Tag: Detection Content

Repellent Scorpius: Novel RaaS Group Actively Distributes Cicada3301 Ransomware Variant
Repellent Scorpius: Novel RaaS Group Actively Distributes Cicada3301 Ransomware Variant

Ransomware continues to be a leading global threat to organizations, with attacks becoming more frequent and increasingly sophisticated. Recently, a new Ransomware-as-a-Service (RaaS) group, Repellent Scorpius, has emerged, intensifying the challenge for cyber defenders. This novel actor drives the distribution of the Cicada3301 ransomware, employing a double-extortion tactic to maximize profits while expanding their affiliate […]

Read More
Unit 29155 Attacks Detection: russia-Affiliated Military Intelligence Division Targets Critical Infrastructure Globally
Unit 29155 Attacks Detection: russia-Affiliated Military Intelligence Division Targets Critical Infrastructure Globally

Notorious russia-affiliated hacking groups are posing daunting challenges to defensive forces, continuously upgrading their adversary TTPs and enhancing detection evasion techniques. Following the full-fledged war outbreak in Ukraine, russia-backed APT collectives are especially active while using the conflict as a testing ground for new malicious approaches. Further, proven methods are leveraged against major targets of […]

Read More
Detect WikiLoader Attacks: Adversaries Leverage Fake GlobalProtect VPN Software to Deliver a New Malware Variant via SEO Poisoning
Detect WikiLoader Attacks: Adversaries Leverage Fake GlobalProtect VPN Software to Deliver a New Malware Variant via SEO Poisoning

The latest stats highlight that in 2023, adversaries deployed an average of 200,454 unique malware scripts per day, equating to roughly 1.5 new samples per minute. To proceed with successful malware attacks, threat actors are juggling with different malicious methods in an attempt to overcome security protections. The latest malicious campaign in the spotlight spoofs […]

Read More
RansomHub Detection: The FBI, CISA, and Partners Warn Against a Growing RaaS Variant Targeting Critical Infrastructure Organizations
RansomHub Detection: The FBI, CISA, and Partners Warn Against a Growing RaaS Variant Targeting Critical Infrastructure Organizations

Hot on the heels of the joint cybersecurity advisory warning defenders of the Iran-backed Pioneer Kitten’s collaboration with multiple ransomware groups, another spike in ransomware activity is causing a stir in the cyber threat landscape. The FBI, CISA, and partners recently issued a joint alert covering the increased offensive activity of the RansomHub RaaS operators, […]

Read More
Pioneer Kitten Attack Detection: CISA, DC3, and FBI Warn of Iranian State-Sponsored Actors Collaborating With Ransomware Gangs to Target U.S. and Middle East
Pioneer Kitten Attack Detection: CISA, DC3, and FBI Warn of Iranian State-Sponsored Actors Collaborating With Ransomware Gangs to Target U.S. and Middle East

On August 28, 2024, a joint advisory was released by the FBI, the Department of Defense, and CISA, alerting cybersecurity professionals about a surge in operations by Iran-linked adversaries. These actors are increasingly collaborating with ransomware gangs to target education, finance, healthcare, state bodies, and defense industry sectors. Known as Pioneer Kitten, state-sponsored hacking collective […]

Read More
PEAKLIGHT Malware Detection: New Stealthy Downloader Leveraged in Attacks Against Windows Systems
PEAKLIGHT Malware Detection: New Stealthy Downloader Leveraged in Attacks Against Windows Systems

New day, new malware causing menace for cyber defenders. Hot on the heels of the novel MoonPeak Trojan, security experts have uncovered yet another malicious sample actively used in the ongoing attacks. Dubbed PEAKLIGHT, the novel memory-only threat applies a sophisticated, multi-stage attack chain to infect Windows instances with a variety of infostealers and loaders. […]

Read More
MoonPeak Trojan Detection: North Korean Hackers Deploy Novel RAT During Their Latest Malicious Campaign
MoonPeak Trojan Detection: North Korean Hackers Deploy Novel RAT During Their Latest Malicious Campaign

In the first half of 2024, North Korea-affiliated adversaries have significantly ramped up their activities, broadening both their malicious toolsets and range of targets. Security experts have observed a notable uptick in supply-chain attacks and trojanized software installers, underscoring a growing trend among North Korean state-sponsored groups. Recently, security professionals discovered a brand new malware […]

Read More
UAC-0020 (Vermin) Activity Detection: A New Phishing Attack Abusing the Topic of Prisoners of War at the Kursk Front and Using FIRMACHAGENT Malware
UAC-0020 (Vermin) Activity Detection: A New Phishing Attack Abusing the Topic of Prisoners of War at the Kursk Front and Using FIRMACHAGENT Malware

The Vermin hacking collective, also tracked as UAC-0020, resurfaces, targeting Ukraine using a novel offensive tool dubbed FIRMACHAGENT. In the latest attack, adversaries leverage the phishing attack vector to spread emails with the lure subject related to the prisoners of war at the Kursk front.  UAC-0020 aka Vermin Attack Analysis Using FIRMACHAGENT  On August 19, 2024, […]

Read More
CVE-2024-7593 Detection: A Critical Vulnerability in Ivanti Virtual Traffic Manager Enables Unauthorized Admin Access
CVE-2024-7593 Detection: A Critical Vulnerability in Ivanti Virtual Traffic Manager Enables Unauthorized Admin Access

A new critical vulnerability in Ivanti Virtual Traffic Manager (vTM) instances comes into the spotlight. Tracked as CVE-2024-7593, the critical authentication bypass vulnerability enables remote attackers to create rogue admin accounts. The public availability of the PoC exploit code increases the risk of CVE-2024-7593 exploitation in real-world attacks. Detect CVE-2024-7593 Exploitation Attempts In 2023, over […]

Read More
How SOC Prime Products Address 5 Cybersecurity Challenges
How SOC Prime Products Address 5 Cybersecurity Challenges

In today’s rapidly evolving cybersecurity landscape, organizations face numerous challenges in safeguarding their digital assets. SOC Prime offers a suite of solutions designed to address some of the most pressing cybersecurity problems. This blog explores how SOC Prime’s Threat Detection Marketplace (TDM), Uncoder AI, and Attack Detective can solve five common issues. Start Now Request […]

Read More