The TellYouThePass ransomware operators have been spotted behind a novel adversary campaign leveraging the PHP-CGI vulnerability tracked as CVE-2024-4577. Adversaries weaponize the flaw to upload web shells and distribute TellYouThePass ransomware on compromised instances. Detect TellYouThePass Ransomware Campaign In light of the newly uncovered PHP-CGI bug being swiftly weaponized for in-the-wild attacks, facilitating the distribution […]
The Vermin hacking group, also known as UAC-0020, resurfaces, targeting the Armed Forces of Ukraine. In the latest “SickSync” campaign uncovered by CERT-UA in collaboration with the Cybersecurity Center of the Armed Forces of Ukraine, adversaries once again employ SPECTR malware, which has been part of their adversary toolkit since 2019. SickSync Campaign Targeting the […]
Since the onset of the Russia-Ukraine war in 2022, there has been a significant rise in offensive operations, highlighting the profound impact of geopolitical tensions on global enterprises. Multiple hacking groups continue to use Ukraine as a testing ground to extend their attack surface into European and U.S. political arenas. CERT-UA has been lately reported […]
In mid-April 2024, CERT-UA warned defenders of repeated adversary attempts to compromise Ukrainian organizations using COOKBOX malware. Defenders observed the ongoing phishing campaign targeting Ukraine and took measures to disrupt the offensive attempts. The identified russia-linked malicious activity is tracked under the moniker FlyingYeti and overlaps with the UAC-0149 operation covered in the CERT-UA#9522 alert. […]
Heads up! The nefarious cyber-espionage group Kimsuky APT, aka Springtail, enriches its offensive toolkit with a novel malware variant dubbed Linux.Gomir. The novel backdoor, which is considered to be a Linux iteration of the GoBear malware, is leveraged by adversaries in the ongoing cyber attacks against South Korean organizations. Detect Gomir Backdoor Delivered by Kimsuky […]
With the global digitalization of the financial sector, organizations are exposed to escalating risks in numerous sophisticated financially-motivated cyber attacks. Throughout April, cybersecurity researchers have identified a surge in malicious operations attributed to the nefarious russia’s hacking collective known as FIN7 massively targeting organizations worldwide for financial gain. Adversaries have been observed abusing weaponized Google […]
As of May 2024, the nefarious Black Basta ransomware operators have breached over 500 global organizations. In response to the escalating threats, the U.S.’s leading and global cybersecurity agencies have issued a joint cybersecurity advisory warning defenders of the group’s increasing activity, which has already affected dozens of critical infrastructure organizations, including the healthcare sector. […]
Cybersecurity researchers have recently uncovered a novel malicious strain dubbed Cuckoo malware, which mimics the capabilities of spyware and an infostealer and can run on both Intel and Arm-based Mac computers. Detect Cuckoo Malware The surge in ongoing infostealing attacks using macOS malware fuels the need for strengthening defenses. SOC Prime Platform curates a set […]
The nefarious cyber-espionage hacking collective tracked as Forest Blizzard (aka Fancy Bear, STRONTIUM, or APT28) has been experimenting with a novel custom tool dubbed GooseEgg malware to weaponize the critical CVE-2022-38028 vulnerability in Windows Print Spooler. Adversaries are launching multiple intelligence-gathering attacks targeting organizations across the globe in diverse industry sectors. Successful privilege escalation and […]
The UAC-0149 threat actor repeatedly targets Ukrainian governments and military organizations using COOKBOX malware. The latest research by CERT-UA details the new attack leveraging phishing Signal messages and CVE-2023-38831 exploits to deploy COOKBOX on the targeted instances. UAC-0149 Attack Details UAC-0149 hacking collective has been performing malicious operations against Ukraine since at least autumn 2023. […]