The infamous Russian state-sponsored hacking collective, Armageddon, recently involved in phishing attacks targeting Ukrainian and European state bodies, continues its malicious activity. Based on the latest CERT-UA investigations, Armageddon threat actors also identified as UAC-0010 have been observed in another cyber-attack against Ukraine distributing phishing emails and spreading malicious software dubbed GammaLoad.PS1_v2.Ā Armageddon APT Targeting […]
Another day, another RAT is sniffing its way into systems of hackersā interest. This time the trojan called Nerbian RAT is in the limelight, leveraging Covid-19 and World’s Health Organization lures to proceed with targeted attacks against users in Italy, Spain, and the UK. The newly-discovered threat is written in Go, making the malware OS-agnostic […]
Privilege exploitation attacks in Microsoftās Windows Active Directory (AD) Domain environments are expanding their scope and growing in scale to target millions of devices. The Microsoft Security Response Center (MSRC) has recently updated information on security flaws that affect the companyās products and services, highlighting the newly discovered Active Directory Domain Services elevation of privilege […]
Adversaries utilize the PrivateLoader pay-per-install (PPI) malware distribution platform to spread a new malware framework dubbed NetDooka. This comprehensive malware framework possesses several components, such as a loader, a dropper, a kernel-mode process, a file protection driver, and a remote access trojan (RAT). The launching element of the infection chain ā of the NetDooka framework is […]
Instant Access to Sigma Rules and Relevant Context on Cyber Threats SOC Prime announces the release of a first-of-its-kind search engine for Threat Hunting, Threat Detection, and Cyber Threat Intelligence. This innovation is designed to enable cybersecurity professionals to instantly discover usable and relevant information on cyber threats including dedicated Sigma rules and on-the-fly translations […]
Bad luck for Linux-based system maintainers ā security experts have revealed a sophisticated surveillance implant that has flown under the radars of endpoint protection vendors for five years, secretly infecting thousands of Linux environments. Dubbed BPFDoor, the malware abuses the Berkeley Packet Filter (BPF) to act as a backdoor and proceed with reconnaissance. This makes […]
A wave of new phishing cyber-attacks has recently swept Ukraine. Hard on the heels of an attack by the APT28 threat actors spreading the CredoMap_v2 info-stealing malicious software, another hacking group has recently distributed phishing emails deploying malware called Jester Stealer, as CERT-UA reports. This latest malicious activity has been tracked as UAC-0104 based on […]
F5 Networks, a company that specializes in the development and distribution of software and hardware solutions, has released a Security Advisory on May 4, 2022, addressing a number of issues in their products. Shortly after, the BIG-IP family of products was hit with multiple exploitations in the wild following the publicly published proof-of-concept for a […]
Over the course of an ongoing cyber war, Russia-linked hacking collectives are looking for new ways to cripple the Ukrainian organizations in the cyber domain. On May 6, 2022, CERT-UA issued an alert warning of yet another phishing attack targeting Ukrainian state bodies. The cyber-attack has been attributed to the malicious activity of notorious Russian […]
BlackByte ransomware targeting critical infrastructures in the U.S. and across the globe since mid-summer 2021 has recently morphed into a more advanced variant. Adversaries are known to exfiltrate data before deploying ransomware and then threaten organizations to leak the stolen data if a ransom is not paid. The ransomware samples were originally written in C# […]