With the global digitalization of the financial sector, organizations are exposed to escalating risks in numerous sophisticated financially-motivated cyber attacks. Throughout April, cybersecurity researchers have identified a surge in malicious operations attributed to the nefarious russia’s hacking collective known as FIN7 massively targeting organizations worldwide for financial gain. Adversaries have been observed abusing weaponized Google […]
As of May 2024, the nefarious Black Basta ransomware operators have breached over 500 global organizations. In response to the escalating threats, the U.S.’s leading and global cybersecurity agencies have issued a joint cybersecurity advisory warning defenders of the group’s increasing activity, which has already affected dozens of critical infrastructure organizations, including the healthcare sector. […]
Cybersecurity researchers have recently uncovered a novel malicious strain dubbed Cuckoo malware, which mimics the capabilities of spyware and an infostealer and can run on both Intel and Arm-based Mac computers. Detect Cuckoo Malware The surge in ongoing infostealing attacks using macOS malware fuels the need for strengthening defenses. SOC Prime Platform curates a set […]
The nefarious cyber-espionage hacking collective tracked as Forest Blizzard (aka Fancy Bear, STRONTIUM, or APT28) has been experimenting with a novel custom tool dubbed GooseEgg malware to weaponize the critical CVE-2022-38028 vulnerability in Windows Print Spooler. Adversaries are launching multiple intelligence-gathering attacks targeting organizations across the globe in diverse industry sectors. Successful privilege escalation and […]
The UAC-0149 threat actor repeatedly targets Ukrainian governments and military organizations using COOKBOX malware. The latest research by CERT-UA details the new attack leveraging phishing Signal messages and CVE-2023-38831 exploits to deploy COOKBOX on the targeted instances. UAC-0149 Attack Details UAC-0149 hacking collective has been performing malicious operations against Ukraine since at least autumn 2023. […]
Cybersecurity researchers have unveiled a novel sophisticated multi-stage attack, in which adversaries take advantage of the ScrubCrypt anti-malware evasion tool to drop VenomRAT along with multiple harmful plugins, including nefarious Remcos, XWorm, NanoCore RAT, and other malicious strains. Detect VenomRAT Deployed via ScrubCrypt With cyber-attacks proliferating and employing increasingly sophisticated intrusion methods, cyber defenders require […]
Cybersecurity experts remain vigilant amidst an ongoing supply chain attack that has cast a shadow over the most widely-used Linux distributions. With its scale and sophistication reminiscent of infamous incidents like Log4j and SolarWinds, this new threat emanates from a backdoored XZ Utils (formerly LZMA Utils)—an essential data compression utility found in virtually all major […]
Hackers employ diverse TTPs in a multi-stage software supply-chain campaign going after GitHub users, including members of the widely recognized Top.gg community, with over 170,000+ users falling prey to the offensive operations. Adversaries took advantage of a fake Python infrastructure, causing the full compromise of GitHub accounts, the publication of harmful Python packs, and the […]
Hard on the heels of the DEEP#GOSU offensive campaign associated with the North Korean hacking collective Kimsuky APT, the group comes to the spotlight once again by shifting their adversary TTPs. Defenders have recently observed Kimsuky’s use of Microsoft Compiled HTML Help (CHM) files to spread malware and collect sensitive data from impacted instances. Detect […]
The nefarious cyber-espionage North Korean Kimsuky APT group has been in the limelight in the cyber threatscape since at least 2012. A new multi-stage Kimsuky-affiliated offensive campaign tracked as DEEP#GOSU hits the headlines, posing threats to Windows users and leveraging PowerShell and VBScript malware to infect targeted systems. Detect DEEP#GOSU Attack Campaign Last year has […]