Tag: Cyberattack

On the Frontline of the Global Cyber War: Overview of Major russia-backed APT Groups Targeting Ukraine and Sigma Rules to Proactively Defend Against Their TTPs
On the Frontline of the Global Cyber War: Overview of Major russia-backed APT Groups Targeting Ukraine and Sigma Rules to Proactively Defend Against Their TTPs

The State Service of Special Communication and Information Protection of Ukraine (SSSCIP) recently issued an analytical report covering russia’s cyber aggression against Ukraine in 2022 The report provides insights into the primary hacking collectives that have been in the limelight since the outbreak of the full-scale war in Ukraine, analyzes adversary TTPs to execute intrusions, […]

Read More
Detect PlugX Trojan Masquerading as a Legitimate Windows Debugger Tool to Fly Under the Radar
Detect PlugX Trojan Masquerading as a Legitimate Windows Debugger Tool to Fly Under the Radar

Old dog, new tricks! Security researchers revealed PlugX remote access Trojan (RAT) is masquerading as a popular open-source Windows debugger tool dubbed x65dbg. Relying on DLL side-loading for this spoofing trick, nefarious RAT is able to slip past security controls and gain full control over the targeted instance.  PlugX Remote Access Trojan Detection The PlugX […]

Read More
CredPump, HoaxPen, and HoaxApe Backdoor Detection: UAC-0056 Hackers Launch Disruptive Attacks Against Ukrainian Government Websites Planned Over One Year Earlier
CredPump, HoaxPen, and HoaxApe Backdoor Detection: UAC-0056 Hackers Launch Disruptive Attacks Against Ukrainian Government Websites Planned Over One Year Earlier

Approaching the date of one-year anniversary of the outbreak of full-fledged war in Ukraine, cyber defenders addressed the risks of potential attacks against Ukraine and its allies by russian offensive forces. On February 23, CERT-UA cybersecurity researchers revealed the malicious activity attributed to the UAC-0056 hacking group, which was observed in malicious campaigns against Ukraine […]

Read More
Driving Business Growth in Turbulent Times from the Perspective of SOC Prime’s CEO: Part II
Driving Business Growth in Turbulent Times from the Perspective of SOC Prime’s CEO: Part II

How Fusing Sigma & MITRE ATT&CK® Empowers Collective Cyber Defense to Gain a Competitive Advantage in the Global Cyber War This article is based on the original interview conducted by AIN.UA and covered in the corresponding article.   In this second part of the interview with SOC Prime’s Founder, CEO, and Chairman, Andrii Bezverkhyi, we’ll provide […]

Read More
New Phishing Attack Detection Attributed to the UAC-0050 and UAC-0096 Groups Spreading Remcos Spyware
New Phishing Attack Detection Attributed to the UAC-0050 and UAC-0096 Groups Spreading Remcos Spyware

February 2023 can be marked as a month of ongoing adversary campaigns against Ukraine, exploiting the phishing attack vector and leveraging remote access software. Close on the heels of phishing attacks spreading Remcos RAT and abusing Remote Utilities software, another mass email distribution targeting Ukrainian organizations garners attention from cyber defenders. The latest CERT-UA#6011 alert […]

Read More
Mirai Variant V3G4 Detection: New Botnet Version Exploiting 13 Vulnerabilities to Target Linux Servers, IoT Devices
Mirai Variant V3G4 Detection: New Botnet Version Exploiting 13 Vulnerabilities to Target Linux Servers, IoT Devices

Threat actors are constantly enriching their offensive toolkits while experimenting with new sophisticated malware variants to expand the scope of attacks. Cyber defenders have observed a new Mirai botnet variant called V3G4 come into the spotlight in the cyber threat landscape. The novel malware variant has been leveraged in multiple adversary campaigns threatening targeted users […]

Read More
ProxyShellMiner Detection: Novel Crypto-Mining Attacks Abusing CVE-2021-34473 and CVE-2021-34523 ProxyShell Vulnerabilities in Windows Exchange Servers 
ProxyShellMiner Detection: Novel Crypto-Mining Attacks Abusing CVE-2021-34473 and CVE-2021-34523 ProxyShell Vulnerabilities in Windows Exchange Servers 

Stay alert! Threat actors once again set eyes on Microsoft Windows Exchange servers, attempting to compromise them by exploiting infamous ProxyShell vulnerabilities. Cybersecurity researchers have observed a new evasive malicious campaign dubbed “ProxyShellMiner” that exploits two Microsoft Exchange ProxyShell flaws tracked as CVE-2021-34473 and CVE-2021-34523 to deliver cryptocurrency miners.  Detect ProxyShellMiner Attacks Exploiting Microsoft Exchange […]

Read More
Driving Business Growth in Turbulent Times from the Perspective of SOC Prime’s CEO: Part I
Driving Business Growth in Turbulent Times from the Perspective of SOC Prime’s CEO: Part I

Agents of S.H.I.E.L.D.: How SOC Prime Helps Ukraine Thwart Aggressor’s Cyber Attacks This article is based on the interview conducted by our partner AIN.UA and covered in the corresponding article. In this write-up within a series covering SOC Prime’s Business Continuity Plan (BCP), SOC Prime’s Founder, CEO, and Chairman, Andrii Bezverkhyi, shares insights about the […]

Read More
Remote Utilities Exploitation: New Phishing Campaign by the UAC-0096 Group Targeting Ukrainian Organizations 
Remote Utilities Exploitation: New Phishing Campaign by the UAC-0096 Group Targeting Ukrainian Organizations 

Hot on the heels of the massive email distribution in the recent malicious campaign targeting Ukrainian state bodies and leveraging Remcos (Remote Control and Surveillance) Trojan, threat actors exploit another remote administration software dubbed Remote Utilities to hit Ukrainian organizations. CERT-UA warns the global cyber defender community of ongoing phishing attacks attributed to the UAC-0096 […]

Read More
Remcos Malware Detection: UAC-0050 Group Targets Ukrainian Government Entities in Phishing Attacks Using Remote Access Software  
Remcos Malware Detection: UAC-0050 Group Targets Ukrainian Government Entities in Phishing Attacks Using Remote Access Software  

Remcos Trojan (Remote Control and Surveillance) is frequently delivered by threat actors leveraging phishing attack vectors. The malware currently reemerges in the cyber threat arena to target Ukrainian government entities.  On February 6, 2023, cybersecurity researchers released a new CERT-UA#5926 alert detailing the mass email distribution impersonating the Ukrtelecom JSC aimed to spread Remcos malware […]

Read More