Experts warn about an unusual approach to infect targets with BazarLoader — a notorious strain frequently used to deliver ransomware. The hacker collective, dubbed BazarCall, abuses call center functionality to trick victims into downloading the malicious payload. The campaign has been active since at least February 2021, continuously adding new tricks to increase its notoriety. […]
Despite being a relatively new player in the cyber threat arena, LockiBit ransomware quickly earned the fame of a prolific and dangerous malware strain. During 2020-2021, LockBit was consistently included in the list of the most active and notorious malicious samples. To achieve this, LockBit maintainers leverage Ransomware-as-a-Service (RaaS) model to involve more affiliates and […]
REvil gang may stand behind the brand-new malware variant that explicitly attacks enterprise Microsoft Exchange servers to penetrate corporate networks. The new threat relies on a batch of PowerShell scripts weaponized to exploit known vulnerabilities for final payload delivery. Currently, researchers confirmed at least one successful attack ended up in a 4.29BTC ($210,000) ransom payment. […]
Microsoft experts have revealed a significant shift in a spear-phishing campaign launched by Russia-affiliated NOBELIUM APT against major government agencies, think tanks, and NGOs globally. According to researchers, the hacker collective attacked more than 150 organizations across 24 countries with the intent to infect victims with malware and gain covert access to the internal networks. […]
Microsoft has recently fixed a highly critical bug (CVE-2021-31166), which enables remote code execution with kernel rights on the machines running Windows 10 and Windows Server. The vendor warns that this flaw is wormable and could self-propagate across multiple servers inside the organizational network to cause maximum harm. The Proof of Concept (PoC) exploit has […]
SOC Prime is excited to announce our participation in the Seventh EU MITRE ATT&CK® Community Workshop taking place online on June 1-2, 2021. This workshop is supported by CERT-EU, CIRCL, and the MITRE Engenuity Center for Threat-Informed Defense to boost the experience exchange among security professionals interested in the use of the MITRE ATT&CK Framework […]
Catch the latest newscast about the SOC Prime Developers community! Today we want to introduce Michel de Crevoisier, a prolific developer contributing to our Threat Bounty Program since November 2020. Michel is an active content creator, concentrating his efforts on Sigma rules. You can refer to Michel’s detections of the highest quality and value in […]
DarkSide ransomware, a relatively novel player in the cyber threat arena, continues to gather news headlines for successful attacks against world-leading vendors. The list of the recent intrusions includes the chemical distribution company Brenntag, which paid adversaries $4.4 million ransom, and Colonial Pipeline, a company providing fuel supply for the US East Coast. DarkSide Ransomware […]
A new version of SystemBC malware is increasingly leveraged by ransomware maintainers to pave their way into the targeted environments. Security experts indicate that top ransomware-as-a-service (RaaS) collectives, including DarkSide, Ryuk, and Cuba, leverage SystemBC as a persistent backdoor able to maintain access to the attacked instances and perform a variety of notorious activities. What […]
Security researchers from Kaspersky Lab have uncovered a previously unknown Windows rootkit stealthily leveraged by a China-affiliated APT actor for years to install backdoors on the infected instances. Dubbed Moriya, the rootkit provides attackers with the ability to capture network traffic and covertly execute commands on the compromised devices while flying under the radar of […]