Cybersecurity experts from Microsoft Threat Intelligence Center (MSTIC) have disrupted the infrastructure of a nefarious APT responsible for long-lasting cyberespionage activities aimed at targets within NATO countries. The group, dubbed SEABORGIUM, launched multiple phishing, data theft, and hack-and-leak campaigns to spy on defense contractors, NGOs, IGOs, think tanks, and educational institutions, allegedly on-behalf of russian […]
BlueSky ransomware represents a rapidly evolving malware family that involves sophisticated anti-analysis capabilities and constantly enhances its evasion techniques. BlueSky ransomware targets Windows hosts and relies on a multithreading technique for faster file encryption. Cybersecurity researchers attribute the revealed ransomware patterns to the adversary activity of the infamous Conti ransomware group, which has long been […]
High-profile ransomware attacks illustrate a growing trend in the cyber threat arena in 2021-2022, with the majority of ransomware affiliates engaged in various ransomware-as-a-service (RaaS) programs. In May 2022, cybersecurity researchers noticed novel adversary campaigns deploying Cuba ransomware attributed to the malicious activity of a hacking group tracked as Tropical Scorpius. In these latest attacks, […]
A good threat hunting hypothesis is key to identifying weak spots in an organization’s digital infrastructure. Just learn to ask the right questions, and you will get the answers that you’re looking for. In this blog post, we review a proactive threat hunting methodology: Hypothesis-Driven Threat Hunting. Let’s dive right in! Detect & Hunt Explore […]
With the outbreak of the global cyber war, the malicious activity of the Armageddon cyber-espionage group aka Gamaredon or UAC-0010 has been in the limelight in the cyber threat arena targeting Ukrainian state bodies. The hacking collective launched a series of phishing cyber-attacks, including campaigns in May spreading GammaLoad.PS1_v2 malware and in April 2022. On […]
Exploitation attempts of vulnerabilities found in Zimbra Collaboration Suite (ZCS) are coming into the spotlight in the cyber threat arena, like in the case of CVE-2018-6882 used in a targeted cyber-espionage campaign against Ukrainian state bodies in mid-April 2022. Throughout July and August 2022, cybersecurity researchers were investigating a series of security breaches affecting ZCS […]
Security flaws in VMware products that can be leveraged in exploit chain attacks have been in the limelight in the cyber threat arena since May 2022, when CISA issued an alert warning of known remote code execution (RCE) and privilege escalation vulnerabilities. On August 9, 2022, VMware patched another set of vulnerabilities that might be […]
In our series of guides on Threat Hunting Basics, we’ve already covered multiple topics, from techniques and tools threat hunting teams use to the certifications for professionals and beginners. But what makes good Cyber Hunting, and how can you evaluate it? One of the ways to measure the effectiveness of the hunting procedures is by […]
Ransomware attacks have become a constantly growing trend in the cyber threat arena since 2020, which continues to be on the rise in 2021-2022. Cybersecurity researchers have recently uncovered a new SolidBit ransomware variant, which targets gamers and social media users. The novel malware strain is spotted in the wild, being uploaded to GitHub and […]
Gwisin ransomware targeting Korean companies in multiple industries is currently on the increase in the cyber threat arena. Attributed to the Korean-speaking threat actors, Gwisin ransomware is leveraged in targeted attacks at specific organizations rather than random individuals and does not perform malicious behaviors on its own, which makes its detection harder. The ransomware is […]