Tag: Cyberattack

CVE-2022-22960 and CVE-2022-22954 Detection: CISA Warns of Exploitation Attempts of Unpatched VMware Vulnerabilities

On May 18, 2022, CISA issued a notice warning organizations of potential exploitation attempts of known vulnerabilities in the VMware products tracked as CVE-2022-22954 and CVE-2022-22960. Once exploited, the revealed flaws give green light to threat actors to perform malicious template injection on the server end. More specifically, the exploitation of the CVE-2022-22954 can lead […]

Read More
Operation restyLink Detection
Operation RestyLink: Detecting APT Campaign Targeting Japan

Since April 2022 researchers are observing a series of targeted cyber-attacks aimed specifically at Japanese organizations. The campaign, dubbed Operation RestyLink, is believed to be active since at least March 2022, with related malicious activity traced back to October 2021. The exact attribution is currently unclear, but the attack kill chain and its highly-targeted nature […]

Read More
Iranian COBALT MIRAGE Threat Group Launches Ransomware Attacks Against U.S. Organizations

Iranian state-backed adversaries are accelerating their pace by leveraging different attack vectors and targeting multiple industries across the world. Hot on the heels of the spear-phishing campaign launched by the infamous APT34 group spreading a new Saitama backdoor, another Iran-linked hacking collective hits the headlines performing ransomware attacks against U.S. companies. The Iranian nation-backed COBALT […]

Read More
Threat Bounty Program
SOC Prime Threat Bounty — April 2022 Results

In April, the Threat Bounty Program members contributed to the defense of the global community against the most recent cyber threats. Notably, the keen members of the Threat Bounty community have contributed detections helping to withstand recent FIN7 attacks, the TraderTraitor Malware,  Quantum Ransomware, and many others. Read More Go to Platform April ‘22 Results […]

Read More
Saitama Malware
Saitama Backdoor Detection: APT34 Aims New Malware at Jordan’s Foreign Ministry

Iranian hackers known as APT34 have launched a spear-phishing campaign distributing a novel backdoor named Saitama. This time, APT34 targets officials from Jordan’s Foreign Ministry. APT34 is associated with other monikers, such as OilRig, Cobalt Gypsy IRN2, and Helix Kitten, and has been active since at least 2014, mostly attacking entities in finance and government, […]

Read More
Armageddon Cyber Espionage Group
Armageddon APT Known As UAC-0010 Drops GammaLoad.PS1_v2 Espionage Malware in a New Phishing Campaign Against Ukraine

The infamous Russian state-sponsored hacking collective, Armageddon, recently involved in phishing attacks targeting Ukrainian and European state bodies, continues its malicious activity. Based on the latest CERT-UA investigations, Armageddon threat actors also identified as UAC-0010 have been observed in another cyber-attack against Ukraine distributing phishing emails and spreading malicious software dubbed GammaLoad.PS1_v2.  Armageddon APT Targeting […]

Read More
Novel Nerbian RAT
Nerbian RAT Detection: Novel Trojan That Leverages Covid-19 Lures to Target European Users

Another day, another RAT is sniffing its way into systems of hackers’ interest. This time the trojan called Nerbian RAT is in the limelight, leveraging Covid-19 and World’s Health Organization lures to proceed with targeted attacks against users in Italy, Spain, and the UK. The newly-discovered threat is written in Go, making the malware OS-agnostic […]

Read More
CVE-2022-26923
CVE-2022-26923 Detection: Active Directory Domain Privilege Escalation Vulnerability

Privilege exploitation attacks in Microsoft’s Windows Active Directory (AD) Domain environments are expanding their scope and growing in scale to target millions of devices. The Microsoft Security Response Center (MSRC) has recently updated information on security flaws that affect the company’s products and services, highlighting the newly discovered Active Directory Domain Services elevation of privilege […]

Read More
BPFDoor Malware
BPFDoor Malware Detection: Evasive Surveillance Tool Used to Spy on Linux Devices

Bad luck for Linux-based system maintainers – security experts have revealed a sophisticated surveillance implant that has flown under the radars of endpoint protection vendors for five years, secretly infecting thousands of Linux environments. Dubbed BPFDoor, the malware abuses the Berkeley Packet Filter (BPF) to act as a backdoor and proceed with reconnaissance. This makes […]

Read More
Instant Threat Hunting Success with Detection as Code On-Demand

SOC Prime Launches New Subscription Plans to Accelerate Threat Detection with Customized, On-Demand Content In general, detection engineering suffers from the need to continuously hunt for aggressive, damaging, current and long-impactful cyber threats. The need for automated, systematic, repeatable, predictable and shareable approaches is glaring. Especially for most detection engineers that must function as threat […]

Read More