Tag: Sigma

Remote Utilities Exploitation: New Phishing Campaign by the UAC-0096 Group Targeting Ukrainian Organizations 
Remote Utilities Exploitation: New Phishing Campaign by the UAC-0096 Group Targeting Ukrainian Organizations 

Hot on the heels of the massive email distribution in the recent malicious campaign targeting Ukrainian state bodies and leveraging Remcos (Remote Control and Surveillance) Trojan, threat actors exploit another remote administration software dubbed Remote Utilities to hit Ukrainian organizations. CERT-UA warns the global cyber defender community of ongoing phishing attacks attributed to the UAC-0096 […]

Read More
Remcos Malware Detection: UAC-0050 Group Targets Ukrainian Government Entities in Phishing Attacks Using Remote Access Software  
Remcos Malware Detection: UAC-0050 Group Targets Ukrainian Government Entities in Phishing Attacks Using Remote Access Software  

Remcos Trojan (Remote Control and Surveillance) is frequently delivered by threat actors leveraging phishing attack vectors. The malware currently reemerges in the cyber threat arena to target Ukrainian government entities.  On February 6, 2023, cybersecurity researchers released a new CERT-UA#5926 alert detailing the mass email distribution impersonating the Ukrtelecom JSC aimed to spread Remcos malware […]

Read More
UAC-0114 Group aka Winter Vivern Attack Detection: Hackers Launch Phishing Campaigns Targeting Government Entities of Ukraine and Poland
UAC-0114 Group aka Winter Vivern Attack Detection: Hackers Launch Phishing Campaigns Targeting Government Entities of Ukraine and Poland

Since the outbreak of the global cyber war, state bodies of Ukraine and its allies have become targets of diverse malicious campaigns launched by multiple hacking collectives. Threat actors frequently leverage phishing attack vectors to perform their adversary campaigns, like in December 2022’s cyber attacks distributing DolphinCape and FateGrab/StealDeal malware. On February 1, 2023, CERT-UA […]

Read More
Attackers Exploit Microsoft OneNote Attachments to Steal Credentials and Spread Malware
Attackers Exploit Microsoft OneNote Attachments to Steal Credentials and Spread Malware

Microsoft documents have fallen prey to phishing attacks, and adversaries are continuously looking for new ways to disseminate malicious strains. Security vulnerabilities compromising Microsoft products frequently cause a stir in the cyber threat arena, affecting a broad number of users, like in the case Follina zero-day flaw and CVE-2022-22005. Security researchers inform the global cyber […]

Read More
UAC-0082 (Sandworm APT Group) Targets Ukrainian National Information Agency “Ukrinform” in a Series of Cyber Attacks Leveraging Multiple Wiper Malware Strains
UAC-0082 (Sandworm APT Group) Targets Ukrainian National Information Agency “Ukrinform” in a Series of Cyber Attacks Leveraging Multiple Wiper Malware Strains

The russia-linked Sandworm APT group (aka UAC-0082) has been continuously targeting Ukrainian public systems and critical infrastructure for at least a decade. This group is responsible for massive blackouts throughout the country in 2015-2016 caused by the infamous BlackEnergy malware. That was followed by the NotPetya campaign in 2017, which eventually ended up creating a […]

Read More
Rhadamanthys Malware Detection: New Infostealer Spread via Google Ads & Spam Emails to Target Crypto Wallets and Dump Sensitive Information
Rhadamanthys Malware Detection: New Infostealer Spread via Google Ads & Spam Emails to Target Crypto Wallets and Dump Sensitive Information

Security experts have shed light on a novel malicious sample hiding in the malicious arena, an evasive stealer dubbed Rhadamanthys. The malware is commonly distributed via Google ads redirecting compromised users to phishing webpages disguised as widely-used legitimate software.  Detect Rhadamanthys Malware In view of the increasing popularity of Rhadamanthys stealer being broadly distributed in […]

Read More
CVE-2022-42475 Detection: Zero-Day Vulnerability in FortiOS SSL-VPN Exploited in Attacks Against Government Entities and Large Organizations
CVE-2022-42475 Detection: Zero-Day Vulnerability in FortiOS SSL-VPN Exploited in Attacks Against Government Entities and Large Organizations

Stay alert! Security researchers are warning the global cyber defender community of a zero-day vulnerability in FortiOS SSL-VPN, which was patched in December 2022. The security flaw tracked as CVE-2022-42475 and resulting in unauthenticated remote code execution (RCE) has been exploited in targeted attacks against government agencies and large organizations across the globe.  Detect CVE-2022-42475: […]

Read More
SOC Prime Threat Bounty —  December 2022 Results
SOC Prime Threat Bounty —  December 2022 Results

December ‘22 Publications During the last month of the year 2022,  Threat Bounty developers managed to submit 441 rules to review by SOC Prime Team for a chance of publication to the Platform for monetization. The submitted rules were reviewed by a team of seasoned engineers, and based on the collective decisions, 126 rules were […]

Read More
Raspberry Robin Malware Detection: Enhanced Worm-Like Version Attacking European Financial Institutions
Raspberry Robin Malware Detection: Enhanced Worm-Like Version Attacking European Financial Institutions

No matter the holiday season, adversaries have no vacation inventing new malicious tricks to target unsuspecting victims. Last week, security researchers uncovered an enhanced variant of the worm-like Raspberry Robin malware dropper leveraged to target financial and insurance companies across European countries. Experts specifically note that Rasperry Robin received a significant upgrade, including complex obfuscation […]

Read More
Turla Activity Detection: russian Cyberespionage Group Targeting Ukraine Uses Decade-Old USB-Delivered Andromeda Malware to Spread Novel Backdoors
Turla Activity Detection: russian Cyberespionage Group Targeting Ukraine Uses Decade-Old USB-Delivered Andromeda Malware to Spread Novel Backdoors

With USB-spreading malware becoming a popular vector for initial access, cyber defenders remain vigilant in safeguarding the organization’s critical infrastructure. Cybersecurity researchers have recently observed malicious activity of the russia-linked cyberespionage group tracked as Turla APT leveraging legacy Andromeda USB-delivered malware to deploy novel backdoors and custom reconnaissance tools in cyber attacks against Ukraine. Detecting […]

Read More