LOLBins, also known as “Living off the Land Binaries,” are binaries that use legitimate commands and pre-installed executables of the operating system to perform malicious activities. LOLBins use local system binaries to bypass detection, deliver malware, and remain undetected. When leveraging LOLBins, adversaries can improve their chances of staying unnoticed by using legitimate cloud services […]
Threat detection engineering (DE) is more complex than it might seem initially. It goes far beyond the detection of events or abnormal activities. The DE process includes detecting states and conditions, which is often more applicable to incident response or digital forensics. As Florian Roth mentions in his blog, the definition of detection engineering “should […]
Heads up! Cyber defenders are notified of a new wave of phishing attacks leveraging the invoice-relate email subjects with the infection chain triggered by opening a malicious VBS file, which leads to spreading SmokeLoader malware on the affected devices. According to the investigation, the malicious activity can be attributed to the financially-motivated UAC-0006 hacking gang […]
Cybersecurity researchers have unveiled a new offensive operation launched by the russia-backed Storm-0978 aka DEV-0978 group, which is also tracked as RomCom based on the name of the nefarious backdoor they are associated with. In this campaign, hackers are targeting defense organizations and public authorities in Europe and North America leveraging the phishing attack vector […]
Threat Bounty Publications In June, the active members of the Threat Bounty Program submitted 568 Sigma rules for a chance of publication to the SOC Prime Platform for monetization. As a result of verification, 74 rules were approved and successfully published. Explore Detections Typically enough, the most frequent reasons for rejection of content publication were: […]
Cybersecurity researchers have uncovered traces of new malicious activity attributed to the nefarious BlackCat aka ALPHV ransomware gang. The adversary campaign involves the distribution of malware via cloned webpages of legitimate companies, including the webpage of a popular WinSCP file-transferring service. BlackCat is also observed using SpyBoy Terminator for its offensive purposes to hinder anti-malware […]
Cybersecurity researchers issue a heads-up covering a new targeted cyber attack by the UAC-0057 group against Ukrainian public officials leveraging XLS files that contain a malicious macro spreading PicassoLoader malware. The malicious loader is capable of dropping another malicious strain dubbed njRAT to spread the infection further. PicassoLoader and njRAT Malware Distribution by UAC-0057 Hackers: […]
CERT-UA researchers recently uncovered a fraudulent copy of the English-language version of the Ukrainian World Congress website at https://www.ukrainianworldcongress.org/. The fake web resource contains a couple of DOCX documents that trigger an infection chain once opened. As a result of the attack chain, hackers can deploy MAGICSPELL payload intended to download, decipher, and maintain the […]
Quantum ransomware, a strain that has garnered significant attention since its discovery in July 2021, has proven to be an especially malicious and rapidly evolving form of ransomware. As cybersecurity professionals strive to stay one step ahead of cybercriminals, understanding the intricacies and potential impact of Quantum ransomware becomes imperative. It is a sub-variant of […]
In the dynamic and ever-changing realm of cybersecurity, attackers demonstrate unwavering determination as they continuously come up with innovative techniques to circumvent security measures and infiltrate systems that cannot be easily deemed vulnerable. One such technique that has gained prominence is the Squiblydoo attack. This attack specifically targets the exploitation of legitimate applications or files […]