Router Roulette: Cybercriminals and Nation-States Sharing Compromised Networks
This shows that securing internet facing routers remains highly important. The last section of this entry provides a guide for...
Trend Micro Research : APT & Targeted Attacks
How Red Team Exercises Increases Your Cyber Health
Last year, we shared information on the differences between red team exercises and how organizations may get benefits from each...
Cyberespionage Group Earth Hundun’s Continuous Refinement of Waterbear and Deuterbear
Earth Hundun is a cyberespionage-motivated threat actor that has been active for several years in the Asia-Pacific region, targeting the...
Earth Freybug Uses UNAPIMON for Unhooking Critical APIs
First cc.bat for reconnaissance Once the scheduled task is triggered, a previously deployed batch file, %System%cc.bat, is executed in the...
Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks
Government organizations seem to be Earth Krahang’s primary targets. As an example, in the case of one country, we found...
Unveiling Earth Kapre aka RedCurl’s Cyberespionage Tactics With Trend Micro MDR, Threat Intelligence
After examining the events around the time the file was created, we discovered that the threat actor executed the following...
Threat Actor Groups, Including Black Basta, are Exploiting Recent ScreenConnect Vulnerabilities
Threat actors exploiting other remote management tools We also saw threat actors deploying different remote management tools, such as another...
Earth Lusca Uses Geopolitical Lure to Target Taiwan Before Elections
The folder also contained an LNK file and a __MACOS folder with payload, this time timestamped Dec. 22, 2023. Similar...
Earth Preta Campaign Uses DOPLUGS to Target Asia
All the files under these folders will be copied to {USB_volume}:Usb Disk: {USB_volume}: {USB_volume}:Kaspersky {USB_volume}:KasperskyUsb Drive {USB_volume}:Usb Drive3.0 {USB_volume}:KasperskyRemovable Disk...
Pawn Storm Uses Brute Force and Stealth Against High-Value Targets
Introduction Pawn Storm (also known as APT28 and Forest Blizzard) is an advanced persistent threat (APT) actor that shows incessant...
Void Rabisu Targets Female Political Leaders with New Slimmed-Down ROMCOM Variant
Almost a year after Void Rabisu shifted its targeting from opportunistic ransomware attacks with an emphasis on cyberespionage, the threat...
DarkGate Opens Organizations for Attack via Skype, Teams
Conclusion and recommendations In this case study, the attack was detected and contained before the actor could achieve their objectives....
APT34 Deploys Phishing Attack With New Malware
We analyzed a new malware, which we attribute to the APT34 advanced persistent threat (APT) group, that was involved in...
Examining the Activities of the Turla APT Group
Techniques: While the previous Turla campaigns were designed to target Windows-based machines, the campaign in August 2014 was the first...
Attacks on 5G Infrastructure From Users’ Devices
As intended, the base station will tunnel this packet inside its GTP-U tunnel and send to the UPF. This results...
