Tag: Threat Hunting Content

Kimsuky APT Attack Detection: North Korean Hackers Abuse the TRANSLATEXT Chrome Extension to Steal Sensitive Data
Kimsuky APT Attack Detection: North Korean Hackers Abuse the TRANSLATEXT Chrome Extension to Steal Sensitive Data

The nefarious North Korea-linked threat actor known as Kimsuky APT group uses a novel malicious Google Chrome extension dubbed “TRANSLATEXT” for cyber espionage to illicitly collect sensitive user data. The observed ongoing campaign, which started in the early spring of 2024, is primarily targeting South Korean academic institutions.  Detect Kimsuky Campaign Leveraging TRANSLATEXT Seeing the […]

Read More
CVE-2024-5806 Detection: A New Authentication Bypass Vulnerability in Progress MOVEit Transfer Under Active Exploitation
CVE-2024-5806 Detection: A New Authentication Bypass Vulnerability in Progress MOVEit Transfer Under Active Exploitation

The cyber threat landscape in June is heating up, largely due to the disclosure of new vulnerabilities, such as CVE-2024-4577  and CVE-2024-29849. Researchers have identified a novel critical improper authentication vulnerability in Progress MOVEit Transfer tracked as CVE-2024-5806, which has already been under active exploitation in the wild a couple of hours after its discovery.  […]

Read More
GrimResource Attack Detection: A New Infection Technique Abuses Microsoft Management Console to Gain Full Code Execution
GrimResource Attack Detection: A New Infection Technique Abuses Microsoft Management Console to Gain Full Code Execution

Cybersecurity researchers discovered a new code execution technique that employs specially crafted MSC files and a Windows XSS flaw. The newly uncovered infection technique, dubbed GrimResource, allows attackers to perform code execution in the Microsoft Management Console (MMC). Defenders discovered a sample using GrimResource that was recently uploaded to VirusTotal in early June 2024, indicating […]

Read More
What Is Threat Intelligence?
What Is Threat Intelligence?

At least for two decades, we have been witnessing relentless changes in the threat landscape towards growth and sophistication, with both rough actors and state-sponsored collectives devising sophisticated offensive campaings against organizations globally. In 2024, adversaries, on average, proceed with 11,5 attacks per minute. Simultaneously, it takes 277 days for SecOps teams to detect and […]

Read More
UNC3886: Novel China-Nexus Cyber-Espionage Threat Actor Exploits Fortinet & VMware Zero-Days, Custom Malware for Long-Term Spying
UNC3886: Novel China-Nexus Cyber-Espionage Threat Actor Exploits Fortinet & VMware Zero-Days, Custom Malware for Long-Term Spying

In Q1 2024, Advanced Persistent Threat (APT) groups from China, North Korea, Iran, and russia demonstrated significantly enhanced and innovative offensive capabilities to proceed with sophisticated cyber-espionage campaigns. This surge in activity has posed considerable challenges to the global cybersecurity landscape. Recently, security experts revealed the activity of the China-linked Velvet Ant group infiltrating F5 […]

Read More
Velvet Ant Activity Detection: China-Backed Cyber-Espionage Group Launches a Prolonged Attack Using Malware Deployed on the F5 BIG-IP Devices
Velvet Ant Activity Detection: China-Backed Cyber-Espionage Group Launches a Prolonged Attack Using Malware Deployed on the F5 BIG-IP Devices

The China-linked cyber-espionage group Velvet Ant has been infiltrating F5 BIG-IP devices for about three years, using them as internal C2 servers, deploying malware, and gaining persistence to smartly evade detection and steal sensitive data. Detect Velvet Ant Attacks In Q1 2024, APT groups from various regions, including China, North Korea, Iran, and Russia, demonstrated […]

Read More
TellYouThePass Ransomware Attack Detection: Hackers Exploit CVE-2024-4577 to Install Web Shells and Drop Malware 
TellYouThePass Ransomware Attack Detection: Hackers Exploit CVE-2024-4577 to Install Web Shells and Drop Malware 

The TellYouThePass ransomware operators have been spotted behind a novel adversary campaign leveraging the PHP-CGI vulnerability tracked as CVE-2024-4577. Adversaries weaponize the flaw to upload web shells and distribute TellYouThePass ransomware on compromised instances. Detect TellYouThePass Ransomware Campaign In light of the newly uncovered PHP-CGI bug being swiftly weaponized for in-the-wild attacks, facilitating the distribution […]

Read More
CVE-2024-4577 Detection: A New Easy-to-Exploit PHP Vulnerability Could Lead to RCE
CVE-2024-4577 Detection: A New Easy-to-Exploit PHP Vulnerability Could Lead to RCE

Hot on the heels of the disclosure of CVE-2024-29849 and its PoC release, another security flaw is creating a buzz in the cyber threat landscape. Successful exploitation of CVE-2024-4577, which affects Windows-based PHP servers, could lead to RCE. The security bug is a CGI argument injection vulnerability that impacts all versions of PHP on the […]

Read More
SOC Prime Introduces a Fair Usage Policy
SOC Prime Introduces a Fair Usage Policy

Make the Most of Advanced Threat Detection at No Extra Cost In today’s rapidly evolving cybersecurity landscape, where both rogue actors and well-funded state-sponsored entities continuously devise sophisticated attacks, maintaining relevant and up-to-date detection capabilities is more critical than ever. In Q1 2024, APT groups from various global regions, such as China, North Korea, Iran, […]

Read More
UAC-0020 aka Vermin Attack Detection: SickSync Campaign Using SPECTR Malware and SyncThing Utility to Target the Armed Forces of Ukraine
UAC-0020 aka Vermin Attack Detection: SickSync Campaign Using SPECTR Malware and SyncThing Utility to Target the Armed Forces of Ukraine

The Vermin hacking group, also known as UAC-0020, resurfaces, targeting the Armed Forces of Ukraine. In the latest “SickSync” campaign uncovered by CERT-UA in collaboration with the Cybersecurity Center of the Armed Forces of Ukraine, adversaries once again employ SPECTR malware, which has been part of their adversary toolkit since 2019.  SickSync Campaign Targeting the […]

Read More