Tag: Malware

2023 Year in Review
2023 Year in Review

Celebrating Milestones and Shared Success As we approach 2024, let’s take some time to reflect on our shared accomplishments and look forward to even more significant successes in the coming year. Over the past year, our joint endeavors have been focused on shaping a secure tomorrow, driven by the collective strength of the global cybersecurity […]

Read More
New Phishing Campaign by UAC-0050: Kyivstar & Security Service of Ukraine Baits to Deliver Remcos RAT
New Phishing Campaign by UAC-0050: Kyivstar & Security Service of Ukraine Baits to Deliver Remcos RAT

Cybersecurity analysts are observing a substantial increase in malicious activities targeting Ukraine’s public and private sectors, where attackers often resort to phishing vectors as their primary strategy for initiating intrusions. CERT-UA notifies cyber defenders of ongoing attacks against Ukrainian organizations leveraging Kyivstar and the Security Service of Ukraine phishing lures. The infamous UAC-0050 group aims […]

Read More
Operation Blacksmith Detection: Lazarus APT Uses a CVE-2021-44228 Exploit to Deploy New DLang-Based Malware Strains
Operation Blacksmith Detection: Lazarus APT Uses a CVE-2021-44228 Exploit to Deploy New DLang-Based Malware Strains

Adversaries set their eyes on a notorious security flaw in Log4j Java Library tracked as CVE-2021-44228, aka Log4Shell, even a couple of years after its disclosure. A new campaign dubbed “Operation Blacksmith” involves the exploitation of the Log4Shell vulnerability to deploy new malicious strains written in DLang, including novel RATs. The North Korean APT Lazarus […]

Read More
Remcos RAT and Meduza Stealer Detection: UAC-0050 Group Launches a Massive Phishing Attack Against State Bodies in Ukraine and Poland
Remcos RAT and Meduza Stealer Detection: UAC-0050 Group Launches a Massive Phishing Attack Against State Bodies in Ukraine and Poland

Less than a week after a phishing campaign by UAC-0050 spreading Remcos RAT, the group attempted to launch another offensive operation. In the newly uncovered massive email distribution campaign, UAC-0050 hackers target the Ukrainian and Polish public sectors, leveraging the nefarious Remcos RAT and another malware strain dubbed Meduza Stealer. UAC-0050 Attack Description: Activity Covered […]

Read More
Cactus Ransomware Detection: Attackers Launch Targeted Attacks to Spread Ransomware Strains
Cactus Ransomware Detection: Attackers Launch Targeted Attacks to Spread Ransomware Strains

Heads up! Recent Cactus ransomware attacks are getting into the spotlight. Hackers exploit critical Qlik Sense vulnerabilities to further deliver Cactus ransomware. In other ransomware campaigns, they leverage malvertising lures to spread DanaBot malware for initial access to compromised systems.  Detecting Cactus Ransomware Infections Ransomware operators are constantly seeking new ways to proceed with payload […]

Read More
UAC-0006 Attack Detection: Overview of the Financially Motivated Group’s Campaigns Based on CERT-UA Research
UAC-0006 Attack Detection: Overview of the Financially Motivated Group’s Campaigns Based on CERT-UA Research

The infamous hacking group known as UAC-0006 has been launching offensive operations against Ukraine since 2013 primarily driven by financial gain. CERT-UA researchers recently issued a compiled overview of the group’s adversary activity aimed at raising cybersecurity awareness and minimizing risks. The group is notorious for committing financial theft by leveraging malware like SmokeLoader to […]

Read More
UAC-0050 Attack Detection: Hackers Launch Another Targeted Campaign Spreading Remcos RAT 
UAC-0050 Attack Detection: Hackers Launch Another Targeted Campaign Spreading Remcos RAT 

Hard on the heels of the phishing attack impersonating the Security Service of Ukraine and using Remcos RAT, the hacking collective identified as UAC-0050 launched another adversary campaign against Ukraine leveraging the phishing attack vector. In these attacks targeting 15,000+ users hackers massively send emails with a subject and attachment lures related to a summons […]

Read More
Konni Group Attack Detection: North Korean Hackers Leverage russian-Language Weaponized Word Document to Spread RAT Malware
Konni Group Attack Detection: North Korean Hackers Leverage russian-Language Weaponized Word Document to Spread RAT Malware

Defenders observe a new phishing attack, in which adversaries weaponize a russian-language Microsoft Word document to distribute malware that can extract sensitive data from targeted Windows instances. Hackers behind this offensive campaign belong to a North Korean group dubbed Konni, which shares similarities with a cyber-espionage cluster tracked as Kimsuky APT.  Detect Konni Group Attacks […]

Read More
LockBit 3.0 Ransomware Attack Detection: CISA, FBI, and International Cyber Authorities Warn Defenders of CVE 2023-4966 Citrix Bleed Vulnerability Exploitation
LockBit 3.0 Ransomware Attack Detection: CISA, FBI, and International Cyber Authorities Warn Defenders of CVE 2023-4966 Citrix Bleed Vulnerability Exploitation

A critical vulnerability impacting Citrix NetScaler ADC and Gateway products tracked as CVE-2023-4966 is actively exploited in real-world attacks despite its patching in October 2023. Due to a surge in LockBit 3.0 ransomware attacks weaponizing this flaw dubbed Citrix Bleed vulnerability, CISA and FBI, in collaboration with other international authorities, recently released a joint advisory […]

Read More
Remcos RAT Detection: UAC-0050 Hackers Launch Phishing Attacks Impersonating the Security Service of Ukraine
Remcos RAT Detection: UAC-0050 Hackers Launch Phishing Attacks Impersonating the Security Service of Ukraine

CERT-UA researchers have recently published a novel heads-up that covers ongoing phishing attacks against Ukraine involving distribution of Remcos RAT. The group in charge of this offensive campaign, which involves massively distributing spoofing emails with a false sender identity masquerading as the Security Service of Ukraine, is tracked as UAC-0050. UAC-0050 Attack Analysis Covered in […]

Read More