Tag: Detection Content

UAC-0057 Attack Detection: A Surge in Adversary Activity Distributing PICASSOLOADER and Cobalt Strike Beacon
UAC-0057 Attack Detection: A Surge in Adversary Activity Distributing PICASSOLOADER and Cobalt Strike Beacon

Defenders have observed a sudden surge in the adversary activity of the UAC-0057 hacking group targeting Ukrainian local government agencies. Attackers distribute malicious files containing macros aimed at launching PICASSOLOADER on the targeted computers, which leads to the delivery of Cobalt Strike Beacon.  Detect UAC-0057 Activity Covered in the CERT-UA#10340 Alert Since the full-scale war […]

Read More
UAC-0063 Attack Detection: Hackers Target Ukrainian Research Institutions Using HATVIBE, CHERRYSPY, and CVE-2024-23692 
UAC-0063 Attack Detection: Hackers Target Ukrainian Research Institutions Using HATVIBE, CHERRYSPY, and CVE-2024-23692 

Since the outbreak of the full-scale war in Ukraine, cyber defenders have identified the growing volumes of cyber-espionage campaigns aimed at collecting intelligence from the Ukrainian state bodies. Further, the same tactics, techniques, and procedures are applied to target broader geography, including North America, Europe, and Asia. Precisely, in May 2023, the UAC-0063 group launched […]

Read More
UAC-0180 Targets Defense Contractors in Ukraine Using GLUEEGG, DROPCLUE, and ATERA
UAC-0180 Targets Defense Contractors in Ukraine Using GLUEEGG, DROPCLUE, and ATERA

According to Accenture research, around 97% organizations experienced a surge in cyber threats since the onset of the russia-Ukraine war in 2022, highlighting the significant impact of geopolitical tensions on global businesses. State-sponsored hacking groups have been using Ukraine as a testing ground, broadening their attack strategies to target European and North American regions. For […]

Read More
SOC Prime Threat Bounty Digest — June 2024 Results
SOC Prime Threat Bounty Digest — June 2024 Results

Detection Content Submission & Release In June, SOC Prime’s Threat Bounty Program members started using Uncoder AI to create, validate, and submit rules for review before the release on the SOC Prime Platform. We are happy to provide authors with the tool that assists them in creating high-quality detection rules for Threat Bounty and supports […]

Read More
Detect CVE-2024-38112 Exploitation by Void Banshee APT in Zero-Day Attacks Targeting Windows Users
Detect CVE-2024-38112 Exploitation by Void Banshee APT in Zero-Day Attacks Targeting Windows Users

Following Microsoft’s recent Patch Tuesday update, which addressed the CVE-2024-38112 vulnerability, researchers uncovered a sophisticated campaign by the Void Banshee APT. This campaign exploits a security gap in the Microsoft MHTML browser engine through zero-day attacks to deploy the Atlantida stealer on victims’ devices. Detecting CVE-2024-38113 Exploitation by Void Banshee In the first half of […]

Read More
DarkGate Malware Detection: Adversaries Exploit Microsoft Excel Files to Spread a Harmful Software Package
DarkGate Malware Detection: Adversaries Exploit Microsoft Excel Files to Spread a Harmful Software Package

Defenders have been observing a DarkGate malware campaign in which adversaries have taken advantage of Microsoft Excel files to spread malicious samples from publicly accessible SMB file shares. DarkGate represents a highly adaptable malicious strain, potentially stepping into the gap left by the dismantling of the notorious QakBot in late summer 2023. Detect DarkGate Malware  […]

Read More
Threat Bounty Success Story: Kyaw Pyiyt Htet
Threat Bounty Success Story: Kyaw Pyiyt Htet

Today, we want to tell you the story of Kyaw Pyiyt Htet, the content author who has been with the Threat Bounty Program for almost four years. We introduced Kyaw Pyiyt Htet on our blog and mentioned some information about his personal and professional background.  It is exciting to hear from Kyaw Pyiyt Htet now […]

Read More
Kimsuky APT Campaign Detection Targeting Japanese Organizations 
Kimsuky APT Campaign Detection Targeting Japanese Organizations 

Since early spring 2024, the notorious North Korea-linked hacking collective tracked as Kimsuky APT has been launching a targeted campaign against South Korean academic institutions. Defenders have also unveiled the group’s offensive operations, which actively target Japanese organizations. The ongoing adversary campaign relies on a phishing attack vector, with hackers leveraging targeted emails that disguise […]

Read More
APT40 Attacks Detection: People’s Republic of China State-Sponsored Hackers Rapidly Exploit Newly Revealed Vulnerabilities for Cyber-Espionage
APT40 Attacks Detection: People’s Republic of China State-Sponsored Hackers Rapidly Exploit Newly Revealed Vulnerabilities for Cyber-Espionage

The latest advisory issued by law enforcement agencies within Australia, the U.S., Canada, Germany, the U.K., New Zealand, South Korea, and Japan, warns of the growing threat posed by APT40 operated on behalf of Beijing’s Ministry of State Security (MSS). Specifically, the advisory details the activities of the People’s Republic of China state-sponsored group able […]

Read More
Volcano Demon Ransomware Attack Detection: Adversaries Apply a New LukaLocker Malware Demanding Ransom via Phone Calls
Volcano Demon Ransomware Attack Detection: Adversaries Apply a New LukaLocker Malware Demanding Ransom via Phone Calls

New ransomware maintainers have rapidly emerged in the cyber threat arena, employing innovative locker malware and a variety of detection evasion tactics. The ransomware gang dubbed “Volcano Demon” leverages novel LukaLocker malware and demands ransom payment via phone calls to IT executives and decision-makers. Detect Volcano Demon Ransomware Attacks Ransomware remains one of the top […]

Read More