Detection Content Creation, Submission & Release Members of the Threat Bounty community continue to explore and leverage the potential of Uncoder AI to develop their practical detection engineering skills and monetize their own detection rules with the SOC Prime Platform. In July, 37 new detections by Threat Bounty Program members were successfully released on the […]
Following in-the-wild attacks exploiting CVE-2024-37085 by diverse ransomware gangs, defenders encounter a new variant of the nefarious Proton ransomware family dubbed Zola. Zola strain displays sophisticated capabilities as a result of the ransomware family’s multiple iterations and upgrades, incorporating privilege escalation, disk overwriting functionality, and a kill switch that terminates processes if a Persian keyboard […]
The nefarious russian state-sponsored APT28 hacking collective, also known as Fighting Ursa, is coming into the spotlight. Since early spring 2024, adversaries have been targeting diplomats in a long-term offensive campaign, leveraging a car for sale as a phishing lure to distribute HeadLace malware. Detect Fighting Ursa aka APT28 Attacks Spreading HeadLace Malware The continuously […]
A couple of weeks after the disclosure of CVE-2024-38112, a critical vulnerability exploited by the Void Banshee group to deploy the Atlantida stealer, another security flaw came into the spotlight. Multiple ransomware groups have weaponized a recently patched vulnerability in VMware ESXi hypervisors tracked as CVE-2024-37085 to gain elevated privileges and distribute file-encrypting malicious samples. […]
The FBI, CISA, and leading cybersecurity authorities have issued a warning over growing North Korean cyber-espionage operations linked to the nation-backed hacking group tracked as Andariel. The group’s cyber-espionage activity involves the collection of critical data and intellectual property, thereby advancing the regime’s military and nuclear objectives and aspirations. Detecting Andariel Attacks Described in CISA […]
Cybersecurity researchers have recently observed a new cyber attack on a Latin American airline leveraging Akira ransomware. The attackers took advantage of SSH protocol for initial access and maintained reconnaissance and persistence by utilizing legitimate tools and Living off-the-Land Binaries and Scripts (LOLBAS). Notably, before deploying ransomware, hackers managed to successfully exfiltrate critical data. Detecting […]
Leveraging public email services along with corporate email accounts is a common practice among government employees, military personnel, and the staff of other Ukrainian enterprises and organizations. However, adversaries might abuse these services to launch phishing attacks. Defenders have recently uncovered a new offensive activity aimed at stealing user authentication data by luring victims into […]
Defenders have observed a sudden surge in the adversary activity of the UAC-0057 hacking group targeting Ukrainian local government agencies. Attackers distribute malicious files containing macros aimed at launching PICASSOLOADER on the targeted computers, which leads to the delivery of Cobalt Strike Beacon. Detect UAC-0057 Activity Covered in the CERT-UA#10340 Alert Since the full-scale war […]
Since the outbreak of the full-scale war in Ukraine, cyber defenders have identified the growing volumes of cyber-espionage campaigns aimed at collecting intelligence from the Ukrainian state bodies. Further, the same tactics, techniques, and procedures are applied to target broader geography, including North America, Europe, and Asia. Precisely, in May 2023, the UAC-0063 group launched […]
According to Accenture research, around 97% organizations experienced a surge in cyber threats since the onset of the russia-Ukraine war in 2022, highlighting the significant impact of geopolitical tensions on global businesses. State-sponsored hacking groups have been using Ukraine as a testing ground, broadening their attack strategies to target European and North American regions. For […]