At the end of 2023, the nefarious UAC-0050 group loomed in the cyber threat arena, targeting Ukraine using Remcos RAT, a common malware from the group’s offensive toolkit. In the first decade of January 2024, UAC-0050 reemerges to strike again, exploiting Remcos RAT, Quasar RAT, and Remote Utilities. UAC-0050 Offensive Activity Overview Based on the […]
Recent cybersec reports unveil a series of attacks in which hackers take advantage of YouTube channels to spread the Lumma malware variant. Lumma malicious strain designed for stealing sensitive data has been in the limelight since 2022, actively promoted by adversaries on hacking websites and continuously undergoing multiple updates and enhancements. This blog article gains […]
Hard on the heels of the phishing campaign against Ukraine spreading Remcos RAT, another offensive operation relying on a similar adversary toolkit comes to the scene. At the end of December 2023, Trendmicro researchers reported CERT-UA about suspicious military-related files sent through a series of new phishing attacks against Ukraine. The uncovered malicious activity aimed […]
Throughout the second half of December 2023, cybersecurity researchers uncovered a series of phishing attacks against Ukrainian government agencies and Polish organizations attributed to the infamous russian nation-backed APT28 hacking collective. CERT-UA has recently issued a heads-up covering the in-depth overview of the latest APT28 attacks, from the initial compromise to posing a threat to […]
Celebrating Milestones and Shared Success As we approach 2024, let’s take some time to reflect on our shared accomplishments and look forward to even more significant successes in the coming year. Over the past year, our joint endeavors have been focused on shaping a secure tomorrow, driven by the collective strength of the global cybersecurity […]
Cybersecurity analysts are observing a substantial increase in malicious activities targeting Ukraine’s public and private sectors, where attackers often resort to phishing vectors as their primary strategy for initiating intrusions. CERT-UA notifies cyber defenders of ongoing attacks against Ukrainian organizations leveraging Kyivstar and the Security Service of Ukraine phishing lures. The infamous UAC-0050 group aims […]
At the end of November 2023, leading U.S. cybersecurity agencies, in collaboration with international partners, issued an alert covering LockBit 3.0 ransomware attacks as part of their #StopRansomware effort aimed at boosting cybersecurity awareness. Recently, another joint Cybersecurity Advisory came out aimed at notifying defenders of the ongoing attacks by the Play ransomware group. In […]
Threat Bounty Content We continue aligning the efforts with Threat Bounty Program members in enriching the SOC Prime Platform with actionable detection content for behavior detection rules. In today’s rapidly changing threat landscape, security professionals leveraging the SOC Prime Platform to defend their corporate environments rely upon SIEM content that is capable of detecting behavioral […]
FBI and CISA, in conjunction with U.S. and international cybersecurity authorities, warn the global cyber defender community about large-scale exploitation of CVE-2023-42793, a critical JetBrains TeamCity CVE potentially leading to RCE on the vulnerable instances. The related cybersecurity alert AA23-347A attributes the ongoing cyber-offensive operations to the russian Foreign Intelligence Service (SVR) represented by the […]
Сritical vulnerabilities in popular open-source software solutions pose severe threats to global businesses that rely on the impacted products. Recently, another critical security flaw was identified in Apache OFBiz, an open-source enterprise resource planning system mainly used by large-scale businesses with over 10,000 of employees. The uncovered flaw is a pre-auth vulnerability tracked as CVE-2023-49070 […]