On February 15, 2022, Proofpoint researchers warned about the TA2541 hacker group. A criminal cluster dubbed TA2541 has been active since 2017 (yet, managing to stay rather low-key) and is reported to consistently spread remote access trojans (RATs), enabling adversaries to obtain sensitive data from the breached networks and devices, or even get control of […]
Adversaries always look for new tricks to maximize the success of their malicious operations. This time cyber crooks are taking advantage of the recent announcement of Windows 11’s broad deployment phase to target users with malware-laced upgrade installers. In case downloaded and executed, unsuspecting victims got their systems infected with RedLine information stealer. What Is […]
You can’t teach an old dog new tricks. Yet, cybercriminals ignore common stereotypes, updating QBot with new nefarious tricks to attack victims globally. This malware “veteran” emerged back in 2007, yet security researchers observe QBot being constantly updated to ride the wave of malicious trends. For instance, security researchers observe QBot maintainers increasingly abusing the […]
LockBit operators are accelerating rapidly. The gang has been on cybersecurity professionals’ radar since 2019, revamping with the launch of a LockBit ransomware version 2.0 in June 2021. On February 07, 2022, The Federal Bureau of Investigations (FBI) released IOCs, warning about LockBit 2.0 ransomware attacks. The current data suggest that the novel campaign is […]
One month into 2022, there is no foreseeable slump in attacks; on the contrary, the cybersecurity field is bustling. The landscape is familiar: lurking hackers and security practitioners working doggedly to ensure no rest for the former. Late January, a new attack campaign, launched by a North Korea-linked APT, was discovered by the Malwarebytes Threat […]
Adversaries are searching for new means of turning up the heat, this time bringing new, Rust-written ransomware to attack organizations in the U.S., Europe, Australia, India, and the Philippines. ALPHV BlackCat ransomware developers target Windows and Linux OSs through 3rd party framework/toolset (e.g., Cobalt Strike) or by exploiting vulnerable applications. The BlackCat gang is now […]
What goes on in the dark must come out in the light. Security experts have revealed an especially dangerous 12-year-old bug affecting nearly all Linux hosts. The flaw enables full root access on literally any Linux machine for a local, unprivileged threat actor if successfully exploited. CVE-2021-4034 (PwnKit) Description While the cyber domain is still […]
Catch the latest newscast about SOC Prime’s community! Today we want to introduce Nattatorn Chuensangarun, a prolific detection content author contributing to our Threat Bounty Program since August 2021. Nattatorn is an active content developer, concentrating his efforts on Sigma rules. You can refer to Nattatorn’s detections of the highest quality and value in the […]
A newly minted UEFI firmware malicious implant dubbed “MoonBounce” is ravaging in the wild. The threat is believed to be the handiwork of a Chinese-speaking APT41 hacking gang, aka Double Dragon or Winnti. This UEFI rootkit is set out to cause a stir, having already obtained the title of the most stealthy of all the […]
Another day, another critical vulnerability posing a major headache for security practitioners. This time researchers have identified a wormable remote code execution (RCE) flaw that impacts the latest desktop and server Windows versions. The vendor urges everyone to upgrade their systems ASAP since the flaw could be easily leveraged by adversaries to execute arbitrary code […]