June ‘22 Updates This June we introduced several significant updates related to SOC Prime’s Threat Bounty Program to acknowledge the contribution of the Program members and smooth their experience with Sigma rules creation. Now, all SOC Prime users can access detailed information about Threat Bounty authors’ achievements on a dedicated page. Also, the beta version […]
SessionManager backdoor first surfaced around Spring 2021, targeting Microsoft IIS Servers. The malware samples were first investigated only in early 2022. The recently exposed backdoor has affected more than 20 governmental and non-governmental entities across Africa, South Asia, South America, the Middle East, and Europe. Security researchers speculate that some artifacts indicate that the attacks […]
MedusaLocker ransomware first surfaced in September 2019 and has been impacting a wide range of industries and organizations, primarily in healthcare, ever since. Assuming how adversaries divide the ransom money, MedusaLocker appears to be run as a RaaS. Sources claimed that payments for ransomware seem to be divided between the affiliate and the developer, with […]
Researchers report new attacks with an upgraded remote access trojan (RAT) dubbed PingPull launched by Gallium hackers. The Gallium APT has been around since at least 2012 and bears the markings of what is likely a nation-state threat actor, believed to be backed by the Chinese government. Their latest activity is characterized by APT’s strive […]
The operations of Evilnum hackers have been watched closely by security analysts since 2020, with the threat actors’ activity traced back as early as 2018. The APT group is predominantly associated with the attacks on the FinTech sector in Europe, often classified as a financially motivated group. Sources claimed that the most recent spear phishing […]
Meet a novel player in the cyber threat arena! Starting from late 2020 security experts are tracking a new APT collective, dubbed ToddyCat, which was spotted targeting Microsoft Exchange servers in Europe and Asia to deploy custom malware samples. Among the malicious strains distributed by the ToddyCat are previously unknown Samurai backdoor and Ninja Trojan […]
The notorious CVE-2021-44228 Apache Log4j vulnerability aka Log4Shell is still haunting cyber defenders along with reports about its active in-the-wild exploitations. Starting from December 2021, the nefarious Log4Shell flaw on unpatched VMware Horizon and Unified Access Gateway (UAG) servers has been widely weaponized by threat actors enabling them to gain initial access to targeted systems. […]
On June 24, 2022, CERT-UA warned about a new malicious campaign targeting telecommunication providers in Ukraine. According to the investigation, russia-linked adversaries launched a massive phishing campaign delivering DarkCrystal remote access Trojan (RAT), able to perform reconnaissance, data theft, and code execution on the affected instances. The malicious activity is tracked as UAC-0113, which with […]
ShadowPad is a modular backdoor highly popular among China-located threat actors, including such clusters of espionage activity as BRONZE UNIVERSITY, BRONZE RIVERSIDE, BRONZE STARLIGHT, and BRONZE ATLAS. The malware is used to download further malicious payloads, opening the way to wider exploitation potential. According to the research data, the malware traces its roots back to […]
Brace yourself for a new PetitPotam-like NTLM relay attack enabling complete Windows domain takeover via Microsoft’s Distributed File System (MS-DFSNM) abuse. The new attack method, dubbed DFSCoerce, allows adversaries to coerce Windows servers into authentication with a relay under hackers’ control. Domain Controllers (DC) are also vulnerable, which poses a significant risk of the entire […]