Tag: Cyberattack

Cobalt Strike Beacon Malware Spread Via Targeted Phishing Emails Related to Azovstal: Cyber-Attack on Ukrainian Government Entities
Cobalt Strike Beacon Malware Spread Via Targeted Phishing Emails Related to Azovstal: Cyber-Attack on Ukrainian Government Entities

On April 18, 2022, CERT-UA issued an alert warning of ongoing cyber-attacks targeting Ukrainian state bodies. According to the research, government officials were exposed to targeted phishing attacks using emails related to Azovstal that contained malicious attachments spreading Cobalt Strike Beacon malware. The detected activity reflects the behavior patterns associated with the hacking collective tracked […]

Read More
Pipedream/INCONTROLLER Detection: New Attack Framework and Tools Target Industrial Control Systems
Pipedream/INCONTROLLER Detection: New Attack Framework and Tools Target Industrial Control Systems

The US governmental agencies – CISA, FBI, NSA, and the Energy Department – along with several corporate teams of cybersecurity researchers have sounded the alarm about nationwide threats to industrial control systems (ICS). According to the security investigators, APT actors leverage a destructive toolset to take over targeted machines upon establishing initial access to the […]

Read More
CVE-2022-29072 Detection: Flaw in 7-Zip Grants Hackers Excessive Permissions
CVE-2022-29072 Detection: Flaw in 7-Zip Grants Hackers Excessive Permissions

The 7-Zip file archiver versions of 21.07 have a serious security weak point. 7-Zip is one of the most in-demand tools to compress and package files with a wide array of supported formats including 7z, ZIP, GZIP, BZIP2, and TAR. The vulnerability tracked as CVE-2022-29072 grants adversaries elevated access and command execution when a file […]

Read More
Parrot Traffic Direction System (TDS) Attacks
Parrot Traffic Direction System (TDS) Attacks

A novel Traffic Direction System (TDS), dubbed Parrot TDS, takes advantage of a network of hacked servers that host websites to route victims that fit the required profile to domains used to run scamming schemes or distribute malware. According to the current data, the number of compromised websites has reached 16,500 and counting. Adversaries primarily […]

Read More
Tarrask Malware Detection: Defense Evasion Tool to Abuse Scheduled Tasks
Tarrask Malware Detection: Defense Evasion Tool to Abuse Scheduled Tasks

China-backed collective tagged Hafnium (sometimes referred to as APT) has been spotted launching attacks on devices running Windows. The tool they used to generate “hidden” scheduled tasks and establish persistence within Windows instances under attack is dubbed Tarrask malware. Experts report about Internet and data providers being attacked extensively, within the most active attack time […]

Read More
Detecting IcedID: The Latest Campaign Against Ukrainian Government Bodies
Detecting IcedID: The Latest Campaign Against Ukrainian Government Bodies

On April, 14, the Computer Emergency Response Team of Ukraine (CERT-UA) issued a new heads-up that warns of an ongoing cyber-attack leveraging the infamous IcedID malware designed to compromise Ukrainian state bodies. The detected malware also dubbed as BankBot or BokBot is a banking Trojan primarily designed to target financial data and steal banking credentials.  […]

Read More
Denonia Malware Detection: Go-Based Wrapper Compromises AWS Lambda to Deploy Monero Miner
Denonia Malware Detection: Go-Based Wrapper Compromises AWS Lambda to Deploy Monero Miner

Security researchers report alarming activity associated with a tailor-made malware dubbed Denonia to target Amazon Web Services (AWS) Lambda environments. The malware is written in the Go language. Once in the system, it is used to download, install, and execute the XMRig cryptomining files for Monero cryptocurrency mining. Detect Denonia Malware AWS Lambda malware, aka […]

Read More
Detect Industroyer2 and CaddyWiper Malware: Sandworm APT Hits Ukrainian Power Facilities
Detect Industroyer2 and CaddyWiper Malware: Sandworm APT Hits Ukrainian Power Facilities

CERT-UA in collaboration with Microsoft and ESET has recently reported about the large-scale cyber-attack on the Ukrainian energy providers, marking the second power outage attack in human history. This latest activity is attributed to the russia-affiliated Sandworm APT group also tracked as UAC-0082.   In this very attack, threat actors leveraged Industroyer2, the latest sample of […]

Read More
CVE-2022-22954 Detection: Critical Vulnerability Sets Grounds for RCE Attacks
CVE-2022-22954 Detection: Critical Vulnerability Sets Grounds for RCE Attacks

Last week, VMware released an advisory urging users to patch eight vulnerabilities of various severity levels. Unpatched bugs enable the compromise of the following VMware products: VMware Workspace ONE Access, Identity Manager (vIDM), vRealize Automation (vRA), Cloud Foundation, and Suite Lifecycle Manager. The easiest prey on the hit list with the CVSS score of 9.8 […]

Read More
Remcos RAT Phishing Campaign: An Updated Infection Chain
Remcos RAT Phishing Campaign: An Updated Infection Chain

A new wave of phishing delivering Remcos RAT payload has been observed by security researchers. Remcos is a commercial remote administration trojan developed by Breaking Security firm, that is accessible for free from their website. According to the source that developed this tool, Remcos is capable of downloading entire folders in one click, using a […]

Read More