The Vermin hacking collective, also tracked as UAC-0020, resurfaces, targeting Ukraine using a novel offensive tool dubbed FIRMACHAGENT. In the latest attack, adversaries leverage the phishing attack vector to spread emails with the lure subject related to the prisoners of war at the Kursk front. UAC-0020 aka Vermin Attack Analysis Using FIRMACHAGENT On August 19, 2024, […]
The increasing number of phishing attacks requires immediate attention from defenders, underscoring the need for increasing cybersecurity awareness and bolstering the organization’s cyber hygiene. Following the UAC-0102 attack targeting UKR.NET users, another hacking collective tracked as UAC-0198 leverages the phishing attack vector to target the Ukrainian state bodies and massively distribute ANONVNC (MESHAGENT) malware to […]
Defenders have discovered a novel APT group dubbed Actor240524, which applies an advanced adversary toolkit to evade detection and gain persistence. At the turn of July 2024, adversaries performed a spear-phishing campaign against diplomats from Azerbaijan and Israel. Attackers leveraged a malicious Word document featuring content in Azerbaijani and masquerading as official documentation designed to […]
The nefarious russian state-sponsored APT28 hacking collective, also known as Fighting Ursa, is coming into the spotlight. Since early spring 2024, adversaries have been targeting diplomats in a long-term offensive campaign, leveraging a car for sale as a phishing lure to distribute HeadLace malware. Detect Fighting Ursa aka APT28 Attacks Spreading HeadLace Malware The continuously […]
Defenders have observed a sudden surge in the adversary activity of the UAC-0057 hacking group targeting Ukrainian local government agencies. Attackers distribute malicious files containing macros aimed at launching PICASSOLOADER on the targeted computers, which leads to the delivery of Cobalt Strike Beacon. Detect UAC-0057 Activity Covered in the CERT-UA#10340 Alert Since the full-scale war […]
Since the outbreak of the full-scale war in Ukraine, cyber defenders have identified the growing volumes of cyber-espionage campaigns aimed at collecting intelligence from the Ukrainian state bodies. Further, the same tactics, techniques, and procedures are applied to target broader geography, including North America, Europe, and Asia. Precisely, in May 2023, the UAC-0063 group launched […]
Defenders have been observing a DarkGate malware campaign in which adversaries have taken advantage of Microsoft Excel files to spread malicious samples from publicly accessible SMB file shares. DarkGate represents a highly adaptable malicious strain, potentially stepping into the gap left by the dismantling of the notorious QakBot in late summer 2023. Detect DarkGate Malware […]
New ransomware maintainers have rapidly emerged in the cyber threat arena, employing innovative locker malware and a variety of detection evasion tactics. The ransomware gang dubbed “Volcano Demon” leverages novel LukaLocker malware and demands ransom payment via phone calls to IT executives and decision-makers. Detect Volcano Demon Ransomware Attacks Ransomware remains one of the top […]
Cybersecurity researchers discovered a new code execution technique that employs specially crafted MSC files and a Windows XSS flaw. The newly uncovered infection technique, dubbed GrimResource, allows attackers to perform code execution in the Microsoft Management Console (MMC). Defenders discovered a sample using GrimResource that was recently uploaded to VirusTotal in early June 2024, indicating […]
The China-linked cyber-espionage group Velvet Ant has been infiltrating F5 BIG-IP devices for about three years, using them as internal C2 servers, deploying malware, and gaining persistence to smartly evade detection and steal sensitive data. Detect Velvet Ant Attacks In Q1 2024, APT groups from various regions, including China, North Korea, Iran, and Russia, demonstrated […]