Tag: Threat Detection Marketplace

APT28 Adversary Activity Detection: New Phishing Attacks Targeting Ukrainian and Polish Organizations
APT28 Adversary Activity Detection: New Phishing Attacks Targeting Ukrainian and Polish Organizations

Throughout the second half of December 2023, cybersecurity researchers uncovered a series of phishing attacks against Ukrainian government agencies and Polish organizations attributed to the infamous russian nation-backed APT28 hacking collective. CERT-UA has recently issued a heads-up covering the in-depth overview of the latest APT28 attacks, from the initial compromise to posing a threat to […]

Read More
2023 Year in Review
2023 Year in Review

Celebrating Milestones and Shared Success As we approach 2024, let’s take some time to reflect on our shared accomplishments and look forward to even more significant successes in the coming year. Over the past year, our joint endeavors have been focused on shaping a secure tomorrow, driven by the collective strength of the global cybersecurity […]

Read More
New Phishing Campaign by UAC-0050: Kyivstar & Security Service of Ukraine Baits to Deliver Remcos RAT
New Phishing Campaign by UAC-0050: Kyivstar & Security Service of Ukraine Baits to Deliver Remcos RAT

Cybersecurity analysts are observing a substantial increase in malicious activities targeting Ukraine’s public and private sectors, where attackers often resort to phishing vectors as their primary strategy for initiating intrusions. CERT-UA notifies cyber defenders of ongoing attacks against Ukrainian organizations leveraging Kyivstar and the Security Service of Ukraine phishing lures. The infamous UAC-0050 group aims […]

Read More
Play Ransomware Detection: Ongoing Ransomware Attacks Against Businesses and Critical Infrastructure in the U.S., South America, and Europe
Play Ransomware Detection: Ongoing Ransomware Attacks Against Businesses and Critical Infrastructure in the U.S., South America, and Europe

At the end of November 2023, leading U.S. cybersecurity agencies, in collaboration with international partners, issued an alert covering LockBit 3.0 ransomware attacks as part of their #StopRansomware effort aimed at boosting cybersecurity awareness. Recently, another joint Cybersecurity Advisory came out aimed at notifying defenders of the ongoing attacks by the Play ransomware group. In […]

Read More
CVE-2023-49070 Exploit Detection: A Critical Pre-Auth RCE Vulnerability in Apache OFBiz 
CVE-2023-49070 Exploit Detection: A Critical Pre-Auth RCE Vulnerability in Apache OFBiz 

Сritical vulnerabilities in popular open-source software solutions pose severe threats to global businesses that rely on the impacted products. Recently, another critical security flaw was identified in Apache OFBiz, an open-source enterprise resource planning system mainly used by large-scale businesses with over 10,000 of employees. The uncovered flaw is a pre-auth vulnerability tracked as CVE-2023-49070 […]

Read More
Operation Blacksmith Detection: Lazarus APT Uses a CVE-2021-44228 Exploit to Deploy New DLang-Based Malware Strains
Operation Blacksmith Detection: Lazarus APT Uses a CVE-2021-44228 Exploit to Deploy New DLang-Based Malware Strains

Adversaries set their eyes on a notorious security flaw in Log4j Java Library tracked as CVE-2021-44228, aka Log4Shell, even a couple of years after its disclosure. A new campaign dubbed “Operation Blacksmith” involves the exploitation of the Log4Shell vulnerability to deploy new malicious strains written in DLang, including novel RATs. The North Korean APT Lazarus […]

Read More
Remcos RAT and Meduza Stealer Detection: UAC-0050 Group Launches a Massive Phishing Attack Against State Bodies in Ukraine and Poland
Remcos RAT and Meduza Stealer Detection: UAC-0050 Group Launches a Massive Phishing Attack Against State Bodies in Ukraine and Poland

Less than a week after a phishing campaign by UAC-0050 spreading Remcos RAT, the group attempted to launch another offensive operation. In the newly uncovered massive email distribution campaign, UAC-0050 hackers target the Ukrainian and Polish public sectors, leveraging the nefarious Remcos RAT and another malware strain dubbed Meduza Stealer. UAC-0050 Attack Description: Activity Covered […]

Read More
UAC-0006 Attack Detection: Overview of the Financially Motivated Group’s Campaigns Based on CERT-UA Research
UAC-0006 Attack Detection: Overview of the Financially Motivated Group’s Campaigns Based on CERT-UA Research

The infamous hacking group known as UAC-0006 has been launching offensive operations against Ukraine since 2013 primarily driven by financial gain. CERT-UA researchers recently issued a compiled overview of the group’s adversary activity aimed at raising cybersecurity awareness and minimizing risks. The group is notorious for committing financial theft by leveraging malware like SmokeLoader to […]

Read More
UAC-0050 Attack Detection: Hackers Launch Another Targeted Campaign Spreading Remcos RAT 
UAC-0050 Attack Detection: Hackers Launch Another Targeted Campaign Spreading Remcos RAT 

Hard on the heels of the phishing attack impersonating the Security Service of Ukraine and using Remcos RAT, the hacking collective identified as UAC-0050 launched another adversary campaign against Ukraine leveraging the phishing attack vector. In these attacks targeting 15,000+ users hackers massively send emails with a subject and attachment lures related to a summons […]

Read More
CVE-2023-49103 Detection: A Critical Vulnerability in OwnCloud’s Graph API App Leveraged for in-the-Wild Attacks
CVE-2023-49103 Detection: A Critical Vulnerability in OwnCloud’s Graph API App Leveraged for in-the-Wild Attacks

Hot on the heels of the Zimbra zero-day vulnerability, another critical security flaw affecting popular software comes to the scene. The open-source file-sharing software ownCloud has recently disclosed a trio of disturbing security holes in its products. Among them, the max severity vulnerability tracked as CVE-2023-49103 gained the CVSS score of 10 due to the […]

Read More