Microsoft experts have revealed a significant shift in a spear-phishing campaign launched by Russia-affiliated NOBELIUM APT against major government agencies, think tanks, and NGOs globally. According to researchers, the hacker collective attacked more than 150 organizations across 24 countries with the intent to infect victims with malware and gain covert access to the internal networks. […]
Microsoft has recently fixed a highly critical bug (CVE-2021-31166), which enables remote code execution with kernel rights on the machines running Windows 10 and Windows Server. The vendor warns that this flaw is wormable and could self-propagate across multiple servers inside the organizational network to cause maximum harm. The Proof of Concept (PoC) exploit has […]
SOC Prime is excited to announce our participation in the Seventh EU MITRE ATT&CK® Community Workshop taking place online on June 1-2, 2021. This workshop is supported by CERT-EU, CIRCL, and the MITRE Engenuity Center for Threat-Informed Defense to boost the experience exchange among security professionals interested in the use of the MITRE ATT&CK Framework […]
Catch the latest newscast about the SOC Prime Developers community! Today we want to introduce Michel de Crevoisier, a prolific developer contributing to our Threat Bounty Program since November 2020. Michel is an active content creator, concentrating his efforts on Sigma rules. You can refer to Michel’s detections of the highest quality and value in […]
DarkSide ransomware, a relatively novel player in the cyber threat arena, continues to gather news headlines for successful attacks against world-leading vendors. The list of the recent intrusions includes the chemical distribution company Brenntag, which paid adversaries $4.4 million ransom, and Colonial Pipeline, a company providing fuel supply for the US East Coast. DarkSide Ransomware […]
A new version of SystemBC malware is increasingly leveraged by ransomware maintainers to pave their way into the targeted environments. Security experts indicate that top ransomware-as-a-service (RaaS) collectives, including DarkSide, Ryuk, and Cuba, leverage SystemBC as a persistent backdoor able to maintain access to the attacked instances and perform a variety of notorious activities. What […]
Security researchers from Kaspersky Lab have uncovered a previously unknown Windows rootkit stealthily leveraged by a China-affiliated APT actor for years to install backdoors on the infected instances. Dubbed Moriya, the rootkit provides attackers with the ability to capture network traffic and covertly execute commands on the compromised devices while flying under the radar of […]
On April 20, 2021, US-CERT issued an alert warning about an ongoing malicious campaign abusing vulnerable Pulse Connect Secure products to attack organizations across the US. The campaign broke forth in June 2020 and involved multiple security incidents affecting government agencies, critical infrastructure assets, and private sector organizations. Threat actors rely on a set of […]
Check Point Research’s Global Threat Index for March 2021 reveals that IcedID banking Trojan operators are entering the big game. Last month IcedID was included in the Index for the first time, at once taking second place right after the infamous Dridex. A surge in infections and notoriety is explained by the innovative delivery methods […]
Security researchers from FortiGuard Labs have uncovered a new FormBook variant being delivered in a massive phishing campaign. Particularly, adversaries target users with malware-laced Microsoft PowerPoint documents disguised as a follow-up to the recent purchase order. Those who fell for the bait of scammers got their devices infected with a notorious data-stealing malware. New FormBook […]