The infamous Lazarus APT strikes again, with security professionals being under attack during the most recent campaign. State-sponsored actor leverages a pirated version of the widely-used IDA Pro reverse engineering application to compromise researchers’ devices with backdoors and remote access Trojans (RATs). NukeSpeed RAT Delivered via Trojanized IDA Pro According to the research by ESET, […]
SOC Prime Threat Bounty Program provides enthusiastic cyber security defenders with the opportunity to share detections with the global community, and get publicly recognized and rewarded for their contributions. Threat Bounty participants are motivated to share detections that can address security needs of 20K+ users. Thus, content authors gain each time their detection is consumed […]
To enable organizations to address the risks posed by critical vulnerabilities outlined in Binding Operational Directive (BOD) 22-01, SOC Prime provides an extensive list of curated detections to identify possible exploit attempts in your infrastructure and isolate potentially affected assets while patching procedures are in progress. The increasing sophistication of malicious activities threatening the private […]
BlackMatter ransomware is on the rise, hitting high-profile targets across the US, Europe, and Asia. Being an off-spring of the infamous DarkSide hacking collective, BlackMatter adopted the most prolific tactics from its predecessor to crash into the big ransomware game during July 2021. The joint advisory by CISA, FBI, and NSA attributes multiple attacks against […]
Infamous Nobelium APT group strikes again! This time covert Russia-backed threat actor goes after technology service providers at a global scale to spy on their downstream customers. Hackers have targeted at least 140 IT service orgs since May 2021, with 14 of them being successfully compromised. NOBELIUM APT Group NOBELIUM APT group (APT29, CozyBear, and […]
Security experts from Kaspersky uncovered a sophisticated cyber-espionage campaign that leverages a zero-day bug in Windows (CVE-2021-40449) to attack IT firms, military contractors, and diplomatic institutions. The campaign was attributed to a China-backed APT group tracked as IronHusky. The hacker collective exploited a recently-discovered CVE-2021-40449 to infect systems with a previously unknown remote access Trojan […]
Ransomware actors attempt to stay at the forefront of the malicious trends in their strive for bigger profits. Recently, security researchers spotted a new threat actor leveraging a critical vulnerability in Atlassian Confluence (CVE-2021-26084) to proceed with ransomware infections. Dubbed Atom Silo, the gang relies on CVE-2021-26084 alongside several novel evasion techniques to fly under […]
In April 2019, SOC Prime announced a crowdsourcing initiative to unite the cyber security community to withstand emerging threats. Since the launch of the Threat Bounty Program, SOC Prime welcomed 300+ participants who published 2300+ Sigma rules, 100+ YARA rules, 25+ Snort Rules to Threat Detection Marketplace repository of the SOC Prime Platform. More than […]
On October 4, 2021, Facebook – and all the major services Facebook owns – went down for approximately six hours. The social media “blackout” started at 11:40 Eastern Time (ET) right after Facebook Domain Name System (DNS) records had become unavailable. The incident analysis from Cloudflare details that DNS names for Facebook just stopped resolving, […]
Microsoft has recently uncovered yet another piece of malware leveraged by the infamous NOBELIUM APT group since spring 2021. The new threat, dubbed FoggyWeb, acts as a post-exploitation backdoor able to exfiltrate information from Active Directory Federation Services (AD FS) servers. Malware has been used in targeted attacks against multiple organizations globally while staying unnoticed […]