The exponential rise and escalation in intrusion complexity of ransomware attacks fuel the need for proactive ransomware detection. FBI and CISA issue a joint cybersecurity heads-up notifying the global defender community of a dramatic increase in Phobos ransomware attacks targeting the U.S. state bodies and other critical infrastructure, resulting in successful ransom demands amounting to […]
Two days before the 2nd anniversary of russiaās full-scale invasion, CERT-UA researchers uncovered an ongoing phishing attack against the Armed Forces of Ukraine. The adversary campaign linked to the UAC-0149 group has leveraged COOKBOX malware to infect targeted systems. UAC-0149 Attack Analysis Using COOKBOX Malware CERT-UA in coordination with the Cybersecurity Center of the Information […]
The source code for Knight ransomware, a rebrand of Cyclops RaaS operation, is available for sale on a hacking forum. Researchers revealed a recent advertisement posted on the RAMP forum by an individual threat actor under the moniker Cyclops who belongs to the Knight ransomware gang. The source code for Knight ransomware version 3.0 is […]
Throughout 2023, the frequency and sophistication of attacks have increased along with the swift evolution and adoption of AI technology. Defenders are just starting to grasp and leverage the potential of generative AI for defensive purposes to outpace adversaries, while the offensive forces donāt fall behind. Hackers have been abusing AI-powered technologies, like ChatGPT, to […]
The infamous North Korean state-sponsored hacking group Kimsuky APT has been spotted leveraging a newly discovered Golang-based information stealer tracked as Troll Stealer along with GoBear malware strains in recent attacks against South Korea. The novel malware is capable of stealing user data, network-related data, system information, and other types of data from compromised systems. […]
State-sponsored hackers acting on behalf of the Beijing government have been organizing offensive operations aimed at collecting intelligence and launching destructive campaigns against the US and global organizations for years, with multiple observed attacks being related to such groups as Mustang Panda or APT41. The latest joint alert by the intelligence agencies of the US, […]
MITRE ATT&CK acts as a periodic table to categorize and track the methods employed by attackers and enables defenders to profile, identify, and compare threat actors and prioritize threat detection goals. Leveraging ATT&CK, cyber defenders are equipped with a single framework they can rely on to retrospectively document common techniques employed in cyber attacks. SOC […]
Cybersecurity researchers recently unveiled a new variant of a stealthy info-stealing malware known as Mispadu Stealer. Adversaries behind the latest attacks against Mexican users leveraging Mispadu banking Trojan have been observed exploiting a recently fixed Windows SmartScreen vulnerability tracked as CVE-2023-36025. Detect Mispadu Stealer With dozens of new malware samples emerging in the cyber domain […]
In January 2023, SOC Prime launched The Prime Hunt, an open-source browser add-on acting as a single platform-agnostic UI for threat hunters, regardless of a security solution in use. For over one year since The Prime Hunt launch, we have been working on the tool enhancements, broadening the supported technology stack and adding handy features […]
In addition to the rising frequency of cyber attacks by the infamous UAC-0050 group targeting Ukraine, other hacking collectives are actively trying to infiltrate the systems and networks of Ukrainian organizations. At the turn of February 2024, defenders identified over 2,000 computers infected with DIRTYMOE (PURPLEFOX) malware as a result of a massive cyber attack […]