Tag: Threat Detection Marketplace

Forest Blizzard aka Fancy Bear Attack Detection: russian-backed Hackers Apply a Custom GooseEgg Tool to Exploit CVE-2022-38028 in Attacks Against Ukraine, Western Europe, and North America
Forest Blizzard aka Fancy Bear Attack Detection: russian-backed Hackers Apply a Custom GooseEgg Tool to Exploit CVE-2022-38028 in Attacks Against Ukraine, Western Europe, and North America

The nefarious cyber-espionage hacking collective tracked as Forest Blizzard (aka Fancy Bear, STRONTIUM, or APT28) has been experimenting with a novel custom tool dubbed GooseEgg malware to weaponize the critical CVE-2022-38028 vulnerability in Windows Print Spooler. Adversaries are launching multiple intelligence-gathering attacks targeting organizations across the globe in diverse industry sectors. Successful privilege escalation and […]

Read More
UAC-0133 (Sandworm) Attack Detection: russia-Linked Hackers Aim to Cripple the Information and Communication Systems of 20 Critical Infrastructure Organizations Across Ukraine
UAC-0133 (Sandworm) Attack Detection: russia-Linked Hackers Aim to Cripple the Information and Communication Systems of 20 Critical Infrastructure Organizations Across Ukraine

For over a decade, the nefarious russia-backed Sandworm APT group (aka UAC-0133, UAC-0002, APT44, or FROZENBARENTS) has been consistently targeting Ukrainian organizations with a prime focus on the public sector and critical infrastructure. CERT-UA has recently unveiled the group’s malicious intentions to disrupt the information and communication systems of about 20 critical infrastructure organizations.  UAC-0133 […]

Read More
Akira Ransomware Detection: Joint Cybersecurity Advisory (CSA) AA24-109A Highlights Attacks Targeting Businesses and Critical Infrastructure in North America, Europe, and Australia
Akira Ransomware Detection: Joint Cybersecurity Advisory (CSA) AA24-109A Highlights Attacks Targeting Businesses and Critical Infrastructure in North America, Europe, and Australia

FBI and CISA, in conjunction with the U.S. and leading international cybersecurity agencies, have recently issued a joint advisory AA24-109A warning defenders of a surge in cyber attacks leveraging Akira ransomware. According to investigations, related malicious campaigns have affected 250+ organizations and claimed around $42 million in ransom payments.  Detect Akira Ransomware Attacks Escalating ransomware […]

Read More
UAC-0184 Abuses Messengers and Dating Websites to Proceed with Attacks Against Ukrainian Government and Military
UAC-0184 Abuses Messengers and Dating Websites to Proceed with Attacks Against Ukrainian Government and Military

The UAC-0184 hacking collective is back, once again setting its eyes on the Armed Forces of Ukraine. Adversaries attempt to gain access to the targeted computers to steal files and messaging data, according to the latest CERT-UA research. UAC-0184 Latest Attack Description Defenders have been observing a significant surge in the malicious activity of the […]

Read More
SOC Prime Threat Bounty Digest — March 2024 Results
SOC Prime Threat Bounty Digest — March 2024 Results

Threat Bounty Publications In March 2024, 40 threat detection rules were successfully published to SOC Prime’s Platform via the Threat Bounty Program after the review of our Content Team. Although we observe an overall improvement in the quality of submissions, there are also some typical misconceptions that can be recognized in the approaches to content […]

Read More
russian state-sponsored Hive0051 (aka UAC-0010, Gamaredon) Attack Detection: Adversaries Apply an Aggressive Infection Approach Leveraging Three Malware Branches
russian state-sponsored Hive0051 (aka UAC-0010, Gamaredon) Attack Detection: Adversaries Apply an Aggressive Infection Approach Leveraging Three Malware Branches

The state-sponsored russia-linked Gamaredon (aka Hive0051, UAC-0010, Armageddon APT) hacking collective comes to the spotlight launching a new wave of cyber attacks. Adversaries have been observed leveraging new iterations of Gamma malware, adopting DNS Fluxing to drop the malicious strains and leading to 1,000+ infections per day. The infection chain displays a novel, aggressive, multi-layered […]

Read More
New Supply Chain Attack Detection: Hackers Apply Multiple Tactics to Target GitHub Developers Using a Fake Python Infrastructure
New Supply Chain Attack Detection: Hackers Apply Multiple Tactics to Target GitHub Developers Using a Fake Python Infrastructure

Hackers employ diverse TTPs in a multi-stage software supply-chain campaign going after GitHub users, including members of the widely recognized Top.gg community, with over 170,000+ users falling prey to the offensive operations. Adversaries took advantage of a fake Python infrastructure, causing the full compromise of GitHub accounts, the publication of harmful Python packs, and the […]

Read More
Kimsuky APT New Campaign Detection: North Korean Hackers Leverage Microsoft Compiled HTML Help Files in Ongoing Cyber Attacks
Kimsuky APT New Campaign Detection: North Korean Hackers Leverage Microsoft Compiled HTML Help Files in Ongoing Cyber Attacks

Hard on the heels of the DEEP#GOSU offensive campaign associated with the North Korean hacking collective Kimsuky APT, the group comes to the spotlight once again by shifting their adversary TTPs. Defenders have recently observed Kimsuky’s use of Microsoft Compiled HTML Help (CHM) files to spread malware and collect sensitive data from impacted instances. Detect […]

Read More
DEEP#GOSU Attack Campaign Detection: North Korean Kimsuky APT Is Likely Behind Attacks Using PowerShell and VBScript Malware
DEEP#GOSU Attack Campaign Detection: North Korean Kimsuky APT Is Likely Behind Attacks Using PowerShell and VBScript Malware

The nefarious cyber-espionage North Korean Kimsuky APT group has been in the limelight in the cyber threatscape since at least 2012. A new multi-stage Kimsuky-affiliated offensive campaign tracked as DEEP#GOSU hits the headlines, posing threats to Windows users and leveraging PowerShell and VBScript malware to infect targeted systems.  Detect DEEP#GOSU Attack Campaign Last year has […]

Read More
SOC Prime Threat Bounty Digest — February  2024 Results
SOC Prime Threat Bounty Digest — February  2024 Results

Threat Bounty Publications In February, the members of the Threat Bounty program submitted more than 350 detections for review by the SOC Prime Team. After the review by the content verification team, 70 rules were successfully published on the SOC Prime Platform. During the verification, the SOC Prime Team provided more than 400 content rejection […]

Read More