Tag: Threat Bounty Program

Novel Cheerscrypt Ransomware
Cheerscrypt Ransomware Detection: China-Backed Hackers, Emperor Dragonfly aka Bronze Starlight, Are Behind Ongoing Cyber Attacks

Cybersecurity researchers have recently uncovered novel Cheerscrypt Linux-based ransomware. The delivery of ransomware strains has been linked to the China-backed group Emperor Dragonfly also tracked as Bronze Starlight. The hacking collective was also spotted in earlier cyber attacks spreading encrypted Cobalt Strike beacons after gaining initial access to VMware Horizon servers and exploiting the infamous […]

Read More
NullMixer Dropper
NullMixer Malware Detection: Hackers Spread a Dropper Using SEO to Deploy Multiple Trojans at Once

Cybersecurity researchers have recently revealed a new wave of adversary campaigns leveraging a malware tool named NullMixer spread via malicious websites. The malware dropper is a lure masquerading as legitimate software, which further deploys a set of Trojans infecting the victim’s system. NullMixer hackers apply advanced SEO tactics to distribute the malware affecting popular search […]

Read More
CVE-2022-35405
CVE-2022-35405 Detection: CISA Warns of Adversaries Leveraging ManageEngine RCE Flaw

Shields up! On September 22, 2022, The Cybersecurity and Infrastructure Security Agency (CISA) released a directive urging all FCEB agencies to fix a flaw affecting Zoho ManageEngine products by mid-October. Indexed as CVE-2022-35405, the security issue is a critical Java deserialization flaw and is currently actively exploited in the wild. The flaw was documented in […]

Read More
New Shikitega Malware
Shikitega Malware Detection: Executes Multistage Infection Chain, Grants Full Control

A new stealthy Linux malware named Shikitega is on the prowl for its victims. Its operators set up highly evasive attacks, targeting Linux and IoT devices. The Shikitega malware analysis shows that adversaries have adopted a multi-stage infection chain, aiming to achieve full control of the compromised system, exploit vulnerabilities, establish persistence, and drop additional […]

Read More
New TeamTNT Attacks
TeamTNT Hijacking Servers: Criminal Gang Specializing in Attacking Cloud Environments is Back

Honeypot activity spotted by one of the cybersecurity vendors confirmed that the cryptojacking TeamTNT gang is back on the prowl. The threat actor was first detected in early 2020, targeting cloud environments. However, in late 2021 TeamTNT adversaries tweeted a farewell message, which seemed to be true since the past year’s attacks that were traced […]

Read More
Uber’s-Computer-Systems-Breached
Uber Breach 2022: Detect the Destructive Cyber-Attack Causing the Complete Organization’s System Takeover

On September 15, Uber officially confirmed an attack resulting in an organization-wide cybersecurity breach. According to the security investigation, the organization’s system was severely hacked, with attackers moving laterally to gain access to the company’s critical infrastructure. The cybersecurity incident was brought to the limelight after a young hacker, who claimed to have breached Uber’s […]

Read More
What Is Data Exfiltration? MITRE ATT&CK® Exfiltration Tactic | TA0010

The process of stealing data from a corporate system is also known as exfiltration. MITRE ATT&CK® has dedicated an entire tactic to illegal copying, downloading, and transferring of organizations’ internal data with significant levels of sensitivity. Data exfiltration examples can be quite obvious, like copying files to a thumb drive; and quite stealthy, like DNS […]

Read More
SOC Prime Threat Bounty — August 2022 Results

August ‘22 Publications In August, 151 Sigma rules submitted by Threat Bounty Program members passed the SOC Prime acceptance validation and were released on the SOC Prime Platform. Totally, 313 rules were declined during the review’s first iteration for different reasons, including content quality, the detection value of the suggested code, full of partial duplication […]

Read More
OriginLoggerRAT
OriginLogger Malware Detection: Researchers Shed Light on AgentTesla’s Successor

The malware called OriginLogger is advertised as a compelling RAT with a user-friendly web panel, smart logger, and a powerful keyboard hook. OriginLogger malware description also details the multiple language support feature. The malware strain is designed to run on Windows-based operating systems. The OriginLogger RAT was recommended as a substitution for another infamous keystroke […]

Read More
DangerousSavanna
DangerousSavanna Detection: Attacks Targeting Various Financial Orgs Revealed

Security analysts revealed a two-year-long spear-phishing campaign aimed at entities in the financial sector in French-speaking African countries – Morocco, Togo, Ivory Coast, Cameroon, and Senegal. The campaign is codenamed DangerousSavanna, and its operators are heavily relying on social engineering techniques for initial access, consequently employing customized malware such as AsyncRAT, PoshC2, and Metasploit. The […]

Read More