Two days before the 2nd anniversary of russia’s full-scale invasion, CERT-UA researchers uncovered an ongoing phishing attack against the Armed Forces of Ukraine. The adversary campaign linked to the UAC-0149 group has leveraged COOKBOX malware to infect targeted systems. UAC-0149 Attack Analysis Using COOKBOX Malware CERT-UA in coordination with the Cybersecurity Center of the Information […]
The nefarious China-backed Earth Preta APT also known as Mustang Panda has been targeting Asian countries in the long-lasting adversary campaign, which applied an advanced iteration of PlugX malware dubbed DOPLUGS. Detecting Earth Preta Attacks Using DOPLUGS Malware The year 2023 has been marked by the escalating activity of APT collectives reflecting the influence of […]
Today, we want to introduce to the SOC Prime’s community a talented and devoted member of the Threat Bounty Program and detection content author – Phyo Paing Htun, who has been publishing detections to the SOC Prime Platform since December 2022. Rules by Phyo Paing Htun Tell us about yourself and why you decided to […]
The source code for Knight ransomware, a rebrand of Cyclops RaaS operation, is available for sale on a hacking forum. Researchers revealed a recent advertisement posted on the RAMP forum by an individual threat actor under the moniker Cyclops who belongs to the Knight ransomware gang. The source code for Knight ransomware version 3.0 is […]
Close on the heels of a critical Jenkins RCE vulnerability, another security flaw that can pose a severe threat to global organizations emerges in the cyber threatscape. A new zero-day vulnerability in QNAP QTS and QuTS hero operating systems tracked as CVE-2023-50358 has been currently in the spotlight. The uncovered command injection vulnerability impacts QNAP […]
Threat Bounty Content In January, the members of the Threat Bounty Program were very active in submitting detections for review by SOC Prime’s content verification team. After the verification and examination of the suggested rules, 44 detections were published to the Threat Detection Marketplace, although some rules required minor changes and were returned to the […]
Throughout 2023, the frequency and sophistication of attacks have increased along with the swift evolution and adoption of AI technology. Defenders are just starting to grasp and leverage the potential of generative AI for defensive purposes to outpace adversaries, while the offensive forces don’t fall behind. Hackers have been abusing AI-powered technologies, like ChatGPT, to […]
The infamous North Korean state-sponsored hacking group Kimsuky APT has been spotted leveraging a newly discovered Golang-based information stealer tracked as Troll Stealer along with GoBear malware strains in recent attacks against South Korea. The novel malware is capable of stealing user data, network-related data, system information, and other types of data from compromised systems. […]
State-sponsored hackers acting on behalf of the Beijing government have been organizing offensive operations aimed at collecting intelligence and launching destructive campaigns against the US and global organizations for years, with multiple observed attacks being related to such groups as Mustang Panda or APT41. The latest joint alert by the intelligence agencies of the US, […]
MITRE ATT&CK acts as a periodic table to categorize and track the methods employed by attackers and enables defenders to profile, identify, and compare threat actors and prioritize threat detection goals. Leveraging ATT&CK, cyber defenders are equipped with a single framework they can rely on to retrospectively document common techniques employed in cyber attacks. SOC […]