Tracking the Progression of Earth Hundun’s Cyberespionage Campaign in 2024

Credit to Author: Pierre Lee| Date: Thu, 16 May 2024 00:00:00 +0000

This report describes how Waterbear and Deuterbear — two of the tools in Earth Hundun’s arsenal — operate, based on a campaign from 2024.

Read more

Router Roulette: Cybercriminals and Nation-States Sharing Compromised Networks

Credit to Author: Feike Hacquebord| Date: Wed, 01 May 2024 00:00:00 +0000

This blog entry aims to highlight the dangers of internet-facing routers and elaborate on Pawn Storm’s exploitation of EdgeRouters, complementing the FBI’s advisory from February 27, 2024.

Read more

The Fall of LabHost: Law Enforcement Shuts Down Phishing Service Provider

Credit to Author: Trend Micro Research| Date: Thu, 18 Apr 2024 00:00:00 +0000

On April 18, 2024, the UK’s Metropolitan Police Service and others conducted an operation that succeeded in taking down the Phishing-as-a-Service provider LabHost.

Read more

Cyberespionage Group Earth Hundun’s Continuous Refinement of Waterbear and Deuterbear

Credit to Author: Cyris Tseng| Date: Thu, 11 Apr 2024 00:00:00 +0000

Our blog entry provides an in-depth analysis of Earth Hundun’s Waterbear and Deuterbear malware.

Read more

Unveiling the Fallout: Operation Cronos’ Impact on LockBit Following Landmark Disruption

Credit to Author: Christopher Boyton| Date: Wed, 03 Apr 2024 00:00:00 +0000

Our new article provides key highlights and takeaways from Operation Cronos’ disruption of LockBit’s operations, as well as telemetry details on how LockBit actors operated post-disruption.

Read more

Earth Freybug Uses UNAPIMON for Unhooking Critical APIs

Credit to Author: Christopher So| Date: Tue, 02 Apr 2024 00:00:00 +0000

This article provides an in-depth look into two techniques used by Earth Freybug actors: dynamic-link library (DLL) hijacking and application programming interface (API) unhooking to prevent child processes from being monitored via a new malware we’ve discovered and dubbed UNAPIMON.

Read more

TeamCity Vulnerability Exploits Lead to Jasmin Ransomware, Other Malware Types

Credit to Author: Junestherry Dela Cruz| Date: Tue, 19 Mar 2024 00:00:00 +0000

CVE-2024-27198 and CVE-2024-27199 are vulnerabilities within the TeamCity On-Premises platform that can allow attackers to gain administrative control over affected systems.

Read more