The infamous North Korean state-sponsored hacking group Kimsuky APT has been spotted leveraging a newly discovered Golang-based information stealer tracked as Troll Stealer along with GoBear malware strains in recent attacks against South Korea. The novel malware is capable of stealing user data, network-related data, system information, and other types of data from compromised systems. […]
MITRE ATT&CK acts as a periodic table to categorize and track the methods employed by attackers and enables defenders to profile, identify, and compare threat actors and prioritize threat detection goals. Leveraging ATT&CK, cyber defenders are equipped with a single framework they can rely on to retrospectively document common techniques employed in cyber attacks. SOC […]
Cybersecurity researchers recently unveiled a new variant of a stealthy info-stealing malware known as Mispadu Stealer. Adversaries behind the latest attacks against Mexican users leveraging Mispadu banking Trojan have been observed exploiting a recently fixed Windows SmartScreen vulnerability tracked as CVE-2023-36025. Detect Mispadu Stealer With dozens of new malware samples emerging in the cyber domain […]
In January 2023, SOC Prime launched The Prime Hunt, an open-source browser add-on acting as a single platform-agnostic UI for threat hunters, regardless of a security solution in use. For over one year since The Prime Hunt launch, we have been working on the tool enhancements, broadening the supported technology stack and adding handy features […]
In addition to the rising frequency of cyber attacks by the infamous UAC-0050 group targeting Ukraine, other hacking collectives are actively trying to infiltrate the systems and networks of Ukrainian organizations. At the turn of February 2024, defenders identified over 2,000 computers infected with DIRTYMOE (PURPLEFOX) malware as a result of a massive cyber attack […]
Hot on the heels of the critical CVE-2024-0204 vulnerability disclosure in Fortraās GoAnywhere MFT software, another critical flaw arrests the attention of cyber defenders. Recently, Jenkins developers have addressed nine security bugs affecting the open-source automation server, including a critical vulnerability tracked as CVE-2024-23897 that can lead to RCE upon its successful exploitation. With PoCs […]
Advancing Our Shared Understanding of Adversary TTPs and Empowering Defenders Boston, MAāSOC Prime, provider of the worldās largest and most advanced platform for collective cyber defense, today announced it has become the MITRE ATT&CKĀ® Benefactor, supporting the evolution of the ATT&CK framework to empower research into emerging threats and promote knowledge sharing on a global […]
Another day, another critical vulnerability on the radar. This time, itās a critical authentication bypass (CVE-2024-0204) affecting Fortraās GoAnywhere MFT software, which is largely used by enterprises globally for secure file transfer purposes. Hot on the heels of the nefarious flaw in Atlassianās Confluence Server and Data Center, CVE-2024-0204 might be promptly added to the […]
Just slightly over a week after the UAC-0050 groupās attack against Ukraine leveraging Remcos RAT, Quasar RAT, and Remote Utilities, adversaries reemerge in the cyber threat arena. CERT-UA has recently notified defenders of the ongoing groupās campaign involving mass email distribution and masquerading the senders as State Service of Special Communications and Information Protection of […]
At the end of 2023, the nefarious UAC-0050 group loomed in the cyber threat arena, targeting Ukraine using Remcos RAT, a common malware from the groupās offensive toolkit. In the first decade of January 2024, UAC-0050 reemerges to strike again, exploiting Remcos RAT, Quasar RAT, and Remote Utilities. UAC-0050 Offensive Activity Overview Based on the […]