ShadowPad backdoor is popular among multiple state-backed APTs, including China-linked hacking groups, widely used in their cyber espionage campaigns. A nefarious cyber espionage group known as Redfly has taken advantage of ShadowPad’s offensive capabilities targeting Asia’s state electricity grid organization for half a year. Shadowpad Trojan Detection The growing threat of nation-state APT attacks poses […]
The financial sector, the keystone of the global economy, has become increasingly digitized in recent years. While this transformation brings efficiency and convenience, it also exposes financial institutions to many cybersecurity challenges. Threat actors, ranging from sophisticated hacker groups to opportunistic individuals, are constantly targeting the financial sector, seeking to exploit vulnerabilities for financial gain. […]
At the turn of fall 2023, the russia-backed APT28 hacking group reemerges in the cyber threat arena, targeting the critical infrastructure of Ukrainian organizations in the power industry sector. CERT-UA has recently released a security notice covering a phishing attack from a fake sender email address containing a link to a malicious archive. Following this […]
The UAC-0057 hacking collective, aka GhostWriter, reemerges in the cyber threat arena by abusing a WinRAR zero-day tracked as CVE-2023-38831 that has been exploited in the wild since April through August 2023. The successful exploitation of CVE-2023-38831 enables attackers to infect the targeted systems with a PicassoLoader variant and Cobalt Strike Beacon malware. Notably, both […]
Cybersecurity experts observe significantly growing volumes of malicious activity aimed at targeting Ukrainian public and private sectors, with offensive forces frequently relying on the phishing attack vector to proceed with the intrusion. CERT-UA notifies cyber defenders of the ongoing malicious campaign against judicial bodies and notaries in Ukraine, massively distributing emails with the lure subjects […]
In February 2023, SOC Prime launched its Discord server community connecting aspiring cybersecurity enthusiasts and seasoned experts in a single place. The community serves as the world’s largest open-source hub for Threat Hunters, CTI and SOC Analysts, and Detection Engineers — anyone having a genuine passion for cybersecurity. Currently, our Discord server hosts over 1,500 […]
Cybersecurity researchers have observed a new malicious campaign targeting Ministries of Foreign Affairs of NATO-related countries. Adversaries distribute PDF documents used as lures and masquerading the sender as the German embassy. One of the PDF files contains Duke malware attributed to the nefarious russian nation-backed hacking collective tracked as APT29 aka NOBELIUM, Cozy Bear, or […]
UAC-0006 hacking collective is on the rise, actively targeting Ukrainian organizations with SmokeLoader malware in a long-lasting campaign aimed at financial profits. The latest CERT-UA cybersecurity alert details that the hacking group has launched a third massive cyber-attack in a row, severely threatening the banking systems across the country. Analyzing UAC-0006 Phishing Campaign Aimed at […]
Cyber defenders have observed a recent surge in cyber attacks spreading Mallox ransomware. For a period of two years, ransomware operators have been abusing MS-SQL servers as the initial access vector to spread the infection further. Detect Mallox Ransomware With the growing activity of the Mallox ransomware gang and their ambitions to expand the impact […]
Since at least 2022, the hacking collective tracked as UAC-0024 has been launching a series of offensive operations targeting Ukraine’s defense forces. The group’s cyber-espionage activity mainly focuses on intelligence gathering leveraging CAPIBAR malware. Based on attacker TTPs along with the uncovered use of another malware dubbed Kazuar, the adversary activity can be linked to […]