Tag: Onur Atali

Dark Utilities Platform
Dark Utilities “C2aaS” Platform: Provides Adversaries With a Vast Array of C2 Capabilities

A C2 platform called “Dark Utilities” was released in early 2022 and is currently getting traction among adversaries. Dark Utilities, a C2-as-a-Service (C2aaS), provides an affordable (at a starting price of just EUR 9,99) way of setting up an anonymous C&C infrastructure. The service allows for remote access, DDoS attacks, command execution, and cryptojacking. Security […]

Read More
Adversarial Abuse of Proxyware
Adversaries Hack Microsoft SQL Servers to Install Proxyware and Steal Bandwidth

Security analysts report an increasing number of cases of adversarial abuse of software called ‘proxyware’. Users can install proxyware (operated via the client application) and become bandwidth donors by sharing their internet connection via services like Peer2Profit and IPRoyal. The hosts, incentivized with monetary rewards, enable other users to access the web from their location […]

Read More
CloudMensis macOS Spyware
CloudMensis Detection: New Malware to Steal macOS Users’ Data

New CloudMensis malware springs into action with highly targeted attacks. Researchers have yet to establish the techniques attackers used to gain initial access to victims’ devices; however, the small number of documented attacks happened since February indicate that the CloudMensis malware was deployed to exfiltrate information as part of a targeted campaign aimed at a […]

Read More
XMRIG Cryptominer
XMRig Coin Miner: Adversaries Employ New Approaches to Illegal Crypto Mining

With a mounting number of cyber criminal operations pursuing the illicit installation of crypto mining software on victim devices and systems, increasing awareness of crypto-jacking is paramount. Earlier this Summer, US-CERT released a malware analysis report related to XMRig coin miner, detailing new approaches to hijacking victims’ devices and leveraging them for crypto mining. CISA […]

Read More
Evilnum APT Group
Evilnum Hacking Group Resurfaces With Spear Phishing Attacks on European Migration Organizations

The operations of Evilnum hackers have been watched closely by security analysts since 2020, with the threat actors’ activity traced back as early as 2018. The APT group is predominantly associated with the attacks on the FinTech sector in Europe, often classified as a financially motivated group. Sources claimed that the most recent spear phishing […]

Read More
Blue Mockingbird Threat Actor
Telerik UI Vulnerability Exploit Detection: Blue Mockingbird Leverages CVE-2019-18935

Blue Mockingbird cybercrime group has been on the cybersecurity radar for about two years now. In the current campaign, the threat actor exploits the vulnerabilities discovered in 2019 in a popular Telerik UI suite for ASP.NET AJAX that includes around 120 components. The major vulnerability, tracked as CVE-2019-18935 with a critical severity level of 9.8, […]

Read More
Yashma Ransomware
Yashma Ransomware Detection: the Latest Chaos Builder Variant

Chaos graphical user interface (GUI) builder has been on the market for less than a year, allowing adversaries to craft new ransomware strains. A new ransomware variant dubbed Yashma is its 6th version, available from May 2022. Yashma is the most refined version of this GUI ransomware builder that is known for its flexibility and […]

Read More
Cyclops Blink malware
Cyclops Blink Malware Used by Sandworm APT Group Replaces VPNFilter As Reported by CISA

On February 23, 2022, CISA launched an alert stating that the UK National Cyber Security Centre (NCSC), the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) have detected the use of a novel malicious strain known as Cyclops Blink. As a replacement of the […]

Read More
Threat Bounty
SOC Prime Threat Bounty — September 2021 Results

In April 2019, SOC Prime announced a crowdsourcing initiative to unite the cyber security community to withstand emerging threats. Since the launch of the Threat Bounty Program, SOC Prime welcomed 300+ participants who published 2300+ Sigma rules, 100+ YARA rules, 25+ Snort Rules to Threat Detection Marketplace repository of the SOC Prime Platform.  More than […]

Read More
CVE-2021-22005
Detect Critical VMware vCenter Vulnerability (CVE-2021-22005) Exploitation Attempts

On September 24, 2021, CISA issued an alert warning about multiple exploitation attempts for а critical vulnerability (CVE-2021-22005) in VMware vCenter Server. A heavy number of scans for the vulnerable servers broke forth after the Vietnamese security researcher Jang published an incomplete exploit for CVE-2021-2205. Jang’s technical notes were enough for experienced hackers to produce […]

Read More