Tag: Threat Hunting Content

Armageddon APT aka UAC-0010 Uses GammaLoad and GammaSteel Malware in Targeted Cyber-Attacks on Ukraine
Armageddon APT aka UAC-0010 Uses GammaLoad and GammaSteel Malware in Targeted Cyber-Attacks on Ukraine

With the outbreak of the global cyber war, the malicious activity of the Armageddon cyber-espionage group aka Gamaredon or UAC-0010 has been in the limelight in the cyber threat arena targeting Ukrainian state bodies. The hacking collective launched a series of phishing cyber-attacks, including campaigns in May spreading GammaLoad.PS1_v2 malware and in April 2022. On […]

Read More
CVE-2022-27925 Detection: Mass Exploitation of Remote Code Execution (RCE) Vulnerability in Zimbra Collaboration Suite
CVE-2022-27925 Detection: Mass Exploitation of Remote Code Execution (RCE) Vulnerability in Zimbra Collaboration Suite

Exploitation attempts of vulnerabilities found in Zimbra Collaboration Suite (ZCS) are coming into the spotlight in the cyber threat arena, like in the case of CVE-2018-6882 used in a targeted cyber-espionage campaign against Ukrainian state bodies in mid-April 2022. Throughout July and August 2022, cybersecurity researchers were investigating a series of security breaches affecting ZCS […]

Read More
CVE-2022-31672 Detection: Pre-Authenticated Remote Code Execution Exploit Using Patched Vulnerabilities in VMware vRealize Operations Management Suite
CVE-2022-31672 Detection: Pre-Authenticated Remote Code Execution Exploit Using Patched Vulnerabilities in VMware vRealize Operations Management Suite

Security flaws in VMware products that can be leveraged in exploit chain attacks have been in the limelight in the cyber threat arena since May 2022, when CISA issued an alert warning of known remote code execution (RCE) and privilege escalation vulnerabilities. On August 9, 2022, VMware patched another set of vulnerabilities that might be […]

Read More
Threat Hunting Maturity Model Explained With Examples
Threat Hunting Maturity Model Explained With Examples

In our series of guides on Threat Hunting Basics, we’ve already covered multiple topics, from techniques and tools threat hunting teams use to the certifications for professionals and beginners. But what makes good Cyber Hunting, and how can you evaluate it? One of the ways to measure the effectiveness of the hunting procedures is by […]

Read More
SolidBit Ransomware Detection: Novel Variant Targets Users of Popular Video Games and Social Media Platforms
SolidBit Ransomware Detection: Novel Variant Targets Users of Popular Video Games and Social Media Platforms

Ransomware attacks have become a constantly growing trend in the cyber threat arena since 2020, which continues to be on the rise in 2021-2022. Cybersecurity researchers have recently uncovered a new SolidBit ransomware variant, which targets gamers and social media users. The novel malware strain is spotted in the wild, being uploaded to GitHub and […]

Read More
Gwisin Detection: Threat Actors Spread Gwisin Ransomware Targeting Korean Companies
Gwisin Detection: Threat Actors Spread Gwisin Ransomware Targeting Korean Companies

Gwisin ransomware targeting Korean companies in multiple industries is currently on the increase in the cyber threat arena. Attributed to the Korean-speaking threat actors, Gwisin ransomware is leveraged in targeted attacks at specific organizations rather than random individuals and does not perform malicious behaviors on its own, which makes its detection harder. The ransomware is […]

Read More
CVE-2022-32548 Detection: Critical RCE Vulnerability Affects DrayTek’s Flagship Models
CVE-2022-32548 Detection: Critical RCE Vulnerability Affects DrayTek’s Flagship Models

Researchers revealed a critical security hole in 29 models of DrayTek Vigor routers, totaling more than 700,000 devices currently in use. DrayTek Vigor routers gained popularity during the worldwide shift to home offices during the pandemic and are mostly used by employees of small and medium-sized businesses in the UK, Netherlands, Vietnam, Taiwan, and Australia. […]

Read More
SmokeLoader Detection: Distributes Amadey Bot Malware via Software Cracks
SmokeLoader Detection: Distributes Amadey Bot Malware via Software Cracks

Amadey Bot, a notorious malware strain that first came to the cyber threat arena in 2018, is capable of stealing data and deploying other malicious payloads on the compromised system. It has been actively distributed across hacker forums to engage in offensive operations. Cybersecurity researchers have recently observed the distribution of a new version of […]

Read More
LockBit 3.0 Ransomware Attack Detection: Deploy Cobalt Strike Beacons Abusing Microsoft Defender
LockBit 3.0 Ransomware Attack Detection: Deploy Cobalt Strike Beacons Abusing Microsoft Defender

LockBit threat actors have been recently under the spotlight in the cyber domain. In July 2022, the hacking collective hit the headlines by introducing the first-ever bug bounty program launched by a ransomware gang. In the latest cyber-attacks, the notorious ransomware group applies Living-off-the-Land tools by abusing the legitimate Microsoft Defender’s command-line utility to deploy […]

Read More
Threat Hunting Techniques, Tactics, and Methodologies: Your Step-by-Step Introduction
Threat Hunting Techniques, Tactics, and Methodologies: Your Step-by-Step Introduction

We could start this article with a bold statement saying that Threat Hunting is easier than you think, and by reading our blog post, you will instantly become a pro. Unfortunately or luckily, that’s not the case. However, we understand that starting out as a Cyber Threat Hunter is tough. That’s why we are introducing […]

Read More