Since early spring 2024, the notorious North Korea-linked hacking collective tracked as Kimsuky APT has been launching a targeted campaign against South Korean academic institutions. Defenders have also unveiled the group’s offensive operations, which actively target Japanese organizations. The ongoing adversary campaign relies on a phishing attack vector, with hackers leveraging targeted emails that disguise […]

The post Kimsuky APT Campaign Detection Targeting Japanese Organizations  appeared first on SOC Prime.

The latest advisory issued by law enforcement agencies within Australia, the U.S., Canada, Germany, the U.K., New Zealand, South Korea, and Japan, warns of the growing threat posed by APT40 operated on behalf of Beijing’s Ministry of State Security (MSS). Specifically, the advisory details the activities of the People’s Republic of China state-sponsored group able […]

The post APT40 Attacks Detection: People’s Republic of China State-Sponsored Hackers Rapidly Exploit Newly Revealed Vulnerabilities for Cyber-Espionage appeared first on SOC Prime.

New ransomware maintainers have rapidly emerged in the cyber threat arena, employing innovative locker malware and a variety of detection evasion tactics. The ransomware gang dubbed “Volcano Demon” leverages novel LukaLocker malware and demands ransom payment via phone calls to IT executives and decision-makers. Detect Volcano Demon Ransomware Attacks Ransomware remains one of the top […]

The post Volcano Demon Ransomware Attack Detection: Adversaries Apply a New LukaLocker Malware Demanding Ransom via Phone Calls appeared first on SOC Prime.

The nefarious North Korea-linked threat actor known as Kimsuky APT group uses a novel malicious Google Chrome extension dubbed “TRANSLATEXT” for cyber espionage to illicitly collect sensitive user data. The observed ongoing campaign, which started in the early spring of 2024, is primarily targeting South Korean academic institutions.  Detect Kimsuky Campaign Leveraging TRANSLATEXT Seeing the […]

The post Kimsuky APT Attack Detection: North Korean Hackers Abuse the TRANSLATEXT Chrome Extension to Steal Sensitive Data appeared first on SOC Prime.

The cyber threat landscape in June is heating up, largely due to the disclosure of new vulnerabilities, such as CVE-2024-4577  and CVE-2024-29849. Researchers have identified a novel critical improper authentication vulnerability in Progress MOVEit Transfer tracked as CVE-2024-5806, which has already been under active exploitation in the wild a couple of hours after its discovery.  […]

The post CVE-2024-5806 Detection: A New Authentication Bypass Vulnerability in Progress MOVEit Transfer Under Active Exploitation appeared first on SOC Prime.

Cybersecurity researchers discovered a new code execution technique that employs specially crafted MSC files and a Windows XSS flaw. The newly uncovered infection technique, dubbed GrimResource, allows attackers to perform code execution in the Microsoft Management Console (MMC). Defenders discovered a sample using GrimResource that was recently uploaded to VirusTotal in early June 2024, indicating […]

The post GrimResource Attack Detection: A New Infection Technique Abuses Microsoft Management Console to Gain Full Code Execution appeared first on SOC Prime.

At least for two decades, we have been witnessing relentless changes in the threat landscape towards growth and sophistication, with both rough actors and state-sponsored collectives devising sophisticated offensive campaings against organizations globally. In 2024, adversaries, on average, proceed with 11,5 attacks per minute. Simultaneously, it takes 277 days for SecOps teams to detect and […]

The post What Is Threat Intelligence? appeared first on SOC Prime.

In Q1 2024, Advanced Persistent Threat (APT) groups from China, North Korea, Iran, and russia demonstrated significantly enhanced and innovative offensive capabilities to proceed with sophisticated cyber-espionage campaigns. This surge in activity has posed considerable challenges to the global cybersecurity landscape. Recently, security experts revealed the activity of the China-linked Velvet Ant group infiltrating F5 […]

The post UNC3886: Novel China-Nexus Cyber-Espionage Threat Actor Exploits Fortinet & VMware Zero-Days, Custom Malware for Long-Term Spying appeared first on SOC Prime.

The China-linked cyber-espionage group Velvet Ant has been infiltrating F5 BIG-IP devices for about three years, using them as internal C2 servers, deploying malware, and gaining persistence to smartly evade detection and steal sensitive data. Detect Velvet Ant Attacks In Q1 2024, APT groups from various regions, including China, North Korea, Iran, and Russia, demonstrated […]

The post Velvet Ant Activity Detection: China-Backed Cyber-Espionage Group Launches a Prolonged Attack Using Malware Deployed on the F5 BIG-IP Devices appeared first on SOC Prime.

How Crowdsourcing Shapes Future Cyber Defense Strategies Crowdsourcing is one of the key pillars for building advanced cyber defense capable of addressing the new challenges of the modern threat landscape. With over 30K new vulnerabilities being discovered solely in 2023 and cyber attacks occurring every minute, standalone teams can hardly cope with the avalanche of […]

The post The New Era of Threat Bounty Program appeared first on SOC Prime.