Just slightly over a week after the UAC-0050 group’s attack against Ukraine leveraging Remcos RAT, Quasar RAT, and Remote Utilities, adversaries reemerge in the cyber threat arena. CERT-UA has recently notified defenders of the ongoing group’s campaign involving mass email distribution and masquerading the senders as State Service of Special Communications and Information Protection of […]

The post UAC-0050 Activity Detection: Hackers Impersonate SSSCIP and State Emergency Service of Ukraine Using Remote Utilities appeared first on SOC Prime.

This time security researchers report a malicious campaign leveraging a now-patched Windows SmartScreen flaw (CVE-2023-36025) to drop the Phemedrone payload. Phemedrone is an open-source information stealer capable of siphoning data from crypto wallets, chatting apps, popular software, and more. Detect Phemedrom Stealer  With over 1 billion malware samples circulating in the cyber domain, security professionals […]

The post Phemedrone Stealer Detection: Threat Actors Exploit CVE-2023-36025 Vulnerability in Windows SmartScreen to Deploy Malware appeared first on SOC Prime.

Critical zero-day vulnerabilities impacting external-facing systems pose severe threats to multiple organizations that rely on them, exposing them to risks of RCE and system compromise, just like the active exploitation of the FortiOS SSL-VPN flaw caused havoc in January 2023. Recently, Chinese state-sponsored hacking groups have been observed exploiting two zero-day vulnerabilities tracked as CVE-2023-46805 […]

The post CVE-2023-46805 and CVE-2024-21887 Detection: Chinese Threat Actors Exploit Zero-Day Vulnerabilities in Invanti Connect Secure and Policy Secure Instances appeared first on SOC Prime.

At the end of 2023, the nefarious UAC-0050 group loomed in the cyber threat arena, targeting Ukraine using Remcos RAT, a common malware from the group’s offensive toolkit. In the first decade of January 2024, UAC-0050 reemerges to strike again, exploiting Remcos RAT, Quasar RAT, and Remote Utilities.  UAC-0050 Offensive Activity Overview Based on the […]

The post UAC-0050 Attack Detection: Hackers Are Armed with Remcos RAT, Quasar RAT, and Remote Utilities to Target Ukraine Once Again appeared first on SOC Prime.

Recent cybersec reports unveil a series of attacks in which hackers take advantage of YouTube channels to spread the Lumma malware variant. Lumma malicious strain designed for stealing sensitive data has been in the limelight since 2022, actively promoted by adversaries on hacking websites and continuously undergoing multiple updates and enhancements.  This blog article gains […]

The post Lumma Stealer Malware Detection: Hackers Abuse YouTube Channels to Spread a Malware Variant appeared first on SOC Prime.

Hard on the heels of the phishing campaign against Ukraine spreading Remcos RAT, another offensive operation relying on a similar adversary toolkit comes to the scene. At the end of December 2023, Trendmicro researchers reported CERT-UA about suspicious military-related files sent through a series of new phishing attacks against Ukraine. The uncovered malicious activity aimed […]

The post UAC-0184 Attack Detection: Targeted Phishing Attacks Against the Armed Forces of Ukraine Using Remcos RAT and Reverse SSH appeared first on SOC Prime.

Throughout the second half of December 2023, cybersecurity researchers uncovered a series of phishing attacks against Ukrainian government agencies and Polish organizations attributed to the infamous russian nation-backed APT28 hacking collective. CERT-UA has recently issued a heads-up covering the in-depth overview of the latest APT28 attacks, from the initial compromise to posing a threat to […]

The post APT28 Adversary Activity Detection: New Phishing Attacks Targeting Ukrainian and Polish Organizations appeared first on SOC Prime.

Cybersecurity analysts are observing a substantial increase in malicious activities targeting Ukraine’s public and private sectors, where attackers often resort to phishing vectors as their primary strategy for initiating intrusions. CERT-UA notifies cyber defenders of ongoing attacks against Ukrainian organizations leveraging Kyivstar and the Security Service of Ukraine phishing lures. The infamous UAC-0050 group aims […]

The post New Phishing Campaign by UAC-0050: Kyivstar & Security Service of Ukraine Baits to Deliver Remcos RAT appeared first on SOC Prime.

At the end of November 2023, leading U.S. cybersecurity agencies, in collaboration with international partners, issued an alert covering LockBit 3.0 ransomware attacks as part of their #StopRansomware effort aimed at boosting cybersecurity awareness. Recently, another joint Cybersecurity Advisory came out aimed at notifying defenders of the ongoing attacks by the Play ransomware group. In […]

The post Play Ransomware Detection: Ongoing Ransomware Attacks Against Businesses and Critical Infrastructure in the U.S., South America, and Europe appeared first on SOC Prime.

Threat Bounty Content We continue aligning the efforts with Threat Bounty Program members in enriching the SOC Prime Platform with actionable detection content for behavior detection rules. In today’s rapidly changing threat landscape, security professionals leveraging the SOC Prime Platform to defend their corporate environments rely upon SIEM content that is capable of detecting behavioral […]

The post SOC Prime Threat Bounty Digest — November 2023 Results appeared first on SOC Prime.