APT34 Deploys Phishing Attack With New Malware

Credit to Author: Mohamed Fahmy| Date: Fri, 29 Sep 2023 00:00:00 +0000

We observed and tracked the advanced persistent threat (APT) APT34 group with a new malware variant accompanying a phishing attack comparatively similar to the SideTwist backdoor malware. Following the campaign, the group abused a fake license registration form of an African government agency to target a victim in Saudi Arabia.

Read more

Examining the Activities of the Turla APT Group

Credit to Author: Srivathsa Sharma| Date: Fri, 22 Sep 2023 00:00:00 +0000

We examine the campaigns of the cyberespionage group known as Turla over the years, with a special focus on the key MITRE techniques and the corresponding IDs associated with the threat actor group.

Read more

Decoding Turla: Trend Micro’s MITRE Performance

Credit to Author: Shannon Murphy| Date: Thu, 21 Sep 2023 00:00:00 +0000

This year, the MITRE Engenuity ATT&CK evaluation tested cybersecurity vendors against simulated attack scenarios mimicking the adversary group “Turla.” Learn about Trend Micro’s 100% successful protection performance.

Read more

Cybercriminals Exploit the Moroccan Tragedy in New Scam Campaign

Credit to Author: Cedric Pernet| Date: Thu, 21 Sep 2023 00:00:00 +0000

This blog entry details a scheme that exploits the recent Morocco earthquake by impersonating the domain name of a well-known humanitarian organization for financial fraud.

Read more

Analyzing a Facebook Profile Stealer Written in Node.js

Credit to Author: Jaromir Horejsi| Date: Tue, 05 Sep 2023 00:00:00 +0000

We analyze an information stealer written in Node.js, packaged into an executable, exfiltrated stolen data via both Telegram bot API and a C&C server, and employed GraphQL as a channel for C&C communication.

Read more

Revisiting 16shop Phishing Kit, Trend-Interpol Partnership

Credit to Author: Paul Pajares| Date: Fri, 01 Sep 2023 00:00:00 +0000

In this entry, we summarize the security analyses and investigations done on phishing-as-a-service 16shop through the years. We also outline the partnership between Trend Micro and Interpol in taking down the main administrators and servers of this massive phishing campaign.

Read more

Earth Estries Targets Government, Tech for Cyberespionage

Credit to Author: Ted Lee| Date: Wed, 30 Aug 2023 00:00:00 +0000

We break down a new cyberespionage campaign deployed by a cybercriminal group we named Earth Estries. Analyzing the tactics, techniques, and procedures (TTPs) employed, we observed overlaps with the advanced persistent threat (APT) group FamousSparrow as Earth Estries targets governments and organizations in the technology sector.

Read more

Monti Ransomware Unleashes a New Encryptor for Linux

Credit to Author: Nathaniel Morales| Date: Mon, 14 Aug 2023 00:00:00 +0000

The Monti ransomware collective has restarted their operations, focusing on institutions in the legal and governmental fields. Simultaneously, a new variant of Monti, based on the Linux platform, has surfaced, demonstrating notable differences from its previous Linux-based versions.

Read more