Threat actors are constantly enriching their offensive toolkits while experimenting with new sophisticated malware variants to expand the scope of attacks. Cyber defenders have observed a new Mirai botnet variant called V3G4 come into the spotlight in the cyber threat landscape. The novel malware variant has been leveraged in multiple adversary campaigns threatening targeted users […]
Stay alert! Threat actors once again set eyes on Microsoft Windows Exchange servers, attempting to compromise them by exploiting infamous ProxyShell vulnerabilities. Cybersecurity researchers have observed a new evasive malicious campaign dubbed “ProxyShellMiner” that exploits two Microsoft Exchange ProxyShell flaws tracked as CVE-2021-34473 and CVE-2021-34523 to deliver cryptocurrency miners. Detect ProxyShellMiner Attacks Exploiting Microsoft Exchange […]
Agents of S.H.I.E.L.D.: How SOC Prime Helps Ukraine Thwart Aggressor’s Cyber Attacks This article is based on the interview conducted by our partner AIN.UA and covered in the corresponding article. In this write-up within a series covering SOC Prime’s Business Continuity Plan (BCP), SOC Prime’s Founder, CEO, and Chairman, Andrii Bezverkhyi, shares insights about the […]
Threat Bounty Publications The first month of 2023 has brought invaluable contributions from our Threat Bounty members to the global cyber community. The SOC Prime team received 626 rules for examination and review submitted by our detection content experts. As a result, 144 rules successfully passed the verification and were published to the SOC Prime […]
Hot on the heels of the massive email distribution in the recent malicious campaign targeting Ukrainian state bodies and leveraging Remcos (Remote Control and Surveillance) Trojan, threat actors exploit another remote administration software dubbed Remote Utilities to hit Ukrainian organizations. CERT-UA warns the global cyber defender community of ongoing phishing attacks attributed to the UAC-0096 […]
Building Team Resilience and Fortitude While Facing the Challenges of Wartime: Insights from a Shared Experience In this second part of the interview with SOC Prime’s Director of People and Culture, Marina Aksyonova, we’ll gain insights into how the company supports its people and helps the team adapt to current challenges and how the business […]
Remcos Trojan (Remote Control and Surveillance) is frequently delivered by threat actors leveraging phishing attack vectors. The malware currently reemerges in the cyber threat arena to target Ukrainian government entities. On February 6, 2023, cybersecurity researchers released a new CERT-UA#5926 alert detailing the mass email distribution impersonating the Ukrtelecom JSC aimed to spread Remcos malware […]
Since the outbreak of the global cyber war, state bodies of Ukraine and its allies have become targets of diverse malicious campaigns launched by multiple hacking collectives. Threat actors frequently leverage phishing attack vectors to perform their adversary campaigns, like in December 2022’s cyber attacks distributing DolphinCape and FateGrab/StealDeal malware. On February 1, 2023, CERT-UA […]
SOC Prime’s International Team: Bridging the Gap Between Time Zones and Languages With a Common Flair for Cybersecurity, Innovation, and Resilience At the turn of 2023, we launched a series of articles covering SOC Prime’s Business Continuity Plan (BCP) to share insights on how the company accelerates business growth no matter the hurdles in the […]
The russia-linked Sandworm APT group (aka UAC-0082) has been continuously targeting Ukrainian public systems and critical infrastructure for at least a decade. This group is responsible for massive blackouts throughout the country in 2015-2016 caused by the infamous BlackEnergy malware. That was followed by the NotPetya campaign in 2017, which eventually ended up creating a […]