Tag: Detection Content

RansomHub Detection: The FBI, CISA, and Partners Warn Against a Growing RaaS Variant Targeting Critical Infrastructure Organizations
RansomHub Detection: The FBI, CISA, and Partners Warn Against a Growing RaaS Variant Targeting Critical Infrastructure Organizations

Hot on the heels of the joint cybersecurity advisory warning defenders of the Iran-backed Pioneer Kitten’s collaboration with multiple ransomware groups, another spike in ransomware activity is causing a stir in the cyber threat landscape. The FBI, CISA, and partners recently issued a joint alert covering the increased offensive activity of the RansomHub RaaS operators, […]

Read More
Pioneer Kitten Attack Detection: CISA, DC3, and FBI Warn of Iranian State-Sponsored Actors Collaborating With Ransomware Gangs to Target U.S. and Middle East
Pioneer Kitten Attack Detection: CISA, DC3, and FBI Warn of Iranian State-Sponsored Actors Collaborating With Ransomware Gangs to Target U.S. and Middle East

On August 28, 2024, a joint advisory was released by the FBI, the Department of Defense, and CISA, alerting cybersecurity professionals about a surge in operations by Iran-linked adversaries. These actors are increasingly collaborating with ransomware gangs to target education, finance, healthcare, state bodies, and defense industry sectors. Known as Pioneer Kitten, state-sponsored hacking collective […]

Read More
PEAKLIGHT Malware Detection: New Stealthy Downloader Leveraged in Attacks Against Windows Systems
PEAKLIGHT Malware Detection: New Stealthy Downloader Leveraged in Attacks Against Windows Systems

New day, new malware causing menace for cyber defenders. Hot on the heels of the novel MoonPeak Trojan, security experts have uncovered yet another malicious sample actively used in the ongoing attacks. Dubbed PEAKLIGHT, the novel memory-only threat applies a sophisticated, multi-stage attack chain to infect Windows instances with a variety of infostealers and loaders. […]

Read More
MoonPeak Trojan Detection: North Korean Hackers Deploy Novel RAT During Their Latest Malicious Campaign
MoonPeak Trojan Detection: North Korean Hackers Deploy Novel RAT During Their Latest Malicious Campaign

In the first half of 2024, North Korea-affiliated adversaries have significantly ramped up their activities, broadening both their malicious toolsets and range of targets. Security experts have observed a notable uptick in supply-chain attacks and trojanized software installers, underscoring a growing trend among North Korean state-sponsored groups. Recently, security professionals discovered a brand new malware […]

Read More
UAC-0020 (Vermin) Activity Detection: A New Phishing Attack Abusing the Topic of Prisoners of War at the Kursk Front and Using FIRMACHAGENT Malware
UAC-0020 (Vermin) Activity Detection: A New Phishing Attack Abusing the Topic of Prisoners of War at the Kursk Front and Using FIRMACHAGENT Malware

The Vermin hacking collective, also tracked as UAC-0020, resurfaces, targeting Ukraine using a novel offensive tool dubbed FIRMACHAGENT. In the latest attack, adversaries leverage the phishing attack vector to spread emails with the lure subject related to the prisoners of war at the Kursk front.  UAC-0020 aka Vermin Attack Analysis Using FIRMACHAGENT  On August 19, 2024, […]

Read More
CVE-2024-7593 Detection: A Critical Vulnerability in Ivanti Virtual Traffic Manager Enables Unauthorized Admin Access
CVE-2024-7593 Detection: A Critical Vulnerability in Ivanti Virtual Traffic Manager Enables Unauthorized Admin Access

A new critical vulnerability in Ivanti Virtual Traffic Manager (vTM) instances comes into the spotlight. Tracked as CVE-2024-7593, the critical authentication bypass vulnerability enables remote attackers to create rogue admin accounts. The public availability of the PoC exploit code increases the risk of CVE-2024-7593 exploitation in real-world attacks. Detect CVE-2024-7593 Exploitation Attempts In 2023, over […]

Read More
How SOC Prime Products Address 5 Cybersecurity Challenges
How SOC Prime Products Address 5 Cybersecurity Challenges

In today’s rapidly evolving cybersecurity landscape, organizations face numerous challenges in safeguarding their digital assets. SOC Prime offers a suite of solutions designed to address some of the most pressing cybersecurity problems. This blog explores how SOC Prime’s Threat Detection Marketplace (TDM), Uncoder AI, and Attack Detective can solve five common issues. Start Now Request […]

Read More
UAC-0198 Attack Detection: Adversaries Massively Distribute Phishing Emails Spreading ANONVNC (MESHAGENT) Malware to Target Ukrainian State Bodies
UAC-0198 Attack Detection: Adversaries Massively Distribute Phishing Emails Spreading ANONVNC (MESHAGENT) Malware to Target Ukrainian State Bodies

The increasing number of phishing attacks requires immediate attention from defenders, underscoring the need for increasing cybersecurity awareness and bolstering the organization’s cyber hygiene. Following the UAC-0102 attack targeting UKR.NET users, another hacking collective tracked as UAC-0198 leverages the phishing attack vector to target the Ukrainian state bodies and massively distribute ANONVNC (MESHAGENT) malware to […]

Read More
Actor240524 Attack Detection: Novel APT Group Targets Israeli and Azerbaijani Diplomats Using ABCloader and ABCsync Malware
Actor240524 Attack Detection: Novel APT Group Targets Israeli and Azerbaijani Diplomats Using ABCloader and ABCsync Malware

Defenders have discovered a novel APT group dubbed Actor240524, which applies an advanced adversary toolkit to evade detection and gain persistence. At the turn of July 2024, adversaries performed a spear-phishing campaign against diplomats from Azerbaijan and Israel. Attackers leveraged a malicious Word document featuring content in Azerbaijani and masquerading as official documentation designed to […]

Read More
BlackSuit (Royal) Ransomware Detection: The FBI and CISA Warn Defenders of Ransomware Rebranding with Enhanced Capabilities
BlackSuit (Royal) Ransomware Detection: The FBI and CISA Warn Defenders of Ransomware Rebranding with Enhanced Capabilities

The ever-growing volumes of ransomware attacks, the increased number of financially motivated hacking collectives, and soaring global ransomware damage costs are shaking up the modern cyber threat arena. The FBI and CISA have recently issued a novel alert notifying defenders of the emergence of the BlackSuit ransomware, the evolution of Royal ransomware enriched with enhanced […]

Read More