The modern cyber threat landscape illustrates a growing trend in the use of Golang-based malware, which is actively adopted by multiple hacking collectives. Cybersecurity researchers have recently uncovered a novel Golang-based malicious campaign tracked as GO#WEBBFUSCATOR, in which hackers leverage a notorious deep field image taken from NASA’s James Webb Space Telescope as a lure […]
MITRE ATT&CK® is a framework for threat-informed cybersecurity defense and public knowledge base of adversarial tactics, techniques, and procedures (TTPs) based on real examples observed in the wild. It also includes a wealth of metadata such as possible detections, mitigations, data sources, platforms, system requirements, associated groups, references, and more. The ATT&CK content is published […]
On August 30 and 31, 2022, CERT-UA revealed a burst of adversary activity massively distributing phishing emails among Ukrainian, Austrian, and German organizations. According to the corresponding CERT-UA#5252 alert, hackers exploit the email attachment vector spreading the notorious AgentTesla info-stealing malware. The malicious activity can be attributed to the behavior patterns of the hacking collective […]
The malicious campaigns of the Iran-backed APT34 hacking collective also tracked as Charming Kitten, have been causing a stir in the cyber threat arena in 2022, including the cyber-attacks exploiting Microsoft Exchange ProxyShell vulnerabilities. In late August 2022, cybersecurity researchers revealed the ongoing malicious activity posing a serious threat to Gmail, Yahoo!, and Microsoft Outlook […]
A new ransomware package dubbed HavanaCrypt quickly catapulted into operation earlier this summer and has already caused a fair share of trouble. HavanaCrypt is a .NET-compiled malware that uses an open-source obfuscation tool dubbed Obfuscar to facilitate code security in a .NET assembly. The ransomware operators use Microsoft Web hosting service IP address as its […]
Earlier this month, security researchers identified PyPi malware that exfiltrated users’ credentials, apps’ cookies, and history, along with other sensitive data. The research data indicates that adversaries upload malicious packages to The Python Package Index (PyPI) – a vast repository of open-source Python packages. The goal is to dupe the users into downloading them by […]
Cybersecurity experts from Microsoft Threat Intelligence Center (MSTIC) have disrupted the infrastructure of a nefarious APT responsible for long-lasting cyberespionage activities aimed at targets within NATO countries. The group, dubbed SEABORGIUM, launched multiple phishing, data theft, and hack-and-leak campaigns to spy on defense contractors, NGOs, IGOs, think tanks, and educational institutions, allegedly on-behalf of russian […]
BlueSky ransomware represents a rapidly evolving malware family that involves sophisticated anti-analysis capabilities and constantly enhances its evasion techniques. BlueSky ransomware targets Windows hosts and relies on a multithreading technique for faster file encryption. Cybersecurity researchers attribute the revealed ransomware patterns to the adversary activity of the infamous Conti ransomware group, which has long been […]
High-profile ransomware attacks illustrate a growing trend in the cyber threat arena in 2021-2022, with the majority of ransomware affiliates engaged in various ransomware-as-a-service (RaaS) programs. In May 2022, cybersecurity researchers noticed novel adversary campaigns deploying Cuba ransomware attributed to the malicious activity of a hacking group tracked as Tropical Scorpius. In these latest attacks, […]
A good threat hunting hypothesis is key to identifying weak spots in an organization’s digital infrastructure. Just learn to ask the right questions, and you will get the answers that you’re looking for. In this blog post, we review a proactive threat hunting methodology: Hypothesis-Driven Threat Hunting. Let’s dive right in! Detect & Hunt Explore […]