Tag: Malware

APT28 Phishing Attack Detection: Hackers Target Ukrainian Energy Sector Using Microsoft Edge Downloader, TOR Software, and the Mockbin Service for Remote Management
APT28 Phishing Attack Detection: Hackers Target Ukrainian Energy Sector Using Microsoft Edge Downloader, TOR Software, and the Mockbin Service for Remote Management

At the turn of fall 2023, the russia-backed APT28 hacking group reemerges in the cyber threat arena, targeting the critical infrastructure of Ukrainian organizations in the power industry sector.  CERT-UA has recently released a security notice covering a phishing attack from a fake sender email address containing a link to a malicious archive. Following this […]

Read More
CVE-2023-38831 Detection: UAC-0057 Group Exploits a WinRAR Zero-Day to Spread a PicassoLoader Variant and CobaltStrike Beacon via Rabbit Algorithm
CVE-2023-38831 Detection: UAC-0057 Group Exploits a WinRAR Zero-Day to Spread a PicassoLoader Variant and CobaltStrike Beacon via Rabbit Algorithm

The UAC-0057 hacking collective, aka GhostWriter, reemerges in the cyber threat arena by abusing a WinRAR zero-day tracked as CVE-2023-38831 that has been exploited in the wild since April through August 2023. The successful exploitation of CVE-2023-38831 enables attackers to infect the targeted systems with a PicassoLoader variant and Cobalt Strike Beacon malware. Notably, both […]

Read More
UAC-0173 Attacks: Ukrainian Judicial Bodies and Notary Massively Targeted With AsyncRAT Malware
UAC-0173 Attacks: Ukrainian Judicial Bodies and Notary Massively Targeted With AsyncRAT Malware

Cybersecurity experts observe significantly growing volumes of malicious activity aimed at targeting Ukrainian public and private sectors, with offensive forces frequently relying on the phishing attack vector to proceed with the intrusion.  CERT-UA notifies cyber defenders of the ongoing malicious campaign against judicial bodies and notaries in Ukraine, massively distributing emails with the lure subjects […]

Read More
SOC Prime on Discord: Join a Single Community for All Cyber Defenders to Benefit from Shared Expertise
SOC Prime on Discord: Join a Single Community for All Cyber Defenders to Benefit from Shared Expertise

In February 2023, SOC Prime launched its Discord server community connecting aspiring cybersecurity enthusiasts and seasoned experts in a single place. The community serves as the world’s largest open-source hub for Threat Hunters, CTI and SOC Analysts, and Detection Engineers — anyone having a genuine passion for cybersecurity. Currently, our Discord server hosts over 1,500 […]

Read More
Adversaries Use Weaponized PDFs Disguised as German Embassy Lures to Spread Duke Malware Variant in Attacks Against Ministries of Foreign Affairs of NATO-Aligned Countries 
Adversaries Use Weaponized PDFs Disguised as German Embassy Lures to Spread Duke Malware Variant in Attacks Against Ministries of Foreign Affairs of NATO-Aligned Countries 

Cybersecurity researchers have observed a new malicious campaign targeting Ministries of Foreign Affairs of NATO-related countries. Adversaries distribute PDF documents used as lures and masquerading the sender as the German embassy. One of the PDF files contains Duke malware attributed to the nefarious russian nation-backed hacking collective tracked as APT29 aka NOBELIUM, Cozy Bear, or […]

Read More
Detecting SmokeLoader Campaign: UAC-0006 Keep Targeting Ukrainian Financial Institutions in a Series of Phishing Attacks
Detecting SmokeLoader Campaign: UAC-0006 Keep Targeting Ukrainian Financial Institutions in a Series of Phishing Attacks

UAC-0006 hacking collective is on the rise, actively targeting Ukrainian organizations with SmokeLoader malware in a long-lasting campaign aimed at financial profits. The latest CERT-UA cybersecurity alert details that the hacking group has launched a third massive cyber-attack in a row, severely threatening the banking systems across the country.  Analyzing UAC-0006 Phishing Campaign Aimed at […]

Read More
Mallox Ransomware Detection: Increasing Attacks Abusing MS-SQL Servers
Mallox Ransomware Detection: Increasing Attacks Abusing MS-SQL Servers

Cyber defenders have observed a recent surge in cyber attacks spreading Mallox ransomware. For a period of two years, ransomware operators have been abusing MS-SQL servers as the initial access vector to spread the infection further. Detect Mallox Ransomware With the growing activity of the Mallox ransomware gang and their ambitions to expand the impact […]

Read More
CAPIBAR and KAZUAR Malware Detection: Turla aka UAC-0024 or UAC-0003 Launches Targeted Cyber-Espionage Campaigns Against Ukraine
CAPIBAR and KAZUAR Malware Detection: Turla aka UAC-0024 or UAC-0003 Launches Targeted Cyber-Espionage Campaigns Against Ukraine

Since at least 2022, the hacking collective tracked as UAC-0024 has been launching a series of offensive operations targeting Ukraine’s defense forces. The group’s cyber-espionage activity mainly focuses on intelligence gathering leveraging CAPIBAR malware. Based on attacker TTPs along with the uncovered use of another malware dubbed Kazuar, the adversary activity can be linked to […]

Read More
What Are LOLBins?
What Are LOLBins?

LOLBins, also known as “Living off the Land Binaries,” are binaries that use legitimate commands and pre-installed executables of the operating system to perform malicious activities. LOLBins use local system binaries to bypass detection, deliver malware, and remain undetected. When leveraging LOLBins, adversaries can improve their chances of staying unnoticed by using legitimate cloud services […]

Read More
UAC-0010 aka Armageddon APT Attacks Detection: Overview of Group’s Ongoing Offensive Operations Targeting Ukraine
UAC-0010 aka Armageddon APT Attacks Detection: Overview of Group’s Ongoing Offensive Operations Targeting Ukraine

Since russia’s full-fledged invasion of Ukraine, the aggressor’s offensive forces have launched thousands of targeted cyber attacks against Ukraine. One of the most persistent threats belongs to the infamous cyber-espionage gang tracked as UAC-0010 (Armageddon). This article provides an overview of the group’s adversary activity against Ukraine largely exploiting the phishing attack vector as of […]

Read More