Tag: Threat Hunting Content

Detect Privilege Escalation in Windows Domain Environments

Cybersecurity researchers have revealed a security hole in the Microsoft’s Windows Active Directory (AD) allowing active users to add machines to the domain even without Admin privileges, which exposes to the machine to risk of privilege escalation attacks. According to the default settings, an AD user can add up to ten workstations to the domain.  […]

Read More
GraphSteel and GrimPlant Malware Detection 1
Detect GraphSteel and GrimPlant Malware Delivered by UAC-0056 Group: CERT-UA Warns of Phishing Attacks Related to COVID-19

On April 26, 2022, cybersecurity researchers reported about an ongoing phishing cyber-attack on Ukraine spreading GraphSteel and GrimPlant malware strains according to the latest CERT-UA warning. The malicious activity is attributed to the behavior patterns of the hacking collective tracked as UAC-0056, a nefarious cyber espionage group also dubbed SaintBear, UNC258, or TA471. The targeted […]

Read More
Lazarus APT Armed With TraderTraitor Malware
TraderTraitor Malware Detection: CISA, FBI, and U.S. Treasury Department Warn of Cyber-Attacks by Lazarus APT

Lazarus APT has become a frequent guest of our blog posts. According to the recent security reports, North Korean State-Sponsored APT acts quickly, jeopardizing financial and critical infrastructures, blockchain technology-oriented companies, and the cryptocurrency sector. The U.S. government organizations released details about malware-laced cryptocurrency applications under the umbrella term “TraderTraitor”, distributed via a phishing campaign […]

Read More
Novel Inno Stealer Malware
Inno Stealer Detection: New Infostealer Disguised as OS Update

Hackers have infiltrated Google search results, driving traffic to a bogus website mimicking legitimate Microsoft pages with Windows OS updates. To be more precise, adversaries are using the “windows11-upgrade11[.]com” domain to host and spread information stealer malware disguised as a Windows 11 updates pack. Tricked users download fake updates, in reality getting an ISO file […]

Read More
Cobalt Strike Beacon Malware Spread Via Targeted Phishing Emails Related to Azovstal: Cyber-Attack on Ukrainian Government Entities

On April 18, 2022, CERT-UA issued an alert warning of ongoing cyber-attacks targeting Ukrainian state bodies. According to the research, government officials were exposed to targeted phishing attacks using emails related to Azovstal that contained malicious attachments spreading Cobalt Strike Beacon malware. The detected activity reflects the behavior patterns associated with the hacking collective tracked […]

Read More
INCONTROLLER & PIPEDREAM
Pipedream/INCONTROLLER Detection: New Attack Framework and Tools Target Industrial Control Systems

The US governmental agencies – CISA, FBI, NSA, and the Energy Department – along with several corporate teams of cybersecurity researchers have sounded the alarm about nationwide threats to industrial control systems (ICS). According to the security investigators, APT actors leverage a destructive toolset to take over targeted machines upon establishing initial access to the […]

Read More
Threat Bounty Program March
SOC Prime Threat Bounty — March 2022 Results

During the previous month, the attention and experience of the cybersecurity experts were especially required to help the industry withstand emerging devastating threats. Devoted members of the Threat Bounty community provided detections to protect against such threats as HermeticWiper, the FoxBlade malware, the attack of APT41 against the U.S. state government networks, exploitations of the […]

Read More
CVE-2022-29072
CVE-2022-29072 Detection: Flaw in 7-Zip Grants Hackers Excessive Permissions

The 7-Zip file archiver versions of 21.07 have a serious security weak point. 7-Zip is one of the most in-demand tools to compress and package files with a wide array of supported formats including 7z, ZIP, GZIP, BZIP2, and TAR. The vulnerability tracked as CVE-2022-29072 grants adversaries elevated access and command execution when a file […]

Read More
Novel Parrot TDS
Parrot Traffic Direction System (TDS) Attacks

A novel Traffic Direction System (TDS), dubbed Parrot TDS, takes advantage of a network of hacked servers that host websites to route victims that fit the required profile to domains used to run scamming schemes or distribute malware. According to the current data, the number of compromised websites has reached 16,500 and counting. Adversaries primarily […]

Read More
China-Linked Hackers Armed With Tarrask Malware
Tarrask Malware Detection: Defense Evasion Tool to Abuse Scheduled Tasks

China-backed collective tagged Hafnium (sometimes referred to as APT) has been spotted launching attacks on devices running Windows. The tool they used to generate “hidden” scheduled tasks and establish persistence within Windows instances under attack is dubbed Tarrask malware. Experts report about Internet and data providers being attacked extensively, within the most active attack time […]

Read More