Tag: Detection Content

From Beginner to Pro: Your Successful Path in Threat Bounty
From Beginner to Pro: Your Successful Path in Threat Bounty

Essential Tips to Level Up in SOC Prime Threat Bounty Program As a detection engineer, SOC analyst, and threat hunter, joining SOC Prime’s Threat Bounty Program opens the door to significant professional growth within a globally recognized cybersecurity community. The Program is designed to harness the expertise in detection engineering, enabling members to contribute high-value […]

Read More
Stealthy Strela Stealer Detection: Info-Stealing Malware Resurfaces with Enhanced Capabilities to Target Central and Southwestern Europe
Stealthy Strela Stealer Detection: Info-Stealing Malware Resurfaces with Enhanced Capabilities to Target Central and Southwestern Europe

Security researchers have revealed a stealthy campaign targeting users in Central and Southwestern Europe with an email credential stealer. Dubbed Strela, this evasive malware is deployed via phishing emails, utilizing obfuscated JavaScript and WebDAV to circumvent conventional security measures. Since its emergence two years ago, Strela Stealer has significantly enhanced its malicious capabilities, allowing it […]

Read More
Practical Guide to Converting IOCs to SIEM Queries with Uncoder AI
Practical Guide to Converting IOCs to SIEM Queries with Uncoder AI

What are IOCs, and what is their role in cybersecurity?  In cybersecurity operations, Indicators of Compromise — such as IP addresses, file hashes, domains, and URLs — serve as crucial forensic evidence for identifying malicious activities within the organization’s network. These artifacts are essential to enabling security teams to detect potential cyber threats. To leverage […]

Read More
UAC-0001 aka APT28 Attack Detection: Leveraging PowerShell Command in Clipboard as Initial Entry Point
UAC-0001 aka APT28 Attack Detection: Leveraging PowerShell Command in Clipboard as Initial Entry Point

The notorious Russian state-sponsored hacking group known as APT28 or UAC-0001, which has a history of launching targeted phishing attacks on Ukrainian public sector organizations, has resurfaced in the cyber threat landscape. In the latest adversary campaign covered by CERT-UA, attackers weaponize a PowerShell command embedded in the clipboard as an entry point to further conduct offensive […]

Read More
CVE-2024-47575 Detection: FortiManager API Vulnerability Exploited in Zero-Day Attacks
CVE-2024-47575 Detection: FortiManager API Vulnerability Exploited in Zero-Day Attacks

Attackers frequently launch high-profile attacks by exploiting RCE vulnerabilities in popular software products. Cybersecurity researchers have recently identified the widespread exploitation of FortiManager instances, with 50+ potentially compromised devices across multiple industry verticals. Defenders disclosed a critical FortiManager API vulnerability, tracked as CVE-2024-47575, that was exploited in zero-day attacks by adversaries to execute arbitrary code […]

Read More
UAC-0218 Attack Detection: Adversaries Steal Files Using HOMESTEEL Malware
UAC-0218 Attack Detection: Adversaries Steal Files Using HOMESTEEL Malware

Hot on the heels of the “Rogue RDP” attacks exploiting the phishing attack vector and targeting Ukrainian state bodies and military units, CERT-UA researchers uncovered another wave of phishing attacks leveraging emails with invoice-related subject lures and weaponizing HOMESTEEL malware for file theft. The UAC-0218 group is believed to be behind the ongoing adversary operation. […]

Read More
“Rogue RDP” Attack Detection: UAC-0215 Leverages RDP Configuration Files to Gain Remote Access to Ukrainian Public Sector Computers
“Rogue RDP” Attack Detection: UAC-0215 Leverages RDP Configuration Files to Gain Remote Access to Ukrainian Public Sector Computers

Adversaries frequently exploit remote management tools in their offensive campaigns, like the Remote Utilities software, which has been leveraged in cyber attacks against Ukraine, including those linked to the nefarious UAC-0050 actors. CERT-UA has issued a new alert warning defenders about an ongoing phishing email campaign against government agencies and defense sector organizations, with malicious […]

Read More
Detect Brute Force and Credential Access Activity Linked to Iranian Hackers: The FBI, CISA, and Partners Warn Defenders of Growing Attacks Against Critical Infrastructure Organizations
Detect Brute Force and Credential Access Activity Linked to Iranian Hackers: The FBI, CISA, and Partners Warn Defenders of Growing Attacks Against Critical Infrastructure Organizations

At the end of summer, 2024, the FBI, Department of Defense, and CISA issued a joint advisory warning cybersecurity experts of a rise in operations by Iran-affiliated adversaries known as Pioneer Kitten. The U.S. cybersecurity authoring agencies in collaboration with international partners have recently issued another advisory AA24-290A covering the increasing activity of Iranian threat […]

Read More
MEDUZASTEALER Detection: Hackers Distribute Malware Masquerading the Sender as Reserve+ Technical Support via Telegram Messaging Service
MEDUZASTEALER Detection: Hackers Distribute Malware Masquerading the Sender as Reserve+ Technical Support via Telegram Messaging Service

Hard on the heels of a new wave of cyber-attacks by UAC-0050 involving cyber espionage and financial thefts and relying on a diverse number of tools, including MEDUZASTEALER, another suspicious activity comes to the spotlight in the Ukrainian cyber threat arena. CERT-UA recently launched a new alert covering spoofed phishing attacks spreading MEDUZASTEALER via Telegram […]

Read More
UAC-0050 Attack Detection: russia-Backed APT Performs Cyber Espionage, Financial Crimes, and Disinformation Operations Against Ukraine
UAC-0050 Attack Detection: russia-Backed APT Performs Cyber Espionage, Financial Crimes, and Disinformation Operations Against Ukraine

The UAC-0050 hacking collective notorious for its long-standing offensive operations against Ukraine steps back into the cyber threat arena. CERT-UA researchers have long been investigating the group’s activity, which primarily focuses on three key directions, including cyber espionage and financial theft, along with information and psychological operations tracked under the “Fire Cells Group” brand. Financially […]

Read More