Threat Bounty Publications In March 2024, 40 threat detection rules were successfully published to SOC Prime’s Platform via the Threat Bounty Program after the review of our Content Team. Although we observe an overall improvement in the quality of submissions, there are also some typical misconceptions that can be recognized in the approaches to content […]

The post SOC Prime Threat Bounty Digest — March 2024 Results appeared first on SOC Prime.

The state-sponsored russia-linked Gamaredon (aka Hive0051, UAC-0010, Armageddon APT) hacking collective comes to the spotlight launching a new wave of cyber attacks. Adversaries have been observed leveraging new iterations of Gamma malware, adopting DNS Fluxing to drop the malicious strains and leading to 1,000+ infections per day. The infection chain displays a novel, aggressive, multi-layered […]

The post russian state-sponsored Hive0051 (aka UAC-0010, Gamaredon) Attack Detection: Adversaries Apply an Aggressive Infection Approach Leveraging Three Malware Branches appeared first on SOC Prime.

Cybersecurity researchers have unveiled a novel sophisticated multi-stage attack, in which adversaries take advantage of the ScrubCrypt anti-malware evasion tool to drop VenomRAT along with multiple harmful plugins, including nefarious Remcos, XWorm, NanoCore RAT, and other malicious strains. Detect VenomRAT Deployed via ScrubCrypt  With cyber-attacks proliferating and employing increasingly sophisticated intrusion methods, cyber defenders require […]

The post VenomRAT Detection: A New Multi-Stage Attack Using ScrubCrypt to Deploy the Final Payload with Malicious Plugins appeared first on SOC Prime.

As it was announced earlier, SOC Prime introduced digital badge recognition for Threat Bounty members.  As the first stage of the initiative, the badges were issued to Threat Bounty Program members who demonstrated outstanding results in the number of publications and whose Threat Bounty detection rules, categorized according to parameters mentioned further in this article, […]

The post Recognition Badges for Threat Bounty Members appeared first on SOC Prime.

Cybersecurity experts remain vigilant amidst an ongoing supply chain attack that has cast a shadow over the most widely-used Linux distributions. With its scale and sophistication reminiscent of infamous incidents like Log4j and SolarWinds, this new threat emanates from a backdoored XZ Utils (formerly LZMA Utils)—an essential data compression utility found in virtually all major […]

The post CVE-2024-3094 Analysis: Multi-layer Supply Chain Attack Using XZ Utils Backdoor Impacts Major Linux Distributions appeared first on SOC Prime.

Security researchers warn of a critical privilege escalation vulnerability in multiple macOS versions that enables unauthorized users, including those with guest rights, to gain full root access to the affected instance. Detect CVE-2023-42931 Exploitation Attempts With an exponential rise in attack volumes and sophistication, the threat landscape of 2024 is assumed to be even more […]

The post CVE-2023-42931 Detection: Critical macOS Vulnerability Enabling Easy Privilege Escalation and Root Access appeared first on SOC Prime.

Hackers employ diverse TTPs in a multi-stage software supply-chain campaign going after GitHub users, including members of the widely recognized Top.gg community, with over 170,000+ users falling prey to the offensive operations. Adversaries took advantage of a fake Python infrastructure, causing the full compromise of GitHub accounts, the publication of harmful Python packs, and the […]

The post New Supply Chain Attack Detection: Hackers Apply Multiple Tactics to Target GitHub Developers Using a Fake Python Infrastructure appeared first on SOC Prime.

Hard on the heels of the DEEP#GOSU offensive campaign associated with the North Korean hacking collective Kimsuky APT, the group comes to the spotlight once again by shifting their adversary TTPs. Defenders have recently observed Kimsuky’s use of Microsoft Compiled HTML Help (CHM) files to spread malware and collect sensitive data from impacted instances. Detect […]

The post Kimsuky APT New Campaign Detection: North Korean Hackers Leverage Microsoft Compiled HTML Help Files in Ongoing Cyber Attacks appeared first on SOC Prime.

The nefarious cyber-espionage North Korean Kimsuky APT group has been in the limelight in the cyber threatscape since at least 2012. A new multi-stage Kimsuky-affiliated offensive campaign tracked as DEEP#GOSU hits the headlines, posing threats to Windows users and leveraging PowerShell and VBScript malware to infect targeted systems.  Detect DEEP#GOSU Attack Campaign Last year has […]

The post DEEP#GOSU Attack Campaign Detection: North Korean Kimsuky APT Is Likely Behind Attacks Using PowerShell and VBScript Malware appeared first on SOC Prime.

Ransomware remains a top threat to organizations globally, with a constant surge in the volume and sophistication of attacks. Among key players in the ransomware arena, the ALPHA SPIDER group stands out by taking credit for a series of recent high-profile attacks targeting the U.S. healthcare payment software processor Change and MGM gaming industry giant. […]

The post Detect ALPHA SPIDER Ransomware Attacks: TTPs Leveraged by ALPHV aka BlackCat RaaS Operators appeared first on SOC Prime.