Tag: Cyberattack

CVE-2021-40444 and CVE-2022-30190 Exploit Detection: Cobalt Strike Beacon Delivered in a Cyber-Attack on Ukrainian State Bodies

Just two days after the nefarious CVE-2022-30190 aka Follina was revealed, security researchers report in-the-wild attacks leveraging the exploits to target state institutions of Ukraine. On June 2, 2022, CERT-UA issued a heads-up warning of an ongoing campaign spreading Cobalt Strike Beacon malware by exploiting Windows CVE-2021-40444 and CVE-2022-30190 zero-day vulnerabilities, which have been recently in […]

Read More

SOC Prime is thrilled to participate in the Ninth EU MITRE ATT&CK® Community Workshop taking place in Brussels, June 2, 2022. The upcoming event will host security practitioners and offer insights into the latest updates to the MITRE ATT&CK framework for enhanced cyber defense. The program includes a series of peer sessions and informative presentations […]

Read More
XorDdos Malware Detection: Microsoft Warns of an Alarming Surge of DDoS Attacks Targeting Linux

In May 2022, Linux-based systems are getting exposed to a number of threats coming from multiple attack vectors. Early this month, the BPFDoor surveillance implant hit the headlines compromising thousands of Linux devices. Another threat targeting Linux systems is looming on the horizon. Microsoft has observed an enormous surge of malicious activity from Linux XorDdos […]

Read More
CVE-2022-22960 and CVE-2022-22954 Detection: CISA Warns of Exploitation Attempts of Unpatched VMware Vulnerabilities

On May 18, 2022, CISA issued a notice warning organizations of potential exploitation attempts of known vulnerabilities in the VMware products tracked as CVE-2022-22954 and CVE-2022-22960. Once exploited, the revealed flaws give green light to threat actors to perform malicious template injection on the server end. More specifically, the exploitation of the CVE-2022-22954 can lead […]

Read More
Operation restyLink Detection
Operation RestyLink: Detecting APT Campaign Targeting Japan

Since April 2022 researchers are observing a series of targeted cyber-attacks aimed specifically at Japanese organizations. The campaign, dubbed Operation RestyLink, is believed to be active since at least March 2022, with related malicious activity traced back to October 2021. The exact attribution is currently unclear, but the attack kill chain and its highly-targeted nature […]

Read More
Iranian COBALT MIRAGE Threat Group Launches Ransomware Attacks Against U.S. Organizations

Iranian state-backed adversaries are accelerating their pace by leveraging different attack vectors and targeting multiple industries across the world. Hot on the heels of the spear-phishing campaign launched by the infamous APT34 group spreading a new Saitama backdoor, another Iran-linked hacking collective hits the headlines performing ransomware attacks against U.S. companies. The Iranian nation-backed COBALT […]

Read More
Threat Bounty Program
SOC Prime Threat Bounty — April 2022 Results

In April, the Threat Bounty Program members contributed to the defense of the global community against the most recent cyber threats. Notably, the keen members of the Threat Bounty community have contributed detections helping to withstand recent FIN7 attacks, the TraderTraitor Malware,  Quantum Ransomware, and many others. Read More Go to Platform April ‘22 Results […]

Read More
Saitama Malware
Saitama Backdoor Detection: APT34 Aims New Malware at Jordan’s Foreign Ministry

Iranian hackers known as APT34 have launched a spear-phishing campaign distributing a novel backdoor named Saitama. This time, APT34 targets officials from Jordan’s Foreign Ministry. APT34 is associated with other monikers, such as OilRig, Cobalt Gypsy IRN2, and Helix Kitten, and has been active since at least 2014, mostly attacking entities in finance and government, […]

Read More
Armageddon Cyber Espionage Group
Armageddon APT Known As UAC-0010 Drops GammaLoad.PS1_v2 Espionage Malware in a New Phishing Campaign Against Ukraine

The infamous Russian state-sponsored hacking collective, Armageddon, recently involved in phishing attacks targeting Ukrainian and European state bodies, continues its malicious activity. Based on the latest CERT-UA investigations, Armageddon threat actors also identified as UAC-0010 have been observed in another cyber-attack against Ukraine distributing phishing emails and spreading malicious software dubbed GammaLoad.PS1_v2.  Armageddon APT Targeting […]

Read More
Novel Nerbian RAT
Nerbian RAT Detection: Novel Trojan That Leverages Covid-19 Lures to Target European Users

Another day, another RAT is sniffing its way into systems of hackers’ interest. This time the trojan called Nerbian RAT is in the limelight, leveraging Covid-19 and World’s Health Organization lures to proceed with targeted attacks against users in Italy, Spain, and the UK. The newly-discovered threat is written in Go, making the malware OS-agnostic […]

Read More