The nefarious cyber-espionage hacking collective tracked as Forest Blizzard (aka Fancy Bear, STRONTIUM, or APT28) has been experimenting with a novel custom tool dubbed GooseEgg malware to weaponize the critical CVE-2022-38028 vulnerability in Windows Print Spooler. Adversaries are launching multiple intelligence-gathering attacks targeting organizations across the globe in diverse industry sectors. Successful privilege escalation and […]
The UAC-0149 threat actor repeatedly targets Ukrainian governments and military organizations using COOKBOX malware. The latest research by CERT-UA details the new attack leveraging phishing Signal messages and CVE-2023-38831 exploits to deploy COOKBOX on the targeted instances. UAC-0149 Attack Details UAC-0149 hacking collective has been performing malicious operations against Ukraine since at least autumn 2023. […]
Cybersecurity researchers have unveiled a novel sophisticated multi-stage attack, in which adversaries take advantage of the ScrubCrypt anti-malware evasion tool to drop VenomRAT along with multiple harmful plugins, including nefarious Remcos, XWorm, NanoCore RAT, and other malicious strains. Detect VenomRAT Deployed via ScrubCryptĀ With cyber-attacks proliferating and employing increasingly sophisticated intrusion methods, cyber defenders require […]
Cybersecurity experts remain vigilant amidst an ongoing supply chain attack that has cast a shadow over the most widely-used Linux distributions. With its scale and sophistication reminiscent of infamous incidents like Log4j and SolarWinds, this new threat emanates from a backdoored XZ Utils (formerly LZMA Utils)āan essential data compression utility found in virtually all major […]
Hackers employ diverse TTPs in a multi-stage software supply-chain campaign going after GitHub users, including members of the widely recognized Top.gg community, with over 170,000+ users falling prey to the offensive operations. Adversaries took advantage of a fake Python infrastructure, causing the full compromise of GitHub accounts, the publication of harmful Python packs, and the […]
Hard on the heels of the DEEP#GOSU offensive campaign associated with the North Korean hacking collective Kimsuky APT, the group comes to the spotlight once again by shifting their adversary TTPs. Defenders have recently observed Kimsukyās use of Microsoft Compiled HTML Help (CHM) files to spread malware and collect sensitive data from impacted instances. Detect […]
The nefarious cyber-espionage North Korean Kimsuky APT group has been in the limelight in the cyber threatscape since at least 2012. A new multi-stage Kimsuky-affiliated offensive campaign tracked as DEEP#GOSU hits the headlines, posing threats to Windows users and leveraging PowerShell and VBScript malware to infect targeted systems. Detect DEEP#GOSU Attack Campaign Last year has […]
A new malware iteration dubbed TODDLERSHARK comes into the spotlight in the cyber threat arena, which bears a striking similarity with BABYSHARK or ReconShark malicious strains leveraged by the North Korean APT group known as Kimsuky APT. The infection chain is triggered by weaponizing a couple of critical ConnectWise ScreenConnect vulnerabilities tracked as CVE-2024-1708 and […]
Two days before the 2nd anniversary of russiaās full-scale invasion, CERT-UA researchers uncovered an ongoing phishing attack against the Armed Forces of Ukraine. The adversary campaign linked to the UAC-0149 group has leveraged COOKBOX malware to infect targeted systems. UAC-0149 Attack Analysis Using COOKBOX Malware CERT-UA in coordination with the Cybersecurity Center of the Information […]
The nefarious China-backed Earth Preta APT also known as Mustang Panda has been targeting Asian countries in the long-lasting adversary campaign, which applied an advanced iteration of PlugX malware dubbed DOPLUGS.Ā Detecting Earth Preta Attacks Using DOPLUGS Malware The year 2023 has been marked by the escalating activity of APT collectives reflecting the influence of […]