Right after the joint advisory by FBI, CISA, and partners warning of a significant shift in the RansomHub RaaS group activity, security researchers have spotted the novel trick by adversaries misusing Kaspersky’s legitimate TDSSKiller software to disable Endpoint Detection and Response (EDR) systems. Once they’ve bypassed defenses, attackers turn to the LaZagne tool, siphoning login […]

The post RansomHub Ransomware Detection: Attackers Exploits Kaspersky’s TDSSKiller to Disable EDR Systems appeared first on SOC Prime.

Detection Content Creation, Submission & Release August 2024 was challenging for the global cyber community, but it was also full of opportunities for SOC Prime’s Threat Bounty members to gain personal recognition and cash for their contributions. During August, 22 detections were successfully released to the SOC Prime Platform, and twice as many detections were […]

The post SOC Prime Threat Bounty Digest — August 2024 Results appeared first on SOC Prime.

Ransomware continues to be a leading global threat to organizations, with attacks becoming more frequent and increasingly sophisticated. Recently, a new Ransomware-as-a-Service (RaaS) group, Repellent Scorpius, has emerged, intensifying the challenge for cyber defenders. This novel actor drives the distribution of the Cicada3301 ransomware, employing a double-extortion tactic to maximize profits while expanding their affiliate […]

The post Repellent Scorpius: Novel RaaS Group Actively Distributes Cicada3301 Ransomware Variant appeared first on SOC Prime.

Notorious russia-affiliated hacking groups are posing daunting challenges to defensive forces, continuously upgrading their adversary TTPs and enhancing detection evasion techniques. Following the full-fledged war outbreak in Ukraine, russia-backed APT collectives are especially active while using the conflict as a testing ground for new malicious approaches. Further, proven methods are leveraged against major targets of […]

The post Unit 29155 Attacks Detection: russia-Affiliated Military Intelligence Division Targets Critical Infrastructure Globally appeared first on SOC Prime.

The latest stats highlight that in 2023, adversaries deployed an average of 200,454 unique malware scripts per day, equating to roughly 1.5 new samples per minute. To proceed with successful malware attacks, threat actors are juggling with different malicious methods in an attempt to overcome security protections. The latest malicious campaign in the spotlight spoofs […]

The post Detect WikiLoader Attacks: Adversaries Leverage Fake GlobalProtect VPN Software to Deliver a New Malware Variant via SEO Poisoning appeared first on SOC Prime.

Hot on the heels of the joint cybersecurity advisory warning defenders of the Iran-backed Pioneer Kitten’s collaboration with multiple ransomware groups, another spike in ransomware activity is causing a stir in the cyber threat landscape. The FBI, CISA, and partners recently issued a joint alert covering the increased offensive activity of the RansomHub RaaS operators, […]

The post RansomHub Detection: The FBI, CISA, and Partners Warn Against a Growing RaaS Variant Targeting Critical Infrastructure Organizations appeared first on SOC Prime.

On August 28, 2024, a joint advisory was released by the FBI, the Department of Defense, and CISA, alerting cybersecurity professionals about a surge in operations by Iran-linked adversaries. These actors are increasingly collaborating with ransomware gangs to target education, finance, healthcare, state bodies, and defense industry sectors. Known as Pioneer Kitten, state-sponsored hacking collective […]

The post Pioneer Kitten Attack Detection: CISA, DC3, and FBI Warn of Iranian State-Sponsored Actors Collaborating With Ransomware Gangs to Target U.S. and Middle East appeared first on SOC Prime.

New day, new malware causing menace for cyber defenders. Hot on the heels of the novel MoonPeak Trojan, security experts have uncovered yet another malicious sample actively used in the ongoing attacks. Dubbed PEAKLIGHT, the novel memory-only threat applies a sophisticated, multi-stage attack chain to infect Windows instances with a variety of infostealers and loaders. […]

The post PEAKLIGHT Malware Detection: New Stealthy Downloader Leveraged in Attacks Against Windows Systems appeared first on SOC Prime.

In the first half of 2024, North Korea-affiliated adversaries have significantly ramped up their activities, broadening both their malicious toolsets and range of targets. Security experts have observed a notable uptick in supply-chain attacks and trojanized software installers, underscoring a growing trend among North Korean state-sponsored groups. Recently, security professionals discovered a brand new malware […]

The post MoonPeak Trojan Detection: North Korean Hackers Deploy Novel RAT During Their Latest Malicious Campaign appeared first on SOC Prime.

The Vermin hacking collective, also tracked as UAC-0020, resurfaces, targeting Ukraine using a novel offensive tool dubbed FIRMACHAGENT. In the latest attack, adversaries leverage the phishing attack vector to spread emails with the lure subject related to the prisoners of war at the Kursk front.  UAC-0020 aka Vermin Attack Analysis Using FIRMACHAGENT  On August 19, 2024, […]

The post UAC-0020 (Vermin) Activity Detection: A New Phishing Attack Abusing the Topic of Prisoners of War at the Kursk Front and Using FIRMACHAGENT Malware appeared first on SOC Prime.