Tag: Developer Program

Detect DarkSide Ransomware with SOC Prime

DarkSide ransomware, a relatively novel player in the cyber threat arena, continues to gather news headlines for successful attacks against world-leading vendors. The list of the recent intrusions includes the chemical distribution company Brenntag, which paid adversaries $4.4 million ransom, and Colonial Pipeline, a company providing fuel supply for the US East Coast. DarkSide Ransomware […]

Read More
SystemBC Malware Increasingly Used as Ransomware Backdoor

A new version of SystemBC malware is increasingly leveraged by ransomware maintainers to pave their way into the targeted environments. Security experts indicate that top ransomware-as-a-service (RaaS) collectives, including DarkSide, Ryuk, and Cuba, leverage SystemBC as a persistent backdoor able to maintain access to the attacked instances and perform a variety of notorious activities. What […]

Read More
Operation TunnelSnake: Moriya Rootkit Detection

Security researchers from Kaspersky Lab have uncovered a previously unknown Windows rootkit stealthily leveraged by a China-affiliated APT actor for years to install backdoors on the infected instances. Dubbed Moriya, the rootkit provides attackers with the ability to capture network traffic and covertly execute commands on the compromised devices while flying under the radar of […]

Read More
Pulse Connect Secure Vulnerabilities Are Exploited in Ongoing Attacks Against High-Profile Targets

On April 20, 2021, US-CERT issued an alert warning about an ongoing malicious campaign abusing vulnerable Pulse Connect Secure products to attack organizations across the US. The campaign broke forth in June 2020 and involved multiple security incidents affecting government agencies, critical infrastructure assets, and private sector organizations. Threat actors rely on a set of […]

Read More
IcedID Leverages Innovative Delivery Methods, Significantly Increases Infection Rates

Check Point Research’s Global Threat Index for March 2021 reveals that IcedID banking Trojan operators are entering the big game. Last month IcedID was included in the Index for the first time, at once taking second place right after the infamous Dridex. A surge in infections and notoriety is explained by the innovative delivery methods […]

Read More
New FormBook Variant Targets Users in the Wild

Security researchers from FortiGuard Labs have uncovered a new FormBook variant being delivered in a massive phishing campaign. Particularly, adversaries target users with malware-laced Microsoft PowerPoint documents disguised as a follow-up to the recent purchase order. Those who fell for the bait of scammers got their devices infected with a notorious data-stealing malware.  New FormBook […]

Read More
FoundCore: Evasive Malware Used by Chinese Hackers for Cyber Espionage

Security experts from Kaspersky Lab have uncovered a long-lasting cyber espionage operation launched by a Chinese nation-backed actor to target government and military institutions across Vietnam. The hacker group, known as Cycldek, APT27, GoblinPanda, and LuckyMouse, relied on a brand-new and highly evasive remote access Trojan to reach its malicious goal. The RAT, called FoundCore, […]

Read More
Vyveva: New Custom Malware in Lazarus Toolkit

Experts from ESET have uncovered a new malicious sample leveraged by Lazarus APT to target an unnamed South African freight company. The malware, dubbed Vyveva, obtains impressive backdoor capabilities, which are used by the nation-backed actor for reconnaissance and cyber-espionage. Vyveva Backdoor Overview Vyveva is a custom threat applied by the North Korean state-sponsored group […]

Read More
Critical SAP Vulnerabilities Are Under Active Exploitation In Ongoing Attacks Worldwide

On April 6, 2021, US-CERT issued an urgent alert warning about an ongoing malicious campaign that leverages old vulnerabilities in mission-critical SAP applications to target organizations worldwide. According to security experts, threat actors apply a variety of techniques, tactics, and procedures to target insecure instances. The successful attack might result in full system compromise, sensitive […]

Read More
Purple Fox Rootkit Now Obtains Worm-Spreading Capabilities

Security analysts from Guardicore Labs have recently detected a new variant of the notorious Purple Fox rootkit, which now propagates as a worm across Windows machines. This latest malware upgrade results in a significant spike of Purple Fox infections, showing a 600% increase since spring 2020. This ongoing campaign relies heavily on port scanning and […]

Read More