Cybersecurity researchers have identified an ongoing in-the-wild adversary campaign, which leverages a known RCE vulnerability in Microsoft Office tracked as CVE-2017-0199 exploited by a malicious Excel file used as a lure attachment in phishing emails. The phishing campaign is designed to distribute a new fileless version of the notorious Remcos RAT malware and take full […]
Essential Tips to Level Up in SOC Prime Threat Bounty Program As a detection engineer, SOC analyst, and threat hunter, joining SOC Prime’s Threat Bounty Program opens the door to significant professional growth within a globally recognized cybersecurity community. The Program is designed to harness the expertise in detection engineering, enabling members to contribute high-value […]
Security researchers have revealed a stealthy campaign targeting users in Central and Southwestern Europe with an email credential stealer. Dubbed Strela, this evasive malware is deployed via phishing emails, utilizing obfuscated JavaScript and WebDAV to circumvent conventional security measures. Since its emergence two years ago, Strela Stealer has significantly enhanced its malicious capabilities, allowing it […]
The notorious Russian state-sponsored hacking group known as APT28 or UAC-0001, which has a history of launching targeted phishing attacks on Ukrainian public sector organizations, has resurfaced in the cyber threat landscape. In the latest adversary campaign covered by CERT-UA, attackers weaponize a PowerShell command embedded in the clipboard as an entry point to further conduct offensive […]
Attackers frequently launch high-profile attacks by exploiting RCE vulnerabilities in popular software products. Cybersecurity researchers have recently identified the widespread exploitation of FortiManager instances, with 50+ potentially compromised devices across multiple industry verticals. Defenders disclosed a critical FortiManager API vulnerability, tracked as CVE-2024-47575, that was exploited in zero-day attacks by adversaries to execute arbitrary code […]
Hot on the heels of the “Rogue RDP” attacks exploiting the phishing attack vector and targeting Ukrainian state bodies and military units, CERT-UA researchers uncovered another wave of phishing attacks leveraging emails with invoice-related subject lures and weaponizing HOMESTEEL malware for file theft. The UAC-0218 group is believed to be behind the ongoing adversary operation. […]
Hard on the heels of a new wave of cyber-attacks by UAC-0050 involving cyber espionage and financial thefts and relying on a diverse number of tools, including MEDUZASTEALER, another suspicious activity comes to the spotlight in the Ukrainian cyber threat arena. CERT-UA recently launched a new alert covering spoofed phishing attacks spreading MEDUZASTEALER via Telegram […]
The UAC-0050 hacking collective notorious for its long-standing offensive operations against Ukraine steps back into the cyber threat arena. CERT-UA researchers have long been investigating the group’s activity, which primarily focuses on three key directions, including cyber espionage and financial theft, along with information and psychological operations tracked under the “Fire Cells Group” brand. Financially […]
Amid a spike in cyber-espionage efforts by North Korean APT groups targeting Southeast Asia under the SHROUDED#SLEEP campaign, cybersecurity experts are raising alarms about a parallel wave of attacks orchestrated by Iran-affiliated hackers. This newly discovered campaign focuses on spying on organizations across the UAE and Gulf regions. Known as Earth Simnavaz APT (also referred […]
LemonDuck, a notorious crypto-mining malware, has been observed targeting Windows servers by exploiting known vulnerabilities in Microsoft’s Server Message Block (SMB) protocol, including the EternalBlue flaw tracked as CVE-2017-0144. The malware has evolved into a more advanced threat capable of credential theft, enriched with detection evasion techniques, and spreading through multiple attack vectors. Detect LemonDuck […]