Cybersecurity researchers have observed a burst of the new malicious activity of the Emotet botnet, which has been under the radar for almost half a year. The infamous Trojan attributed to the malicious activity of the TA542 hacking group came back in November 2022, expanding its dominance and impact in the email threat landscape. In […]
Ransomware is a number one threat posing a significant menace to security defenders worldwide, with the attack trend constantly growing throughout 2021-2022. Recently, security experts revealed a massive QakBot malware campaign increasingly targeting U.S.-based vendors to deliver Black Basta ransomware. During the last decade of November 2022, at least 10 businesses in the United States […]
The infamous China-linked Earth Preta (aka Mustang Panda, Bronze President, TA416) APT group has been attributed to a wave of spear-phishing attacks against global organizations in multiple industry sectors, including government institutions, primarily in Asia Pacific regions. Cybersecurity researchers have observed that threat actors abused fake Google accounts to spread different strains of malware, including […]
Since the outbreak of the global cyber war, cyber attacks against Ukraine and its allies leveraging info-stealers and malicious payloads have been causing a stir in the cyber threat arena. In the latest cyber attack on the Ukrainian organization, threat actors have applied a diverse offensive toolkit, including the Vidar info-stealer and the notorious Cobalt […]
The russia-linked Armageddon APT aka Gamaredon or UAC-0010 has been launching a series of cyber attacks on Ukraine since the outbreak of the global cyber war. On November 8, 2022, CERT-UA released the latest alert detailing the ongoing spearphishing campaign of this russia-backed cyber-espionage hacking collective, in which adversaries massively distribute spoofed emails masquerading as […]
With crypto mining attacks significantly increasing over the past couple of years, increasing awareness of cryptojacking is of paramount importance. Cybersecurity researchers have recently uncovered a massive cryptojacking campaign abusing free CI/CD service providers, with over 30 GitHub, 2,000 Heroku, and 900 Buddy accounts compromised. Dubbed PURPLEURCHIN, the malicious operation applies sophisticated obfuscation techniques and […]
In May 2022, Cuba ransomware maintainers resurfaced marking their loud entrance into the cyber threat arena by leveraging a novel custom remote access Trojan called ROMCOM (or RomCom) RAT. On October 22, 2010, CERT-UA warned the global cyber defender community of the ongoing phishing campaigns targeting Ukrainian officials with the email sender masquerading as the […]
A community-driven approach based on Detection-as-Code principles and cutting-edge technology leveraging Sigma language and MITRE ATT&CK® enables intelligent-driven threat detection, cost-efficient and cross-platform threat investigation, and instant access to detections for critical threats. SOC Prime’s platform aggregates over 200,000 pieces of detection content easily convertible to 25+ SIEM, EDR, and XDR formats and aligned with […]
BlackByte ransomware reemerges in the cyber threat arena exploiting a security flaw in legitimate drivers to disable EDR products on compromised devices. Cybersecurity researchers have revealed that ransomware operators apply an advanced adversary technique dubbed “Bring Your Own Driver” enabling them to bypass security products and spread infection on vulnerable machines. Detect BlackByte Ransomware Used […]
Stay on alert! Cybersecurity researchers have recently revealed new Microsoft Exchange zero-day vulnerabilities aka ProxyNotShell tracked as CVE-2022-41040 and CVE-2022-41082 that are currently actively exploited in the wild. The newly uncovered bugs in Microsoft Exchange Server can be paired together in the exploit chain to spread Chinese Chopper web shells on the targeted servers. According […]