With a mounting number of cyber criminal operations pursuing the illicit installation of crypto mining software on victim devices and systems, increasing awareness of crypto-jacking is paramount. Earlier this Summer, US-CERT released a malware analysis report related to XMRig coin miner, detailing new approaches to hijacking victimsā devices and leveraging them for crypto mining. CISA […]
Brace yourself for the new ransomware threat! On July 6, 2022, the FBI, CISA, and the Department of Treasury issued a joint Cybersecurity Advisory (CSA) to warn about Maui ransomware actively leveraged by the North Korean APT group to target organizations in the U.S. healthcare and public health sectors. The attacks have been observed since […]
June ā22 Updates This June we introduced several significant updates related to SOC Primeās Threat Bounty Program to acknowledge the contribution of the Program members and smooth their experience with Sigma rules creation. Now, all SOC Prime users can access detailed information about Threat Bounty authorsā achievements on a dedicated page. Also, the beta version […]
SessionManager backdoor first surfaced around Spring 2021, targeting Microsoft IIS Servers. The malware samples were first investigated only in early 2022. The recently exposed backdoor has affected more than 20 governmental and non-governmental entities across Africa, South Asia, South America, the Middle East, and Europe. Security researchers speculate that some artifacts indicate that the attacks […]
Adversaries adopted yet another legitimate red-teaming simulation tool to evade detection. In replacement of Cobalt Strike and Metasploit’s Meterpreter comes Brute Ratel (aka BRc4) ā a red team and adversary simulation software released in late 2020 that does not assist in creating exploits, designed to operate undetected by security solutions. A single-user one-year license currently […]
LockBit group returns, introducing a new strain of their ransomware, LockBit 3.0. Adversaries dubbed their latest release LockBit Black, enhancing it with new extortion tactics and introducing an option to pay in Zcash, adding to existing Bitcoin and Monero crypto payment options. This time, LockBit hackers are making the headlines by kicking off the first […]
The notorious Raccoon Stealer, which was earlier distributed under the Malware-as-a-Service (MaaS) model, comes back to the cyber threat arena as a new version 2.0 enriched with more advanced capabilities. Raccoon Stealer malware was previously reported to have been replaced with Dridex Trojan by the RIG exploit kit as part of an ongoing campaign that […]
Researchers report new attacks with an upgraded remote access trojan (RAT) dubbed PingPull launched by Gallium hackers. The Gallium APT has been around since at least 2012 and bears the markings of what is likely a nation-state threat actor, believed to be backed by the Chinese government. Their latest activity is characterized by APTās strive […]
The operations of Evilnum hackers have been watched closely by security analysts since 2020, with the threat actorsā activity traced back as early as 2018. The APT group is predominantly associated with the attacks on the FinTech sector in Europe, often classified as a financially motivated group. Sources claimed that the most recent spear phishing […]
A stealthy fly-under-the-radar remote access trojan (RAT) dubbed ZuoRAT has been compromising a relatively easy target ā small office/home office (SOHO) routers. The malware has been in use since 2020, mainly affecting remote workers based in the U.S. and Western Europe with access to corporate networks. Researchers warn that the observed tactics, techniques and procedures […]