Tag: Threat Hunting Content

What is Quantum Ransomware?
What is Quantum Ransomware?

Quantum ransomware, a strain that has garnered significant attention since its discovery in July 2021, has proven to be an especially malicious and rapidly evolving form of ransomware. As cybersecurity professionals strive to stay one step ahead of cybercriminals, understanding the intricacies and potential impact of Quantum ransomware becomes imperative. It is a sub-variant of […]

Read More
MULTI#STORM Attack Detection: A New Phishing Campaign Spreading Multiple Remote Access Trojans and Targeting U.S. and India
MULTI#STORM Attack Detection: A New Phishing Campaign Spreading Multiple Remote Access Trojans and Targeting U.S. and India

Cybersecurity researchers warn defenders of yet another phishing campaign dubbed MULTI#STORM, in which hackers abuse JavaScript files to drop RAT malware onto the targeted systems. The MULTI#STORM attack chain contains multiple stages with the final one spreading Quasar RAT and Warzone RAT samples. According to the investigation, in this campaign threat actors have set eyes […]

Read More
Microsoft Outlook Vulnerability CVE-2023-23397 Detection
Microsoft Outlook Vulnerability CVE-2023-23397 Detection

CVE-2023-23397 is a critical elevation of privilege (EoP) vulnerability in Microsoft Outlook with a CVSS base score of 9.8. It was first disclosed on March 14, 2023, and attributed to APT28, also known as Fancy Bear or Strontium – a threat actor associated with the Russian General Staff Main Intelligence Directorate (GRU). The vulnerability is […]

Read More
CVE-2020-35730, CVE-2021-44026, CVE-2020-12641 Exploit Detection: APT28 Group Abuses Roundcube Flaws In Spearphishing Espionage Attacks
CVE-2020-35730, CVE-2021-44026, CVE-2020-12641 Exploit Detection: APT28 Group Abuses Roundcube Flaws In Spearphishing Espionage Attacks

With the ongoing russian cyber offensive operations targeting Ukraine and its allies, the aggressor is continuously launching cyber-espionage campaigns against state bodies and other organizations representing critical infrastructure. Less than a week after CERT-UA researchers warned of a spike in cyber-espionage attacks by russia-linked Shuckworm group, another nefarious hacking group comes back to the scene.  […]

Read More
PicassoLoader and Cobalt Strike Beacon Detection: UAC-0057 aka GhostWriter Hacking Group Attacks the Ukrainian Leading Military Educational Institution
PicassoLoader and Cobalt Strike Beacon Detection: UAC-0057 aka GhostWriter Hacking Group Attacks the Ukrainian Leading Military Educational Institution

On June 16, 2023, CERT-UA researchers issued a new alert covering the recently discovered malicious activity targeting the National Defense University of Ukraine, named after Ivan Cherniakhovskyi, the country’s leading military educational institution. In this ongoing campaign, threat actors spread PicassoLoader and Cobalt Strike Beacon on the compromised systems via a malicious file containing a […]

Read More
Shuckworm Espionage Group Attack Detection: russia-backed Threat Actors Repeatedly Attack Ukrainian Military, Security, and Government Organizations
Shuckworm Espionage Group Attack Detection: russia-backed Threat Actors Repeatedly Attack Ukrainian Military, Security, and Government Organizations

Since russia’s full-scale invasion of Ukraine, the aggressor’s offensive forces have launched an avalanche of cyber-espionage campaigns against Ukraine and its allies, mainly targeting government agencies and frequently leveraging the phishing attack vector. The infamous hacking collective dubbed Shuckworm (Armageddon, Gamaredon), which is known to have links with russia’s FSB, has been observed behind a […]

Read More
Cadet Blizzard’s Activity Detection: Novel russia-Linked Nation-Backed Threat Actor Tracked as DEV-0586 Comes to the Scene
Cadet Blizzard’s Activity Detection: Novel russia-Linked Nation-Backed Threat Actor Tracked as DEV-0586 Comes to the Scene

Since the outbreak of russia’s full-scale invasion of Ukraine, the aggressor has been targeting multiple cyber attacks against Ukraine and its allies, with a growing number of state-sponsored hacking collectives emerging and resurfacing in the cyber threat arena. During the conflict, russia’s offensive forces have launched over 2,100 attacks with disparate levels of sophistication and […]

Read More
SOC Prime Drives Collective Cyber Defense Backed by Threat Detection Marketplace, Uncoder AI, and Attack Detective
SOC Prime Drives Collective Cyber Defense Backed by Threat Detection Marketplace, Uncoder AI, and Attack Detective

Embrace Your Cyber Defense Arsenal: Choose a Tool Tailored for Your Unique Cyber Defense Journey SOC Prime equips every cyber defender with a global threat detection platform for collective cyber defense. To help cyber defenders drive immediate value from SOC Prime Platform based on their current security needs, SOC Prime has launched a new three-pronged […]

Read More
CVE-2023-34362 Detection: Critical MOVEit Transfer Zero-Day Flaw Actively Exploited By Threat Actors to Steal Data from Organizations
CVE-2023-34362 Detection: Critical MOVEit Transfer Zero-Day Flaw Actively Exploited By Threat Actors to Steal Data from Organizations

Hot on the heels of the maximum severity flaw in GitLab software known as CVE-2023-2825, another critical vulnerability comes to the scene, creating a significant buzz in the cyber threat landscape. At the turn of June 2023, Progress Software uncovered a critical vulnerability in MOVEit Transfer that can lead to privilege escalation and instantly issued […]

Read More
SOC Prime Integrates with Amazon Security Lake to Supercharge Security Operations
SOC Prime Integrates with Amazon Security Lake to Supercharge Security Operations

Driving Cost-Efficient, Zero-Trust, and Multi-Cloud Security Backed by Collective Expertise SOC Prime operates the world’s largest and most advanced platform for collective cyber defense that cultivates collaboration from a global cybersecurity community and curates the most up-to-date Sigma rules compatible with over 27 SIEM, EDR, and XDR platforms. SOC Prime’s innovation, backed by the vendor-agnostic […]

Read More