Hot on the heels of the massive phishing attacks launched by UAC-0006 at the beginning of May 2023, CERT-UA warns cyber defenders of a new wave of cyber attacks resulting in SmokeLoader infections. The latest investigation indicates that adversaries increasingly spread phishing emails with financial subject lures and use ZIP/RAR attachments to drop malicious samples […]
A new DDoS botnet dubbed AndoryuBot poses a threat to Ruckus Wireless Admin panels by exploiting a newly patched critical severity flaw tracked as CVE-2023-25717 with the CVSS base score reaching 9.8. The vulnerability exploitation can potentially lead to remote code execution (RCE) and a full compromise of wireless Access Point (AP) equipment. Detecting CVE-2023-25717 […]
On May 9, 2023, the U.S. Department of Justice revealed the details of a joint operation dubbed MEDUSA that resulted in the disruption of the Snake cyber-espionage implant infrastructure actively leveraged to target 50+ countries in North America, Europe, and Africa.Ā First emerging in 2003, the malicious tool has been used by the Turla group, […]
The financially-motivated hacking collective tracked as UAC-0006 comes back to the cyber threat arena exploiting the phishing attack vector and distributing the SmokeLoader malware. According to the latest CERT-UA cybersecurity alert, threat actors massively distribute phishing emails exploiting the compromised accounts with the financially related email subject and using a malicious ZIP attachment to deploy […]
Adversaries are constantly looking for novel ways to overcome security protections. After Microsoft started blocking macros for Office documents by default last year, cybercriminals adapted their deployment methods to slip through the defense. APT37 follows this major trend, using Windows shortcut (LNK) files to proceed with the ROKRAT (aka DOGCALL) campaigns successfully.Ā Detect ROKRAT Malware […]
Cybersecurity researchers have uncovered a new malware family called Domino attributed to the adversary activity of the financially motivated russia-backed FIN7 APT group. Cyber defenders also link the use of Domino with another former hacking group known as Trickbot aka Conti, which has been applied in the malicious campaign by the latter threat actors since […]
With the tax season in full swing, threat actors are setting eyes on financial organizations. According to the latest cybersecurity reports, U.S. accounting firms and other financial institutions have fallen prey to a series of adversary campaigns spreading GuLoader malware since March 2022. Threat actors spread the GuLoader malicious samples by leveraging a phishing attack […]
With a 250% surge of cyber attacks against Ukraine in 2022 and over 2,000 of them launched by russia-affiliated threat actors since the outbreak of the full-fledged war, cyber defenders are looking for ways to help Ukraine and its allies boost their cyber resilience. On April 3, 2023, CERT-UA issued a new alert covering the […]
Cybersecurity experts have uncovered an ongoing adversary campaign exploiting 3CXDesktopApp, a software application for business communication used by 12 million customers worldwide. According to the reports, threat actors gain initial access to the compromised environment, deploy payloads, and then attempt to drop info-stealing malware capable of hijacking login credentials at the final attack stage. Detecting […]
Heads up! A novel infostealer is making a splash in the cyber threat arena targeting macOS users. Cybersecurity researchers have observed a novel MacStealer macOS malware that steals user credentials and other sensitive data stored in the iCloud KeyChain, web browsers, and crypto wallets.Ā Detecting MacStealer MacOS Malware Being yet another infostealing malware surfacing in […]