Tag: Threat Hunting Content

Saitama Backdoor Detection: APT34 Aims New Malware at Jordan’s Foreign Ministry
Saitama Backdoor Detection: APT34 Aims New Malware at Jordan’s Foreign Ministry

Iranian hackers known as APT34 have launched a spear-phishing campaign distributing a novel backdoor named Saitama. This time, APT34 targets officials from Jordan’s Foreign Ministry. APT34 is associated with other monikers, such as OilRig, Cobalt Gypsy IRN2, and Helix Kitten, and has been active since at least 2014, mostly attacking entities in finance and government, […]

Read More
Armageddon APT Known As UAC-0010 Drops GammaLoad.PS1_v2 Espionage Malware in a New Phishing Campaign Against Ukraine
Armageddon APT Known As UAC-0010 Drops GammaLoad.PS1_v2 Espionage Malware in a New Phishing Campaign Against Ukraine

The infamous Russian state-sponsored hacking collective, Armageddon, recently involved in phishing attacks targeting Ukrainian and European state bodies, continues its malicious activity. Based on the latest CERT-UA investigations, Armageddon threat actors also identified as UAC-0010 have been observed in another cyber-attack against Ukraine distributing phishing emails and spreading malicious software dubbed GammaLoad.PS1_v2.  Armageddon APT Targeting […]

Read More
Nerbian RAT Detection: Novel Trojan That Leverages Covid-19 Lures to Target European Users
Nerbian RAT Detection: Novel Trojan That Leverages Covid-19 Lures to Target European Users

Another day, another RAT is sniffing its way into systems of hackers’ interest. This time the trojan called Nerbian RAT is in the limelight, leveraging Covid-19 and World’s Health Organization lures to proceed with targeted attacks against users in Italy, Spain, and the UK. The newly-discovered threat is written in Go, making the malware OS-agnostic […]

Read More
CVE-2022-26923 Detection: Active Directory Domain Privilege Escalation Vulnerability
CVE-2022-26923 Detection: Active Directory Domain Privilege Escalation Vulnerability

Privilege exploitation attacks in Microsoft’s Windows Active Directory (AD) Domain environments are expanding their scope and growing in scale to target millions of devices. The Microsoft Security Response Center (MSRC) has recently updated information on security flaws that affect the company’s products and services, highlighting the newly discovered Active Directory Domain Services elevation of privilege […]

Read More
NetDooka Malware Detection: NetDooka Enables Data Theft and Hijacking
NetDooka Malware Detection: NetDooka Enables Data Theft and Hijacking

Adversaries utilize the PrivateLoader pay-per-install (PPI) malware distribution platform to spread a new malware framework dubbed NetDooka. This comprehensive malware framework possesses several components, such as a loader, a dropper, a kernel-mode process, a file protection driver, and a remote access trojan (RAT). The launching element of the infection chain ⁠of the NetDooka framework is […]

Read More
BPFDoor Malware Detection: Evasive Surveillance Tool Used to Spy on Linux Devices
BPFDoor Malware Detection: Evasive Surveillance Tool Used to Spy on Linux Devices

Bad luck for Linux-based system maintainers – security experts have revealed a sophisticated surveillance implant that has flown under the radars of endpoint protection vendors for five years, secretly infecting thousands of Linux environments. Dubbed BPFDoor, the malware abuses the Berkeley Packet Filter (BPF) to act as a backdoor and proceed with reconnaissance. This makes […]

Read More
Jester Stealer Malware Detection: Phishing Attacks Spreading Info-Stealing Malware by the UAC-0104 Hacking Group
Jester Stealer Malware Detection: Phishing Attacks Spreading Info-Stealing Malware by the UAC-0104 Hacking Group

A wave of new phishing cyber-attacks has recently swept Ukraine. Hard on the heels of an attack by the APT28 threat actors spreading the CredoMap_v2 info-stealing malicious software, another hacking group has recently distributed phishing emails deploying malware called Jester Stealer, as CERT-UA reports. This latest malicious activity has been tracked as UAC-0104 based on […]

Read More
CVE-2022-1388 Detection: BIG-IP iControl REST Vulnerability
CVE-2022-1388 Detection: BIG-IP iControl REST Vulnerability

F5 Networks, a company that specializes in the development and distribution of software and hardware solutions, has released a Security Advisory on May 4, 2022, addressing a number of issues in their products. Shortly after, the BIG-IP family of products was hit with multiple exploitations in the wild following the publicly published proof-of-concept for a […]

Read More
Russia-Linked APT28 (UAC-0028) Threat Actors Spread CredoMap_v2 Malware in a Phishing Attack on Ukraine
Russia-Linked APT28 (UAC-0028) Threat Actors Spread CredoMap_v2 Malware in a Phishing Attack on Ukraine

Over the course of an ongoing cyber war, Russia-linked hacking collectives are looking for new ways to cripple the Ukrainian organizations in the cyber domain. On May 6, 2022, CERT-UA issued an alert warning of yet another phishing attack targeting Ukrainian state bodies. The cyber-attack has been attributed to the malicious activity of notorious Russian […]

Read More
BlackByte Ransomware Detection: New Go-Based Variants With Enhanced File Encryption Continue Breaching Organizations and Demand Ransom
BlackByte Ransomware Detection: New Go-Based Variants With Enhanced File Encryption Continue Breaching Organizations and Demand Ransom

BlackByte ransomware targeting critical infrastructures in the U.S. and across the globe since mid-summer 2021 has recently morphed into a more advanced variant. Adversaries are known to exfiltrate data before deploying ransomware and then threaten organizations to leak the stolen data if a ransom is not paid. The ransomware samples were originally written in C# […]

Read More