Tag: Threat Detection Marketplace

Gwisin Ransomware Detection
Gwisin Detection: Threat Actors Spread Gwisin Ransomware Targeting Korean Companies

Gwisin ransomware targeting Korean companies in multiple industries is currently on the increase in the cyber threat arena. Attributed to the Korean-speaking threat actors, Gwisin ransomware is leveraged in targeted attacks at specific organizations rather than random individuals and does not perform malicious behaviors on its own, which makes its detection harder. The ransomware is […]

Read More
cyber network visualization
Threat Hunting Training, Certification, and Online Learning

How to become a Threat Hunter? This question is extremely popular in the cybersecurity community. The next important question is how to advance your Threat Hunting career. In both cases, obtaining professional certifications is the best answer. Whether you’re a beginner or an accomplished specialist, continuous learning is what helps you become the best version […]

Read More
KNOTWEED Activity Detection: CVE-2022-22047 Vulnerability and Multiple Windows & Adobe Zero-Day Exploitation by the European Private-Sector Offensive Actor (PSOA)

On July 27, 2022, Microsoft cybersecurity researchers published a notice observing the recently revealed malicious activity of the European private-sector offensive actor (PSOA) tracked as KNOTWEED, which leverages a set of Windows and Adobe zero-day exploits, including the newly patched CVE-2022-22047 vulnerability. According to the research, threat actors launch targeted cyber-attacks against organizations in Europe […]

Read More
Armageddon APT aka UAC-0010 Resurfaces
Armageddon Threat Actors aka UAC-0010 Spread GammaLoad.PS1_v2 Malware in Yet Another Phishing Attack on Ukraine

In spring 2022, the notorious Russian nation-backed cyber espionage group Armageddon, also tracked as UAC-0010, launched a series of targeted phishing cyber-attacks against Ukrainian and European state bodies. On July 26, 2022, CERT-UA issued a series of new cybersecurity alerts warning the global cyber defender community of a wave of novel phishing campaigns by these […]

Read More
Formbook and Snake Keylogger Infostealers
Formbook and Snake Keylogger Information Stealers Massively Distributed Via Email Using RelicRace and RelicSource Malware

Information stealing attacks that leverage the phishing email attack vector against Ukrainian organizations are currently on the rise, such as the malicious campaign less than one week ago spreading AgentTesla spyware and targeting Ukrainian state bodies. On July 25, 2022, CERT-UA released a new heads-up warning the global cyber defender community of an ongoing email […]

Read More
Spyware Vendor Candiru
Spyware Group Candiru: Targets Journalists in the Middle East With DevilsTongue Malware

Spyware dubbed DevilsTongue is causing a fair share of trouble for journalists and free speech advocates in the Middle East, especially those Lebanon-based. Adversaries exploit a Chrome zero-day assigned CVE-2022-2294 that Google patched earlier this month to achieve shellcode execution, elevate privileges, and gain file-system permissions on the breached device’s memory. Researchers discovered that the […]

Read More
Detection as Code
Detection as Code Benefits: On Embracing The Future of Cyber Defense to Fuel Your Next-Gen SOC

Over the course of the past decade, we have field-tested the argument that manual threat detection processes can no longer keep up with the current security demands. It has already been adamantly established that an era of Everything as Code (EaC) is a new reality, and security teams seeking innovation are putting its novel approaches […]

Read More
QBot Malware
QakBot Detection: New Trojan Variant Picked Up New Tricks

Security experts have revealed a new variant of an information stealer and banking trojan known under the moniker QBot (aka QakBot, QuackBot, or Pinkslipbot). The trojan was first detected in the late 2000s, mostly used in financially motivated attacks aimed at stealing victims’ passwords. Its operators regularly resurface with new tricks up their sleeves, adopting […]

Read More
The 8220 Cryptomining Group
8220 Gang Crimeware Group: Infects Cloud Hosts and Operates a Botnet and PwnRig Cryptocurrency Miner

8220 Gang, aka 8220 Mining Group, has ramped up activity in the last year, growing the cloud botnet of infected hosts from 2,000 in mid-2021 to 30,000 and counting as of now. In their previous attacks, the threat group focused on leveraging existing vulnerabilities and launching brute-force attacks to compromise cloud servers and drop cryptocurrency […]

Read More
CloudMensis macOS Spyware
CloudMensis Detection: New Malware to Steal macOS Users’ Data

New CloudMensis malware springs into action with highly targeted attacks. Researchers have yet to establish the techniques attackers used to gain initial access to victims’ devices; however, the small number of documented attacks happened since February indicate that the CloudMensis malware was deployed to exfiltrate information as part of a targeted campaign aimed at a […]

Read More