microsoft Outlook for Windows that allows adversaries to dump hash passwords from targeted instances. Notably, the flaw has been exploited in the wild as a zero-day since April 2022, being utilized in cyber-attacks against the government, military, and […]

Read More