June ‘22 Updates This June we introduced several significant updates related to SOC Prime’s Threat Bounty Program to acknowledge the contribution of the Program members and smooth their experience with Sigma rules creation. Now, all SOC Prime users can access detailed information about Threat Bounty authors’ achievements on a dedicated page. Also, the beta version […]
SessionManager backdoor first surfaced around Spring 2021, targeting Microsoft IIS Servers. The malware samples were first investigated only in early 2022. The recently exposed backdoor has affected more than 20 governmental and non-governmental entities across Africa, South Asia, South America, the Middle East, and Europe. Security researchers speculate that some artifacts indicate that the attacks […]
Adversaries adopted yet another legitimate red-teaming simulation tool to evade detection. In replacement of Cobalt Strike and Metasploit’s Meterpreter comes Brute Ratel (aka BRc4) – a red team and adversary simulation software released in late 2020 that does not assist in creating exploits, designed to operate undetected by security solutions. A single-user one-year license currently […]
LockBit group returns, introducing a new strain of their ransomware, LockBit 3.0. Adversaries dubbed their latest release LockBit Black, enhancing it with new extortion tactics and introducing an option to pay in Zcash, adding to existing Bitcoin and Monero crypto payment options. This time, LockBit hackers are making the headlines by kicking off the first […]
The notorious Raccoon Stealer, which was earlier distributed under the Malware-as-a-Service (MaaS) model, comes back to the cyber threat arena as a new version 2.0 enriched with more advanced capabilities. Raccoon Stealer malware was previously reported to have been replaced with Dridex Trojan by the RIG exploit kit as part of an ongoing campaign that […]
Researchers report new attacks with an upgraded remote access trojan (RAT) dubbed PingPull launched by Gallium hackers. The Gallium APT has been around since at least 2012 and bears the markings of what is likely a nation-state threat actor, believed to be backed by the Chinese government. Their latest activity is characterized by APT’s strive […]
The operations of Evilnum hackers have been watched closely by security analysts since 2020, with the threat actors’ activity traced back as early as 2018. The APT group is predominantly associated with the attacks on the FinTech sector in Europe, often classified as a financially motivated group. Sources claimed that the most recent spear phishing […]
A stealthy fly-under-the-radar remote access trojan (RAT) dubbed ZuoRAT has been compromising a relatively easy target – small office/home office (SOHO) routers. The malware has been in use since 2020, mainly affecting remote workers based in the U.S. and Western Europe with access to corporate networks. Researchers warn that the observed tactics, techniques and procedures […]
Meet a novel player in the cyber threat arena! Starting from late 2020 security experts are tracking a new APT collective, dubbed ToddyCat, which was spotted targeting Microsoft Exchange servers in Europe and Asia to deploy custom malware samples. Among the malicious strains distributed by the ToddyCat are previously unknown Samurai backdoor and Ninja Trojan […]
ShadowPad is a modular backdoor highly popular among China-located threat actors, including such clusters of espionage activity as BRONZE UNIVERSITY, BRONZE RIVERSIDE, BRONZE STARLIGHT, and BRONZE ATLAS. The malware is used to download further malicious payloads, opening the way to wider exploitation potential. According to the research data, the malware traces its roots back to […]