Tag: Detection Content

Lazarus Targets Chemical Sector and IT Industry of South Korea: Sigma-Based Detection Content
Lazarus Targets Chemical Sector and IT Industry of South Korea: Sigma-Based Detection Content

A notorious APT group, Lazarus, sponsored by North Korea’s government, expands its attack surface, targeting entities in the chemical sector along with IT organizations, mostly in South Korea. Researchers believe that the latest campaign is a part of Lazarus’ Operation Dream Job plans, detected in August 2020. Lazarus Activity Detection SOC Prime released a batch […]

Read More
Cobalt Strike Beacon Malware Spread Via Targeted Phishing Emails Related to Azovstal: Cyber-Attack on Ukrainian Government Entities
Cobalt Strike Beacon Malware Spread Via Targeted Phishing Emails Related to Azovstal: Cyber-Attack on Ukrainian Government Entities

On April 18, 2022, CERT-UA issued an alert warning of ongoing cyber-attacks targeting Ukrainian state bodies. According to the research, government officials were exposed to targeted phishing attacks using emails related to Azovstal that contained malicious attachments spreading Cobalt Strike Beacon malware. The detected activity reflects the behavior patterns associated with the hacking collective tracked […]

Read More
Pipedream/INCONTROLLER Detection: New Attack Framework and Tools Target Industrial Control Systems
Pipedream/INCONTROLLER Detection: New Attack Framework and Tools Target Industrial Control Systems

The US governmental agencies – CISA, FBI, NSA, and the Energy Department – along with several corporate teams of cybersecurity researchers have sounded the alarm about nationwide threats to industrial control systems (ICS). According to the security investigators, APT actors leverage a destructive toolset to take over targeted machines upon establishing initial access to the […]

Read More
SOC Prime Threat Bounty — March 2022 Results
SOC Prime Threat Bounty — March 2022 Results

During the previous month, the attention and experience of the cybersecurity experts were especially required to help the industry withstand emerging devastating threats. Devoted members of the Threat Bounty community provided detections to protect against such threats as HermeticWiper, the FoxBlade malware, the attack of APT41 against the U.S. state government networks, exploitations of the […]

Read More
CVE-2022-29072 Detection: Flaw in 7-Zip Grants Hackers Excessive Permissions
CVE-2022-29072 Detection: Flaw in 7-Zip Grants Hackers Excessive Permissions

The 7-Zip file archiver versions of 21.07 have a serious security weak point. 7-Zip is one of the most in-demand tools to compress and package files with a wide array of supported formats including 7z, ZIP, GZIP, BZIP2, and TAR. The vulnerability tracked as CVE-2022-29072 grants adversaries elevated access and command execution when a file […]

Read More
Parrot Traffic Direction System (TDS) Attacks
Parrot Traffic Direction System (TDS) Attacks

A novel Traffic Direction System (TDS), dubbed Parrot TDS, takes advantage of a network of hacked servers that host websites to route victims that fit the required profile to domains used to run scamming schemes or distribute malware. According to the current data, the number of compromised websites has reached 16,500 and counting. Adversaries primarily […]

Read More
Tarrask Malware Detection: Defense Evasion Tool to Abuse Scheduled Tasks
Tarrask Malware Detection: Defense Evasion Tool to Abuse Scheduled Tasks

China-backed collective tagged Hafnium (sometimes referred to as APT) has been spotted launching attacks on devices running Windows. The tool they used to generate “hidden” scheduled tasks and establish persistence within Windows instances under attack is dubbed Tarrask malware. Experts report about Internet and data providers being attacked extensively, within the most active attack time […]

Read More
Detecting IcedID: The Latest Campaign Against Ukrainian Government Bodies
Detecting IcedID: The Latest Campaign Against Ukrainian Government Bodies

On April, 14, the Computer Emergency Response Team of Ukraine (CERT-UA) issued a new heads-up that warns of an ongoing cyber-attack leveraging the infamous IcedID malware designed to compromise Ukrainian state bodies. The detected malware also dubbed as BankBot or BokBot is a banking Trojan primarily designed to target financial data and steal banking credentials.  […]

Read More
Denonia Malware Detection: Go-Based Wrapper Compromises AWS Lambda to Deploy Monero Miner
Denonia Malware Detection: Go-Based Wrapper Compromises AWS Lambda to Deploy Monero Miner

Security researchers report alarming activity associated with a tailor-made malware dubbed Denonia to target Amazon Web Services (AWS) Lambda environments. The malware is written in the Go language. Once in the system, it is used to download, install, and execute the XMRig cryptomining files for Monero cryptocurrency mining. Detect Denonia Malware AWS Lambda malware, aka […]

Read More
Detect Industroyer2 and CaddyWiper Malware: Sandworm APT Hits Ukrainian Power Facilities
Detect Industroyer2 and CaddyWiper Malware: Sandworm APT Hits Ukrainian Power Facilities

CERT-UA in collaboration with Microsoft and ESET has recently reported about the large-scale cyber-attack on the Ukrainian energy providers, marking the second power outage attack in human history. This latest activity is attributed to the russia-affiliated Sandworm APT group also tracked as UAC-0082.   In this very attack, threat actors leveraged Industroyer2, the latest sample of […]

Read More