The vulnerability management lifecycle is an essential process for defending against the escalating number of cyber threats in our modern digital era. In 2023 alone, over 30,000 new vulnerabilities were spotted, with a 42% increase observed in 2024, underscoring the urgent need for effective coping strategies. As adversaries, including sophisticated state-sponsored groups like APT40, rapidly […]

The post What Is the Vulnerability Management Lifecycle? appeared first on SOC Prime.

Cybersecurity researchers have recently observed a new cyber attack on a Latin American airline leveraging Akira ransomware. The attackers took advantage of SSH protocol for initial access and maintained reconnaissance and persistence by utilizing legitimate tools and Living off-the-Land Binaries and Scripts (LOLBAS). Notably, before deploying ransomware, hackers managed to successfully exfiltrate critical data.  Detecting […]

The post Akira Ransomware Group Is on the Rise: Hackers Target the Airline Industry in LATAM appeared first on SOC Prime.

Leveraging public email services along with corporate email accounts is a common practice among government employees, military personnel, and the staff of other Ukrainian enterprises and organizations. However, adversaries might abuse these services to launch phishing attacks. Defenders have recently uncovered a new offensive activity aimed at stealing user authentication data by luring victims into […]

The post UAC-0102 Phishing Attack Detection: Hackers Steal Authentication Data Impersonating the UKR.NET Web Service appeared first on SOC Prime.

Defenders have observed a sudden surge in the adversary activity of the UAC-0057 hacking group targeting Ukrainian local government agencies. Attackers distribute malicious files containing macros aimed at launching PICASSOLOADER on the targeted computers, which leads to the delivery of Cobalt Strike Beacon.  Detect UAC-0057 Activity Covered in the CERT-UA#10340 Alert Since the full-scale war […]

The post UAC-0057 Attack Detection: A Surge in Adversary Activity Distributing PICASSOLOADER and Cobalt Strike Beacon appeared first on SOC Prime.

Since the outbreak of the full-scale war in Ukraine, cyber defenders have identified the growing volumes of cyber-espionage campaigns aimed at collecting intelligence from the Ukrainian state bodies. Further, the same tactics, techniques, and procedures are applied to target broader geography, including North America, Europe, and Asia. Precisely, in May 2023, the UAC-0063 group launched […]

The post UAC-0063 Attack Detection: Hackers Target Ukrainian Research Institutions Using HATVIBE, CHERRYSPY, and CVE-2024-23692  appeared first on SOC Prime.

According to Accenture research, around 97% organizations experienced a surge in cyber threats since the onset of the russia-Ukraine war in 2022, highlighting the significant impact of geopolitical tensions on global businesses. State-sponsored hacking groups have been using Ukraine as a testing ground, broadening their attack strategies to target European and North American regions. For […]

The post UAC-0180 Targets Defense Contractors in Ukraine Using GLUEEGG, DROPCLUE, and ATERA appeared first on SOC Prime.

Detection Content Submission & Release In June, SOC Prime’s Threat Bounty Program members started using Uncoder AI to create, validate, and submit rules for review before the release on the SOC Prime Platform. We are happy to provide authors with the tool that assists them in creating high-quality detection rules for Threat Bounty and supports […]

The post SOC Prime Threat Bounty Digest — June 2024 Results appeared first on SOC Prime.

Following Microsoft’s recent Patch Tuesday update, which addressed the CVE-2024-38112 vulnerability, researchers uncovered a sophisticated campaign by the Void Banshee APT. This campaign exploits a security gap in the Microsoft MHTML browser engine through zero-day attacks to deploy the Atlantida stealer on victims’ devices. Detecting CVE-2024-38113 Exploitation by Void Banshee In the first half of […]

The post Detect CVE-2024-38112 Exploitation by Void Banshee APT in Zero-Day Attacks Targeting Windows Users appeared first on SOC Prime.

Defenders have been observing a DarkGate malware campaign in which adversaries have taken advantage of Microsoft Excel files to spread malicious samples from publicly accessible SMB file shares. DarkGate represents a highly adaptable malicious strain, potentially stepping into the gap left by the dismantling of the notorious QakBot in late summer 2023. Detect DarkGate Malware  […]

The post DarkGate Malware Detection: Adversaries Exploit Microsoft Excel Files to Spread a Harmful Software Package appeared first on SOC Prime.

Today, we want to tell you the story of Kyaw Pyiyt Htet, the content author who has been with the Threat Bounty Program for almost four years. We introduced Kyaw Pyiyt Htet on our blog and mentioned some information about his personal and professional background.  It is exciting to hear from Kyaw Pyiyt Htet now […]

The post Threat Bounty Success Story: Kyaw Pyiyt Htet appeared first on SOC Prime.