The method of a secure cryptographic key exchange was introduced by Whitfield Diffie and Martin Hellman in 1976. Cool thing about the public and private key pair is that the decryption key cannot be deciphered in any way from an encryption key. This feature is exactly what’s exploited by ransomware actors who encrypt data and […]
The modern cyber threat landscape illustrates a growing trend in the use of Golang-based malware, which is actively adopted by multiple hacking collectives. Cybersecurity researchers have recently uncovered a novel Golang-based malicious campaign tracked as GO#WEBBFUSCATOR, in which hackers leverage a notorious deep field image taken from NASA’s James Webb Space Telescope as a lure […]
On August 30 and 31, 2022, CERT-UA revealed a burst of adversary activity massively distributing phishing emails among Ukrainian, Austrian, and German organizations. According to the corresponding CERT-UA#5252 alert, hackers exploit the email attachment vector spreading the notorious AgentTesla info-stealing malware. The malicious activity can be attributed to the behavior patterns of the hacking collective […]
The malicious campaigns of the Iran-backed APT34 hacking collective also tracked as Charming Kitten, have been causing a stir in the cyber threat arena in 2022, including the cyber-attacks exploiting Microsoft Exchange ProxyShell vulnerabilities. In late August 2022, cybersecurity researchers revealed the ongoing malicious activity posing a serious threat to Gmail, Yahoo!, and Microsoft Outlook […]
July ‘22 Updates During the previous month, we introduced several improvements to content validation and Sigma Rules Bot for Threat Bounty, released a number of blog articles providing an extended context to the threat detection rules published by Threat Bounty Program members, and worked in close cooperation with content authors on improving the already existing […]
Cybersecurity experts from Microsoft Threat Intelligence Center (MSTIC) have disrupted the infrastructure of a nefarious APT responsible for long-lasting cyberespionage activities aimed at targets within NATO countries. The group, dubbed SEABORGIUM, launched multiple phishing, data theft, and hack-and-leak campaigns to spy on defense contractors, NGOs, IGOs, think tanks, and educational institutions, allegedly on-behalf of russian […]
According to SOC Prime’s Detection as Code Innovation Report covering the threat landscape of 2021-2022, the Ransomware-as-a-Service (RaaS) model is gaining a monopoly in the cyber threat arena, with the majority of ransomware affiliates involved in diverse RaaS campaigns. On August 11, 2022, CISA, in conjunction with the FBI, issued a joint cybersecurity advisory on […]
BlueSky ransomware represents a rapidly evolving malware family that involves sophisticated anti-analysis capabilities and constantly enhances its evasion techniques. BlueSky ransomware targets Windows hosts and relies on a multithreading technique for faster file encryption. Cybersecurity researchers attribute the revealed ransomware patterns to the adversary activity of the infamous Conti ransomware group, which has long been […]
High-profile ransomware attacks illustrate a growing trend in the cyber threat arena in 2021-2022, with the majority of ransomware affiliates engaged in various ransomware-as-a-service (RaaS) programs. In May 2022, cybersecurity researchers noticed novel adversary campaigns deploying Cuba ransomware attributed to the malicious activity of a hacking group tracked as Tropical Scorpius. In these latest attacks, […]
With the outbreak of the global cyber war, the malicious activity of the Armageddon cyber-espionage group aka Gamaredon or UAC-0010 has been in the limelight in the cyber threat arena targeting Ukrainian state bodies. The hacking collective launched a series of phishing cyber-attacks, including campaigns in May spreading GammaLoad.PS1_v2 malware and in April 2022. On […]