The UAC-0184 hacking collective is back, once again setting its eyes on the Armed Forces of Ukraine. Adversaries attempt to gain access to the targeted computers to steal files and messaging data, according to the latest CERT-UA research. UAC-0184 Latest Attack Description Defenders have been observing a significant surge in the malicious activity of the […]
Threat Bounty Publications In March 2024, 40 threat detection rules were successfully published to SOC Prime’s Platform via the Threat Bounty Program after the review of our Content Team. Although we observe an overall improvement in the quality of submissions, there are also some typical misconceptions that can be recognized in the approaches to content […]
The state-sponsored russia-linked Gamaredon (aka Hive0051, UAC-0010, Armageddon APT) hacking collective comes to the spotlight launching a new wave of cyber attacks. Adversaries have been observed leveraging new iterations of Gamma malware, adopting DNS Fluxing to drop the malicious strains and leading to 1,000+ infections per day. The infection chain displays a novel, aggressive, multi-layered […]
Cybersecurity researchers have unveiled a novel sophisticated multi-stage attack, in which adversaries take advantage of the ScrubCrypt anti-malware evasion tool to drop VenomRAT along with multiple harmful plugins, including nefarious Remcos, XWorm, NanoCore RAT, and other malicious strains. Detect VenomRAT Deployed via ScrubCrypt With cyber-attacks proliferating and employing increasingly sophisticated intrusion methods, cyber defenders require […]
As it was announced earlier, SOC Prime introduced digital badge recognition for Threat Bounty members. As the first stage of the initiative, the badges were issued to Threat Bounty Program members who demonstrated outstanding results in the number of publications and whose Threat Bounty detection rules, categorized according to parameters mentioned further in this article, […]
Cybersecurity experts remain vigilant amidst an ongoing supply chain attack that has cast a shadow over the most widely-used Linux distributions. With its scale and sophistication reminiscent of infamous incidents like Log4j and SolarWinds, this new threat emanates from a backdoored XZ Utils (formerly LZMA Utils)—an essential data compression utility found in virtually all major […]
Security researchers warn of a critical privilege escalation vulnerability in multiple macOS versions that enables unauthorized users, including those with guest rights, to gain full root access to the affected instance. Detect CVE-2023-42931 Exploitation Attempts With an exponential rise in attack volumes and sophistication, the threat landscape of 2024 is assumed to be even more […]
Hackers employ diverse TTPs in a multi-stage software supply-chain campaign going after GitHub users, including members of the widely recognized Top.gg community, with over 170,000+ users falling prey to the offensive operations. Adversaries took advantage of a fake Python infrastructure, causing the full compromise of GitHub accounts, the publication of harmful Python packs, and the […]
As part of our ongoing commitment to cybersecurity excellence and community engagement, SOC Prime is thrilled to introduce the launch of a new digital badge initiative backed by Credly by Pearson. These badges honor the dedication and expertise of the Threat Bounty Program members who have been actively submitting detection algorithms to the Threat Detection […]
Hard on the heels of the DEEP#GOSU offensive campaign associated with the North Korean hacking collective Kimsuky APT, the group comes to the spotlight once again by shifting their adversary TTPs. Defenders have recently observed Kimsuky’s use of Microsoft Compiled HTML Help (CHM) files to spread malware and collect sensitive data from impacted instances. Detect […]