Tag: Threat Detection Marketplace

Gamaredon Attack Detection: Cyber-Espionage Operations Against Ukraine by the russia-linked APT 
Gamaredon Attack Detection: Cyber-Espionage Operations Against Ukraine by the russia-linked APT 

The nefarious state-sponsored russia-aligned Gamaredon (aka Hive0051, UAC-0010, or Armageddon APT) has been launching a series of cyber-espionage campaigns against Ukraine since 2014, with cyber attacks intensifying since russia’s full-scale invasion of Ukraine on February 24, 2022.  ESET recently published an in-depth technical analysis, providing insights into Gamaredon’s cyber-espionage operations against Ukraine throughout 2022 and […]

Read More
Earth Baxia Attack Detection: China-Backed Hackers Use Spear-Phishing, Exploit the GeoServer Vulnerability (CVE-2024-36401), and Apply a New EAGLEDOOR Malware to Target APAC
Earth Baxia Attack Detection: China-Backed Hackers Use Spear-Phishing, Exploit the GeoServer Vulnerability (CVE-2024-36401), and Apply a New EAGLEDOOR Malware to Target APAC

In the first quarter of 2024, state-sponsored APT groups from regions such as China, North Korea, Iran, and russia demonstrated notably sophisticated and innovative adversary methods, creating significant challenges for the global cybersecurity landscape. Recently, a China-linked APT group known as Earth Baxia has targeted a state agency in Taiwan and potentially other countries in […]

Read More
CVE-2024-6670 and CVE-2024-6671 Detection: RCE Attacks Exploiting Critical SQL Injection Vulnerabilities in WhatsUp Gold 
CVE-2024-6670 and CVE-2024-6671 Detection: RCE Attacks Exploiting Critical SQL Injection Vulnerabilities in WhatsUp Gold 

Hackers are weaponizing PoC exploits for newly identified vulnerabilities in Progress Software WhatsUp Gold for in-the-wild attacks. Defenders have recently uncovered RCE attacks exploiting the critical SQL injection flaws tracked as CVE-2024-6670 and CVE-2024-6671. Notably, CVE-2024-6670 has been added to CISA’s Known Exploited Vulnerabilities Catalog. Detect CVE-2024-6670, CVE-2024-6671 Progress WhatsUp Gold Exploits  In 2024, nearly […]

Read More
SOC Prime Threat Bounty Digest — August 2024 Results
SOC Prime Threat Bounty Digest — August 2024 Results

Detection Content Creation, Submission & Release August 2024 was challenging for the global cyber community, but it was also full of opportunities for SOC Prime’s Threat Bounty members to gain personal recognition and cash for their contributions. During August, 22 detections were successfully released to the SOC Prime Platform, and twice as many detections were […]

Read More
Detect WikiLoader Attacks: Adversaries Leverage Fake GlobalProtect VPN Software to Deliver a New Malware Variant via SEO Poisoning
Detect WikiLoader Attacks: Adversaries Leverage Fake GlobalProtect VPN Software to Deliver a New Malware Variant via SEO Poisoning

The latest stats highlight that in 2023, adversaries deployed an average of 200,454 unique malware scripts per day, equating to roughly 1.5 new samples per minute. To proceed with successful malware attacks, threat actors are juggling with different malicious methods in an attempt to overcome security protections. The latest malicious campaign in the spotlight spoofs […]

Read More
RansomHub Detection: The FBI, CISA, and Partners Warn Against a Growing RaaS Variant Targeting Critical Infrastructure Organizations
RansomHub Detection: The FBI, CISA, and Partners Warn Against a Growing RaaS Variant Targeting Critical Infrastructure Organizations

Hot on the heels of the joint cybersecurity advisory warning defenders of the Iran-backed Pioneer Kitten’s collaboration with multiple ransomware groups, another spike in ransomware activity is causing a stir in the cyber threat landscape. The FBI, CISA, and partners recently issued a joint alert covering the increased offensive activity of the RansomHub RaaS operators, […]

Read More
UAC-0020 (Vermin) Activity Detection: A New Phishing Attack Abusing the Topic of Prisoners of War at the Kursk Front and Using FIRMACHAGENT Malware
UAC-0020 (Vermin) Activity Detection: A New Phishing Attack Abusing the Topic of Prisoners of War at the Kursk Front and Using FIRMACHAGENT Malware

The Vermin hacking collective, also tracked as UAC-0020, resurfaces, targeting Ukraine using a novel offensive tool dubbed FIRMACHAGENT. In the latest attack, adversaries leverage the phishing attack vector to spread emails with the lure subject related to the prisoners of war at the Kursk front.  UAC-0020 aka Vermin Attack Analysis Using FIRMACHAGENT  On August 19, 2024, […]

Read More
How SOC Prime Products Address 5 Cybersecurity Challenges
How SOC Prime Products Address 5 Cybersecurity Challenges

In today’s rapidly evolving cybersecurity landscape, organizations face numerous challenges in safeguarding their digital assets. SOC Prime offers a suite of solutions designed to address some of the most pressing cybersecurity problems. This blog explores how SOC Prime’s Threat Detection Marketplace (TDM), Uncoder AI, and Attack Detective can solve five common issues. Start Now Request […]

Read More
UAC-0198 Attack Detection: Adversaries Massively Distribute Phishing Emails Spreading ANONVNC (MESHAGENT) Malware to Target Ukrainian State Bodies
UAC-0198 Attack Detection: Adversaries Massively Distribute Phishing Emails Spreading ANONVNC (MESHAGENT) Malware to Target Ukrainian State Bodies

The increasing number of phishing attacks requires immediate attention from defenders, underscoring the need for increasing cybersecurity awareness and bolstering the organization’s cyber hygiene. Following the UAC-0102 attack targeting UKR.NET users, another hacking collective tracked as UAC-0198 leverages the phishing attack vector to target the Ukrainian state bodies and massively distribute ANONVNC (MESHAGENT) malware to […]

Read More
Actor240524 Attack Detection: Novel APT Group Targets Israeli and Azerbaijani Diplomats Using ABCloader and ABCsync Malware
Actor240524 Attack Detection: Novel APT Group Targets Israeli and Azerbaijani Diplomats Using ABCloader and ABCsync Malware

Defenders have discovered a novel APT group dubbed Actor240524, which applies an advanced adversary toolkit to evade detection and gain persistence. At the turn of July 2024, adversaries performed a spear-phishing campaign against diplomats from Azerbaijan and Israel. Attackers leveraged a malicious Word document featuring content in Azerbaijani and masquerading as official documentation designed to […]

Read More