On February 23, 2022, prior to Russia’s offensive invasion of Ukraine, a new surge of digital threats hit Ukraine just a short period after an avalanche of cyber-attacks involving data-wiping WhisperGate and HermeticWiper malware strains targeted at Ukrainian entities. Microsoft Security Intelligence Center discovered a series of attacks leveraging a novel FoxBlade malware targeting multiple […]
On January 13, 2022, a devastating cyber-attack hit Ukraine, taking down online assets of the country’s government, in which attackers took advantage of a new data-wiping malware known as WhisperGate. Hard on the heels of this impactful incident, on February 23, cybersecurity analysts revealed another destructive malware targeting Ukrainian organizations dubbed HermeticWiper. This newly discovered […]
On February 23, 2022, CISA launched an alert stating that the UK National Cyber Security Centre (NCSC), the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) have detected the use of a novel malicious strain known as Cyclops Blink. As a replacement of the […]
The Federal Bureau of Investigation (FBI) and the U.S. Secret Service (USSS) released a joint cybersecurity advisory in regards to the activities of the BlackByte Ransomware-as-a-Service (RaaS) gang. BlackByte ransomware has been used against the businesses located in the USA as the primary targets. The greatest costs fall heavily on the critical infrastructure sectors such […]
One of the most notorious exploits of 2021 made its loud entrance in the cybersecurity world in December, and now Log4Shell is back on the radar: Iran-linked TunnelVision APT did not let it rest in peace, striking with profiteering from VMware Horizon Log4j vulnerabilities, along with large-scale exploitation of Fortinet FortiOS (CVE-2018-13379) and Microsoft Exchange […]
Our Threat Bounty community keeps growing and attracting more and more distinguished specialists in detection content development. This time, we want to introduce to you Furkan Celik – a senior security analyst in banking and one of our active contributors. Furkan has been with us since December 2019. He wrote precise detections that help to […]
January ‘22 Results In January 2022, Threat Bounty content authors successfully submitted 178 unique detections to the SOC Prime Platform. 179 rules failed the verification by SOC Prime Team and couldn’t have been improved to match our content quality requirements. Also, a significant number of rules went through several iterations of SOC Prime Team review […]
On February 15, 2022, Proofpoint researchers warned about the TA2541 hacker group. A criminal cluster dubbed TA2541 has been active since 2017 (yet, managing to stay rather low-key) and is reported to consistently spread remote access trojans (RATs), enabling adversaries to obtain sensitive data from the breached networks and devices, or even get control of […]
Adversaries always look for new tricks to maximize the success of their malicious operations. This time cyber crooks are taking advantage of the recent announcement of Windows 11’s broad deployment phase to target users with malware-laced upgrade installers. In case downloaded and executed, unsuspecting victims got their systems infected with RedLine information stealer. What Is […]
You can’t teach an old dog new tricks. Yet, cybercriminals ignore common stereotypes, updating QBot with new nefarious tricks to attack victims globally. This malware “veteran” emerged back in 2007, yet security researchers observe QBot being constantly updated to ride the wave of malicious trends. For instance, security researchers observe QBot maintainers increasingly abusing the […]