New CloudMensis malware springs into action with highly targeted attacks. Researchers have yet to establish the techniques attackers used to gain initial access to victims’ devices; however, the small number of documented attacks happened since February indicate that the CloudMensis malware was deployed to exfiltrate information as part of a targeted campaign aimed at a […]
Due to the global cyber war fueled by Russia’s full-scale invasion of Ukraine, the attacks in the cyber domain against Ukrainian government entities are continuously on the rise. A week after the phishing campaign by the UAC-0056 group delivering Cobalt Strike Beacon, another cyber-attack targeting Ukrainian officials using information-stealing malware comes on the scene. On […]
According to the latest SOC Prime’s Detection as Code Innovation report, proactive detection of vulnerability exploitation remains one of the top 3 security use cases throughout 2021-2022, which resonates with a growing number of revealed vulnerabilities affecting open-source products. The cybersecurity researcher has recently revealed a new vulnerability in Apache Spark, an open-source unified analytics […]
On July 6, 2022, SOC Prime introduced a Smoking Guns Sigma Rules list enabling the organization of any scale to proactively detect cyber-attacks, perform Threat Hunting for the latest adversarial TTPs, and get a tactical defense advantage for their business during the global cyber war. SOC Prime’s Detection as Code platform users are now equipped […]
With a mounting number of cyber criminal operations pursuing the illicit installation of crypto mining software on victim devices and systems, increasing awareness of crypto-jacking is paramount. Earlier this Summer, US-CERT released a malware analysis report related to XMRig coin miner, detailing new approaches to hijacking victims’ devices and leveraging them for crypto mining. CISA […]
Brace yourself for the new ransomware threat! On July 6, 2022, the FBI, CISA, and the Department of Treasury issued a joint Cybersecurity Advisory (CSA) to warn about Maui ransomware actively leveraged by the North Korean APT group to target organizations in the U.S. healthcare and public health sectors. The attacks have been observed since […]
Automatically Pull Queries Tailored to Custom Data Schemas Directly Into Snowflake Environment At SOC Prime, we are committed to delivering Detection-as-Code operations embracing an innovation-driven approach to cybersecurity. In response to a rising trend across global organizations to transition to the cloud, SOC Prime’s Detection as Code platform continuously broadens the support for next-gen cloud-based […]
Hot on the heels of the cyber-attack on July 5 targeting Ukrainian state bodies and attributed to the notorious UAC-0056 hacking collective, yet another malicious campaign launched by this group causes a stir in the cyber domain. On July 11, 2022, cybersecurity researchers at CERT-UA warned the global community of an ongoing phishing attack leveraging […]
Adversaries adopted yet another legitimate red-teaming simulation tool to evade detection. In replacement of Cobalt Strike and Metasploit’s Meterpreter comes Brute Ratel (aka BRc4) – a red team and adversary simulation software released in late 2020 that does not assist in creating exploits, designed to operate undetected by security solutions. A single-user one-year license currently […]
MedusaLocker ransomware first surfaced in September 2019 and has been impacting a wide range of industries and organizations, primarily in healthcare, ever since. Assuming how adversaries divide the ransom money, MedusaLocker appears to be run as a RaaS. Sources claimed that payments for ransomware seem to be divided between the affiliate and the developer, with […]