Tag: Cyberattack

New MerlinAgent Open-Source Tool Used by UAC-0154 Group to Target Ukrainian State Agencies
New MerlinAgent Open-Source Tool Used by UAC-0154 Group to Target Ukrainian State Agencies

Cyber defenders observe growing volumes of cyber attacks against Ukraine and its allies launched by the russian offensive forces, with the aggressor frequently leveraging the phishing attack vector and the public sector serving as the primary target.  CERT-UA notifies cyber defenders of the ongoing phishing campaign against Ukrainian state bodies massively distributing emails with the […]

Read More
Detect CVE-2023-35078 Exploitation: Critical Authentication Bypass Zero-Day in Ivanti Endpoint Manager Mobile (EPMM)
Detect CVE-2023-35078 Exploitation: Critical Authentication Bypass Zero-Day in Ivanti Endpoint Manager Mobile (EPMM)

Cybersecurity heads up! After a series of security holes in Pulse Connect Secure SSL VPN appliance affected multiple organizations back in 2021, a new critical zero-day has been recently revealed in Ivanti products. The novel security issue impacting Ivanti Endpoint Manager Mobile (EPMM) enables remote unauthenticated API access to specific paths. By exploiting the flaw, […]

Read More
Mallox Ransomware Detection: Increasing Attacks Abusing MS-SQL Servers
Mallox Ransomware Detection: Increasing Attacks Abusing MS-SQL Servers

Cyber defenders have observed a recent surge in cyber attacks spreading Mallox ransomware. For a period of two years, ransomware operators have been abusing MS-SQL servers as the initial access vector to spread the infection further. Detect Mallox Ransomware With the growing activity of the Mallox ransomware gang and their ambitions to expand the impact […]

Read More
CAPIBAR and KAZUAR Malware Detection: Turla aka UAC-0024 or UAC-0003 Launches Targeted Cyber-Espionage Campaigns Against Ukraine
CAPIBAR and KAZUAR Malware Detection: Turla aka UAC-0024 or UAC-0003 Launches Targeted Cyber-Espionage Campaigns Against Ukraine

Since at least 2022, the hacking collective tracked as UAC-0024 has been launching a series of offensive operations targeting Ukraine’s defense forces. The group’s cyber-espionage activity mainly focuses on intelligence gathering leveraging CAPIBAR malware. Based on attacker TTPs along with the uncovered use of another malware dubbed Kazuar, the adversary activity can be linked to […]

Read More
What Are LOLBins?
What Are LOLBins?

LOLBins, also known as “Living off the Land Binaries,” are binaries that use legitimate commands and pre-installed executables of the operating system to perform malicious activities. LOLBins use local system binaries to bypass detection, deliver malware, and remain undetected. When leveraging LOLBins, adversaries can improve their chances of staying unnoticed by using legitimate cloud services […]

Read More
UAC-0010 aka Armageddon APT Attacks Detection: Overview of Group’s Ongoing Offensive Operations Targeting Ukraine
UAC-0010 aka Armageddon APT Attacks Detection: Overview of Group’s Ongoing Offensive Operations Targeting Ukraine

Since russia’s full-fledged invasion of Ukraine, the aggressor’s offensive forces have launched thousands of targeted cyber attacks against Ukraine. One of the most persistent threats belongs to the infamous cyber-espionage gang tracked as UAC-0010 (Armageddon). This article provides an overview of the group’s adversary activity against Ukraine largely exploiting the phishing attack vector as of […]

Read More
SmokeLoader Detection: UAC-0006 Group Launches a New Phishing Campaign Against Ukraine
SmokeLoader Detection: UAC-0006 Group Launches a New Phishing Campaign Against Ukraine

Heads up! Cyber defenders are notified of a new wave of phishing attacks leveraging the invoice-relate email subjects with the infection chain triggered by opening a malicious VBS file, which leads to spreading SmokeLoader malware on the affected devices. According to the investigation, the malicious activity can be attributed to the financially-motivated UAC-0006 hacking gang […]

Read More
Storm-0978 Attacks Detection: russia-linked Hackers Exploit CVE-2023-36884 to Spread a Backdoor Targeting Defense and Public Sector Organizations 
Storm-0978 Attacks Detection: russia-linked Hackers Exploit CVE-2023-36884 to Spread a Backdoor Targeting Defense and Public Sector Organizations 

Cybersecurity researchers have unveiled a new offensive operation launched by the russia-backed Storm-0978 aka DEV-0978 group, which is also tracked as RomCom based on the name of the nefarious backdoor they are associated with. In this campaign, hackers are targeting defense organizations and public authorities in Europe and North America leveraging the phishing attack vector […]

Read More
BlackCat aka ALPHV Attack Detection: Hackers Abuse Malvertising to Spread Malware and Leverage SpyBoy Terminator to Hinder Security Protection
BlackCat aka ALPHV Attack Detection: Hackers Abuse Malvertising to Spread Malware and Leverage SpyBoy Terminator to Hinder Security Protection

Cybersecurity researchers have uncovered traces of new malicious activity attributed to the nefarious BlackCat aka ALPHV ransomware gang. The adversary campaign involves the distribution of malware via cloned webpages of legitimate companies, including the webpage of a popular WinSCP file-transferring service. BlackCat is also observed using SpyBoy Terminator for its offensive purposes to hinder anti-malware […]

Read More
PicassoLoader and njRAT Detection: UAC-0057 Hackers Perform a Targeted Attack Against Ukrainian Public Entities
PicassoLoader and njRAT Detection: UAC-0057 Hackers Perform a Targeted Attack Against Ukrainian Public Entities

Cybersecurity researchers issue a heads-up covering a new targeted cyber attack by the UAC-0057 group against Ukrainian public officials leveraging XLS files that contain a malicious macro spreading PicassoLoader malware. The malicious loader is capable of dropping another malicious strain dubbed njRAT to spread the infection further. PicassoLoader and njRAT Malware Distribution by UAC-0057 Hackers: […]

Read More