Cybersecurity researchers have unveiled a novel sophisticated multi-stage attack, in which adversaries take advantage of the ScrubCrypt anti-malware evasion tool to drop VenomRAT along with multiple harmful plugins, including nefarious Remcos, XWorm, NanoCore RAT, and other malicious strains. Detect VenomRAT Deployed via ScrubCrypt With cyber-attacks proliferating and employing increasingly sophisticated intrusion methods, cyber defenders require […]
Hard on the heels of the DEEP#GOSU offensive campaign associated with the North Korean hacking collective Kimsuky APT, the group comes to the spotlight once again by shifting their adversary TTPs. Defenders have recently observed Kimsuky’s use of Microsoft Compiled HTML Help (CHM) files to spread malware and collect sensitive data from impacted instances. Detect […]
The nefarious cyber-espionage North Korean Kimsuky APT group has been in the limelight in the cyber threatscape since at least 2012. A new multi-stage Kimsuky-affiliated offensive campaign tracked as DEEP#GOSU hits the headlines, posing threats to Windows users and leveraging PowerShell and VBScript malware to infect targeted systems. Detect DEEP#GOSU Attack Campaign Last year has […]
A couple of months after the massive exploitation of CVE-2023-42793, novel critical vulnerabilities in JetBrains TeamCity came into the spotlight, exposing affected users to the risks of the complete compromise of the impacted systems. Tracked as CVE-2024-27198 and CVE-2024-27199, the discovered security flaws can give unauthenticated attackers the green light to gain administrative control of […]
The exponential rise and escalation in intrusion complexity of ransomware attacks fuel the need for proactive ransomware detection. FBI and CISA issue a joint cybersecurity heads-up notifying the global defender community of a dramatic increase in Phobos ransomware attacks targeting the U.S. state bodies and other critical infrastructure, resulting in successful ransom demands amounting to […]
Two days before the 2nd anniversary of russia’s full-scale invasion, CERT-UA researchers uncovered an ongoing phishing attack against the Armed Forces of Ukraine. The adversary campaign linked to the UAC-0149 group has leveraged COOKBOX malware to infect targeted systems. UAC-0149 Attack Analysis Using COOKBOX Malware CERT-UA in coordination with the Cybersecurity Center of the Information […]
The source code for Knight ransomware, a rebrand of Cyclops RaaS operation, is available for sale on a hacking forum. Researchers revealed a recent advertisement posted on the RAMP forum by an individual threat actor under the moniker Cyclops who belongs to the Knight ransomware gang. The source code for Knight ransomware version 3.0 is […]
Throughout 2023, the frequency and sophistication of attacks have increased along with the swift evolution and adoption of AI technology. Defenders are just starting to grasp and leverage the potential of generative AI for defensive purposes to outpace adversaries, while the offensive forces don’t fall behind. Hackers have been abusing AI-powered technologies, like ChatGPT, to […]
The infamous North Korean state-sponsored hacking group Kimsuky APT has been spotted leveraging a newly discovered Golang-based information stealer tracked as Troll Stealer along with GoBear malware strains in recent attacks against South Korea. The novel malware is capable of stealing user data, network-related data, system information, and other types of data from compromised systems. […]
State-sponsored hackers acting on behalf of the Beijing government have been organizing offensive operations aimed at collecting intelligence and launching destructive campaigns against the US and global organizations for years, with multiple observed attacks being related to such groups as Mustang Panda or APT41. The latest joint alert by the intelligence agencies of the US, […]