This article covers the original research carried out by CERT-UA: https://cert.gov.ua/article/37704 On March 11, 2022, Ukraine’s Computer Emergency Response Team (CERT-UA) reported about the mass distribution of fake emails targeting the Ukrainian state bodies. According to the CERT-UA research, the detected malicious activity can be attributed to the UAC-0056 hacking collective also tracked as SaintBear, […]
This article highlights the original research conducted by CERT-UA: https://cert.gov.ua/article/37688Ā On March 9, 2022, the Computer Emergency Response Team of Ukraine (CERT-UA) reported that Ukrainian government bodies were hit by a cyber-attack using the FormBook/XLoader malware. The malware was delivered if the user opened a malicious email attachment. FormBook and its more recent successor XLoader […]
This article highlights the original research conducted by CERT-UA: https://cert.gov.ua/article/37829. On March 18, 2022, the Computer Emergency Response Team for Ukraine (CERT-UA) reported about the malicious activity associated with InvisiMole (UAC-0035) hacking collective that launched a targeted spear-phishing campaign against Ukrainian organizations to deliver a LoadEdge backdoor. InvisiMole is a sophisticated cyberespionage group that is […]
This article covers the original investigation by CERT-UA: https://cert.gov.ua/article/37815.Ā On March 17, 2022, the government emergency response team of Ukraine CERT-UA revealed that the Ukrainian government infrastructure was hit by a massive spear-phishing campaign aimed at SPECTR malware delivery. The campaign was launched by Vermin (UAC-0020) hacking collective associated with the so-called Luhansk Peopleās Republic […]
Hunt at No Cost Through May 25, 2022 Furthering its mission to transform threat detection, SOC Prime has boosted threat hunting velocity by continuing to evolve its Detection as Code platform. Uncoder CTI powered by SOC Primeās platform allows security researchers to automatically convert IOCs of multiple types into custom queries enabling instant IOC searching […]
Gh0stCringe Malware: Variant of Notorious Gh0st RAT The Gh0stCringe, or CirenegRAT malware, based on the code of Gh0st RAT, is back, jeopardizing poorly protected Microsoft SQL and MySQL database servers. This remote access trojan (RAT) was first spotted in December 2018, and resurfaced in 2020 in China-linked cyber espionage attacks against governmental and corporate networks […]
NIGHT SPIDERās Zloader trojan has been quietly operating for the last few months at a global scale, conducting an intrusion campaign on a number of enterprises in various industries. The primary way to install malware was hidden within the legitimate software. For leveraging initial access, attackers used bundled .msi installers. The payloads were aimed at […]
Cyberspace is yet another frontier in the Russia-Ukraine war. Russia-backed large-scale Ńyber-attacks accompany military aggression against Ukraine, aiming to bring key elements of Ukrainian infrastructure offline. The newly spotted CaddyWiper malware adds to a strain of previously revealed cyber threats ā HermeticWiper, WhisperGate, and IsaacWiper. The novel data wiping malware does not bear a resemblance […]
The notorious Emotet is back, having its Epoch 5 resurgence after all the command and control (C&C) servers of the botnet were disrupted in a joint international law enforcement Operation Ladybird in early 2021. As per researchers, it was only a matter of time for Emotetās C&C infrastructure to restore and begin a full-fledged cyber-attack […]
On February 24, 2022, Russia ignored international law and long-standing diplomatic agreements to launch a full-scale invasion of Ukraine by land, sea, and air. Disinformation campaigns continue to try and hide the facts that the Russian aggression has abandoned the basic principles of humanity, killing civilians, destroying cities, and creating a massive humanitarian crisis as […]