Router Roulette: Cybercriminals and Nation-States Sharing Compromised Networks
This shows that securing internet facing routers remains highly important. The last section of this entry provides a guide for...
Trend Micro Research : Research
NCSC Says Newer Threats Need Network Defense Strategy
The adage to 'trust but verify' has morphed into a more ominous refrain for IT professionals and network administrators—'distrust until...
The Fall of LabHost: Law Enforcement Shuts Down Phishing Service Provider
Figure 3 shows an example of a fairly typical attack flow for an SMS-based phishing attack from LabHost, based on...
Cyberespionage Group Earth Hundun’s Continuous Refinement of Waterbear and Deuterbear
Earth Hundun is a cyberespionage-motivated threat actor that has been active for several years in the Asia-Pacific region, targeting the...
Unveiling the Fallout: Operation Cronos’ Impact on LockBit Following Landmark Disruption
The first 72 hours after LockBit’s disruption In the days following the disruption, the topic was still being widely discussed...
Earth Freybug Uses UNAPIMON for Unhooking Critical APIs
First cc.bat for reconnaissance Once the scheduled task is triggered, a previously deployed batch file, %System%cc.bat, is executed in the...
Agenda Ransomware Propagates to vCenters and ESXi via Custom PowerShell Script
Some drivers we have observed being leveraged by the Agenda ransomware is YDark, a publicly available tool designed for kernel...
TeamCity Vulnerability Exploits Lead to Jasmin Ransomware, Other Malware Types
Executing domain discovery and persistence commands Aside from malware deployment, we have also seen several attempts to discover network infrastructure...
Jenkins Args4j CVE-2024-23897: Files Exposed, Code at Risk
Jenkins Args4j CVE-2024-23897 Files Exposed Code at Risk | Trend Micro (US) Content has been added to your Folio Go...
Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks
Government organizations seem to be Earth Krahang’s primary targets. As an example, in the case of one country, we found...
Unveiling Earth Kapre aka RedCurl’s Cyberespionage Tactics With Trend Micro MDR, Threat Intelligence
After examining the events around the time the file was created, we discovered that the threat actor executed the following...
Multistage RA World Ransomware Uses Anti-AV Tactics, Exploits GPO
Multistage RA World Ransomware Uses Anti-AV Tactics, Exploits GPO Content has been added to your Folio Go to Folio (0)...
Earth Lusca Uses Geopolitical Lure to Target Taiwan Before Elections
The folder also contained an LNK file and a __MACOS folder with payload, this time timestamped Dec. 22, 2023. Similar...
Earth Preta Campaign Uses DOPLUGS to Target Asia
All the files under these folders will be copied to {USB_volume}:Usb Disk: {USB_volume}: {USB_volume}:Kaspersky {USB_volume}:KasperskyUsb Drive {USB_volume}:Usb Drive3.0 {USB_volume}:KasperskyRemovable Disk...
SmartScreen Vulnerability: CVE-2024-21412 Facts and Fixes
On Feb. 13, 2024, Microsoft issued a patch for CVE-2024-21412, a Microsoft Defender SmartScreen zero-day vulnerability revolving around internet shortcuts....
