Cybersecurity researchers have unveiled a new offensive operation launched by the russia-backed Storm-0978 aka DEV-0978 group, which is also tracked as RomCom based on the name of the nefarious backdoor they are associated with. In this campaign, hackers are targeting defense organizations and public authorities in Europe and North America leveraging the phishing attack vector […]
Threat Bounty Publications In June, the active members of the Threat Bounty Program submitted 568 Sigma rules for a chance of publication to the SOC Prime Platform for monetization. As a result of verification, 74 rules were approved and successfully published. Explore Detections Typically enough, the most frequent reasons for rejection of content publication were: […]
Cybersecurity researchers have uncovered traces of new malicious activity attributed to the nefarious BlackCat aka ALPHV ransomware gang. The adversary campaign involves the distribution of malware via cloned webpages of legitimate companies, including the webpage of a popular WinSCP file-transferring service. BlackCat is also observed using SpyBoy Terminator for its offensive purposes to hinder anti-malware […]
Cybersecurity researchers issue a heads-up covering a new targeted cyber attack by the UAC-0057 group against Ukrainian public officials leveraging XLS files that contain a malicious macro spreading PicassoLoader malware. The malicious loader is capable of dropping another malicious strain dubbed njRAT to spread the infection further. PicassoLoader and njRAT Malware Distribution by UAC-0057 Hackers: […]
CERT-UA researchers recently uncovered a fraudulent copy of the English-language version of the Ukrainian World Congress website at https://www.ukrainianworldcongress.org/. The fake web resource contains a couple of DOCX documents that trigger an infection chain once opened. As a result of the attack chain, hackers can deploy MAGICSPELL payload intended to download, decipher, and maintain the […]
Quantum ransomware, a strain that has garnered significant attention since its discovery in July 2021, has proven to be an especially malicious and rapidly evolving form of ransomware. As cybersecurity professionals strive to stay one step ahead of cybercriminals, understanding the intricacies and potential impact of Quantum ransomware becomes imperative. It is a sub-variant of […]
In the dynamic and ever-changing realm of cybersecurity, attackers demonstrate unwavering determination as they continuously come up with innovative techniques to circumvent security measures and infiltrate systems that cannot be easily deemed vulnerable. One such technique that has gained prominence is the Squiblydoo attack. This attack specifically targets the exploitation of legitimate applications or files […]
Cybersecurity researchers warn defenders of yet another phishing campaign dubbed MULTI#STORM, in which hackers abuse JavaScript files to drop RAT malware onto the targeted systems. The MULTI#STORM attack chain contains multiple stages with the final one spreading Quasar RAT and Warzone RAT samples. According to the investigation, in this campaign threat actors have set eyes […]
CVE-2023-23397 is a critical elevation of privilege (EoP) vulnerability in Microsoft Outlook with a CVSS base score of 9.8. It was first disclosed on March 14, 2023, and attributed to APT28, also known as Fancy Bear or Strontium – a threat actor associated with the Russian General Staff Main Intelligence Directorate (GRU). The vulnerability is […]
With the ongoing russian cyber offensive operations targeting Ukraine and its allies, the aggressor is continuously launching cyber-espionage campaigns against state bodies and other organizations representing critical infrastructure. Less than a week after CERT-UA researchers warned of a spike in cyber-espionage attacks by russia-linked Shuckworm group, another nefarious hacking group comes back to the scene. […]