We are happy to announce that we have hit another major milestone on the way to delivering continuous security intelligence to the worldwide community. In a strong collaboration between the SOC Prime Team and our Threat Bounty Developer Program members, at the beginning of March 2021, we reached the number of 100,000 Detection and Response […]
Introduction On August 2020 a new type of malware, belonging to the Ransomware category, appeared in the cyber threat landscape. Threat actor responsible for its development called it “DarkSide” and, like others piece of malware of this type, is operated in Big Game Hunting (BGH) campaigns. Around more or less the same time, a DLS […]
New details related to epoch-making SolarWinds supply-chain attack came into light. Research from Microsoft indicates that another stand-alone APT actor might have a hand in SolarWinds Orion compromise. Particularly, cyber-criminals utilized a newly discovered zero-day bug to infect targeted instances with SUPERNOVA backdoor. New ZeroDay Vulnerability in SolarWinds Orion Software (CVE-2020-10148) The vulnerability was disclosed […]
Just a few days after the information about the FireEye data breach appeared, the company published the results of its investigation and details of the Sunburst backdoor (including the technical report and countermeasures), through which the APT group penetrated networks of multiple organizations, and now potentially compromised companies can quickly detect this threat. The scale […]
This week the cybersecurity community was struck by the news that one of the top security firms was compromised by an unnamed sophisticated APT group. Adversaries were interested in Red Team tools used by FireEye to test their customers ’security and looked for information related to government customers. An investigation is ongoing and F.B.I. Cyber […]
It looks like we are on the verge of another crisis caused by ransomware attacks and the proliferation of Ransomware as a Service model that allows even relatively newbies to get into the big game. Every week, the media are full of headlines that a well-known Enterprise or government organization has become another victim of […]
Many of our publications lately have been devoted to various ransomware strains, and the rules for detecting Matrix ransomware characteristics will not help to identify Ragnar Locker or Maze. The malware is constantly changing: its authors change not only the IOCs known to security researchers but also the behavior to make threat hunting content useless […]
Another Ransomware as a Service platform is preparing to play a high-stakes game with organizations. Researchers at Sentinel Labs discovered the first attacks using the FONIX platform about three months ago. Now, this RaaS platform is still under active development, but their first customers are already trying their capabilities. So far, FONIX is quite inconvenient […]
Last week, researchers at Zscaler ThreatLabZ released a report on a massive campaign targeting the supply chain and government sectors in the Middle East. Cybercriminals sent phishing emails pretended to be from Abu Dhabi National Oil Company (ADNOC) employees that infected targets with the AZORult Trojan. Campaign Targeted at organizations in the Middle East The […]
After a very hot July, especially fruitful for critical vulnerabilities (1, 2, 3), Microsoft’s Patch Tuesday in August went relatively quiet. Yes, once again more than a hundred vulnerabilities were patched, yes, 17 flaws were rated as Critical, and Microsoft didn’t point at bugs of the “We All Doomed” level. Although back then security researchers […]