Tag: SOC Prime Platform

UAC-0198 Attack Detection: Adversaries Massively Distribute Phishing Emails Spreading ANONVNC (MESHAGENT) Malware to Target Ukrainian State Bodies
UAC-0198 Attack Detection: Adversaries Massively Distribute Phishing Emails Spreading ANONVNC (MESHAGENT) Malware to Target Ukrainian State Bodies

The increasing number of phishing attacks requires immediate attention from defenders, underscoring the need for increasing cybersecurity awareness and bolstering the organization’s cyber hygiene. Following the UAC-0102 attack targeting UKR.NET users, another hacking collective tracked as UAC-0198 leverages the phishing attack vector to target the Ukrainian state bodies and massively distribute ANONVNC (MESHAGENT) malware to […]

Read More
Actor240524 Attack Detection: Novel APT Group Targets Israeli and Azerbaijani Diplomats Using ABCloader and ABCsync Malware
Actor240524 Attack Detection: Novel APT Group Targets Israeli and Azerbaijani Diplomats Using ABCloader and ABCsync Malware

Defenders have discovered a novel APT group dubbed Actor240524, which applies an advanced adversary toolkit to evade detection and gain persistence. At the turn of July 2024, adversaries performed a spear-phishing campaign against diplomats from Azerbaijan and Israel. Attackers leveraged a malicious Word document featuring content in Azerbaijani and masquerading as official documentation designed to […]

Read More
BlackSuit (Royal) Ransomware Detection: The FBI and CISA Warn Defenders of Ransomware Rebranding with Enhanced Capabilities
BlackSuit (Royal) Ransomware Detection: The FBI and CISA Warn Defenders of Ransomware Rebranding with Enhanced Capabilities

The ever-growing volumes of ransomware attacks, the increased number of financially motivated hacking collectives, and soaring global ransomware damage costs are shaking up the modern cyber threat arena. The FBI and CISA have recently issued a novel alert notifying defenders of the emergence of the BlackSuit ransomware, the evolution of Royal ransomware enriched with enhanced […]

Read More
Fighting Ursa (aka APT28) Attack Detection: Adversaries Target Diplomats Using a Car for Sale as a Phishing Lure to Spread HeadLace Malware
Fighting Ursa (aka APT28) Attack Detection: Adversaries Target Diplomats Using a Car for Sale as a Phishing Lure to Spread HeadLace Malware

The nefarious russian state-sponsored APT28 hacking collective, also known as Fighting Ursa, is coming into the spotlight. Since early spring 2024, adversaries have been targeting diplomats in a long-term offensive campaign, leveraging a car for sale as a phishing lure to distribute HeadLace malware. Detect Fighting Ursa aka APT28 Attacks Spreading HeadLace Malware The continuously […]

Read More
CVE-2024-37085 Detection: Ransomware Groups Actively Exploit a Newly Patched Vulnerability in VMware ESXi Hypervisors to Gain Full Administrative Privileges
CVE-2024-37085 Detection: Ransomware Groups Actively Exploit a Newly Patched Vulnerability in VMware ESXi Hypervisors to Gain Full Administrative Privileges

A couple of weeks after the disclosure of CVE-2024-38112, a critical vulnerability exploited by the Void Banshee group to deploy the Atlantida stealer, another security flaw came into the spotlight. Multiple ransomware groups have weaponized a recently patched vulnerability in VMware ESXi hypervisors tracked as CVE-2024-37085 to gain elevated privileges and distribute file-encrypting malicious samples. […]

Read More
Andariel Attack Detection: FBA, CISA, and Partners Warn of an Increasing Global Cyber-Espionage Campaign Linked to the North Korean State-Sponsored Group
Andariel Attack Detection: FBA, CISA, and Partners Warn of an Increasing Global Cyber-Espionage Campaign Linked to the North Korean State-Sponsored Group

The FBI, CISA, and leading cybersecurity authorities have issued a warning over growing North Korean cyber-espionage operations linked to the nation-backed hacking group tracked as Andariel. The group’s cyber-espionage activity involves the collection of critical data and intellectual property, thereby advancing the regime’s military and nuclear objectives and aspirations. Detecting Andariel Attacks Described in CISA […]

Read More
Akira Ransomware Group Is on the Rise: Hackers Target the Airline Industry in LATAM
Akira Ransomware Group Is on the Rise: Hackers Target the Airline Industry in LATAM

Cybersecurity researchers have recently observed a new cyber attack on a Latin American airline leveraging Akira ransomware. The attackers took advantage of SSH protocol for initial access and maintained reconnaissance and persistence by utilizing legitimate tools and Living off-the-Land Binaries and Scripts (LOLBAS). Notably, before deploying ransomware, hackers managed to successfully exfiltrate critical data.  Detecting […]

Read More
UAC-0102 Phishing Attack Detection: Hackers Steal Authentication Data Impersonating the UKR.NET Web Service
UAC-0102 Phishing Attack Detection: Hackers Steal Authentication Data Impersonating the UKR.NET Web Service

Leveraging public email services along with corporate email accounts is a common practice among government employees, military personnel, and the staff of other Ukrainian enterprises and organizations. However, adversaries might abuse these services to launch phishing attacks. Defenders have recently uncovered a new offensive activity aimed at stealing user authentication data by luring victims into […]

Read More
UAC-0057 Attack Detection: A Surge in Adversary Activity Distributing PICASSOLOADER and Cobalt Strike Beacon
UAC-0057 Attack Detection: A Surge in Adversary Activity Distributing PICASSOLOADER and Cobalt Strike Beacon

Defenders have observed a sudden surge in the adversary activity of the UAC-0057 hacking group targeting Ukrainian local government agencies. Attackers distribute malicious files containing macros aimed at launching PICASSOLOADER on the targeted computers, which leads to the delivery of Cobalt Strike Beacon.  Detect UAC-0057 Activity Covered in the CERT-UA#10340 Alert Since the full-scale war […]

Read More
UAC-0063 Attack Detection: Hackers Target Ukrainian Research Institutions Using HATVIBE, CHERRYSPY, and CVE-2024-23692 
UAC-0063 Attack Detection: Hackers Target Ukrainian Research Institutions Using HATVIBE, CHERRYSPY, and CVE-2024-23692 

Since the outbreak of the full-scale war in Ukraine, cyber defenders have identified the growing volumes of cyber-espionage campaigns aimed at collecting intelligence from the Ukrainian state bodies. Further, the same tactics, techniques, and procedures are applied to target broader geography, including North America, Europe, and Asia. Precisely, in May 2023, the UAC-0063 group launched […]

Read More