LockBit group returns, introducing a new strain of their ransomware, LockBit 3.0. Adversaries dubbed their latest release LockBit Black, enhancing it with new extortion tactics and introducing an option to pay in Zcash, adding to existing Bitcoin and Monero crypto payment options. This time, LockBit hackers are making the headlines by kicking off the first […]
The notorious Raccoon Stealer, which was earlier distributed under the Malware-as-a-Service (MaaS) model, comes back to the cyber threat arena as a new version 2.0 enriched with more advanced capabilities. Raccoon Stealer malware was previously reported to have been replaced with Dridex Trojan by the RIG exploit kit as part of an ongoing campaign that […]
Researchers report new attacks with an upgraded remote access trojan (RAT) dubbed PingPull launched by Gallium hackers. The Gallium APT has been around since at least 2012 and bears the markings of what is likely a nation-state threat actor, believed to be backed by the Chinese government. Their latest activity is characterized by APT’s strive […]
Zoho’s ManageEngine operates cost-effective network management frameworks leveraged by over 40,000 enterprises worldwide. Due to the software popularity and its wide use across the globe, cyber threats detected in Zoho’s products could have a severe impact on thousands of compromised businesses, which earlier happened with the critical zero-day vulnerability in ManageEngine Desktop Central products. On […]
Instantly Explore the Executable Binary References Linked to Sigma Rules for More Insightful Contextual Information SOC Prime has recently released integration for its cyber threats search engine with EchoTrail.io database. Now, SOC Prime users can streamline threat investigation with the comprehensive information about executable binaries (filenames or hashes) launched on Windows, accessible right from our […]
Meet a novel player in the cyber threat arena! Starting from late 2020 security experts are tracking a new APT collective, dubbed ToddyCat, which was spotted targeting Microsoft Exchange servers in Europe and Asia to deploy custom malware samples. Among the malicious strains distributed by the ToddyCat are previously unknown Samurai backdoor and Ninja Trojan […]
To enhance global collaborative cyber defense by enabling Detection as Code practices, SOC Prime continuously broadens the support for open-source cybersecurity solutions. We are thrilled to announce a new integration with OpenCTI, an open-source modular Cyber Threat Intelligence platform that aggregates and visualizes information on cyber threats. Through contribution to this CTI platform, SOC Prime […]
ShadowPad is a modular backdoor highly popular among China-located threat actors, including such clusters of espionage activity as BRONZE UNIVERSITY, BRONZE RIVERSIDE, BRONZE STARLIGHT, and BRONZE ATLAS. The malware is used to download further malicious payloads, opening the way to wider exploitation potential. According to the research data, the malware traces its roots back to […]
A notorious Chinese APT group known under the moniker “DriftingCloud” targets a cybersecurity firm Sophos. Namely, the threat actor is believed to be behind the active exploitation of a security hole in Sophos firewall. The flaw, tracked as CVE-2022-1040, scores 9.8 in severity and has been affecting Sophos Firewall versions 18.5 MR3 and older since […]
Brace yourself for a new PetitPotam-like NTLM relay attack enabling complete Windows domain takeover via Microsoft’s Distributed File System (MS-DFSNM) abuse. The new attack method, dubbed DFSCoerce, allows adversaries to coerce Windows servers into authentication with a relay under hackers’ control. Domain Controllers (DC) are also vulnerable, which poses a significant risk of the entire […]