trend micro research : apt & targeted attacks

Behind the Great Wall: Void Arachne Targets Chinese-Speaking Users With the Winos 4.0 C&C Framework

Credit to Author: Peter Girnus| Date: Wed, 19 Jun 2024 00:00:00 +0000

We recently discovered a new threat actor group that we dubbed Void Arachne. This group targets Chinese-speaking users with malicious Windows Installer (MSI) files in a recent campaign. These MSI files contain legitimate software installer files for AI software and other popular software but are bundled with malicious Winos payloads.

Security TrendMicro

Decoding Water Sigbin’s Latest Obfuscation Tricks

May 29, 2024 admin trend micro research : apt & targeted attacks, trend micro research : articles, news, reports, trend micro research : cloud, trend micro research : endpoints, trend micro research : exploits & vulnerabilities, trend micro research : reports, trend micro research : research

Credit to Author: Sunil Bharti| Date: Thu, 30 May 2024 00:00:00 +0000

Water Sigbin (aka the 8220 Gang) exploited the Oracle WebLogic vulnerabilities CVE-2017-3506 and CVE-2023-21839 to deploy a cryptocurrency miner using a PowerShell script. The threat actor also adopted new techniques to conceal its activities, making attacks harder to defend against.

Security TrendMicro

Tracking the Progression of Earth Hundun’s Cyberespionage Campaign in 2024

May 16, 2024 admin trend micro research : apt & targeted attacks, trend micro research : articles, news, reports, trend micro research : cyber crime, trend micro research : malware, trend micro research : research

Credit to Author: Pierre Lee| Date: Thu, 16 May 2024 00:00:00 +0000

This report describes how Waterbear and Deuterbear — two of the tools in Earth Hundun’s arsenal — operate, based on a campaign from 2024.

Security TrendMicro

Router Roulette: Cybercriminals and Nation-States Sharing Compromised Networks

May 1, 2024 admin trend micro research : apt & targeted attacks, trend micro research : articles, news, reports, trend micro research : cyber threats, trend micro research : reports, trend micro research : research

Credit to Author: Feike Hacquebord| Date: Wed, 01 May 2024 00:00:00 +0000

This blog entry aims to highlight the dangers of internet-facing routers and elaborate on Pawn Storm’s exploitation of EdgeRouters, complementing the FBI’s advisory from February 27, 2024.

Security TrendMicro

Cyberespionage Group Earth Hundun’s Continuous Refinement of Waterbear and Deuterbear

April 15, 2024 admin trend micro research : apt & targeted attacks, trend micro research : articles, news, reports, trend micro research : cyber crime, trend micro research : malware, trend micro research : research

Credit to Author: Cyris Tseng| Date: Thu, 11 Apr 2024 00:00:00 +0000

Our blog entry provides an in-depth analysis of Earth Hundun’s Waterbear and Deuterbear malware.

Security TrendMicro

How Red Team Exercises Increases Your Cyber Health

April 15, 2024 admin trend micro research : apt & targeted attacks, trend micro research : articles, news, reports, trend micro research : cloud, trend micro research : cyber threats, trend micro research : endpoints, trend micro research : network, trend micro research : phishing, trend micro research : security strategies

Credit to Author: Johnny Krogsboll| Date: Thu, 11 Apr 2024 00:00:00 +0000

Delve into the world of red team exercises, their vital role in enhancing organizational security through simulated cyberattacks, including tactics like phishing and lateral movement within networks, and understand the need for regular testing and improvement to counter evolving threats effectively.

Security TrendMicro

Earth Freybug Uses UNAPIMON for Unhooking Critical APIs

April 15, 2024 admin trend micro research : apt & targeted attacks, trend micro research : articles, news, reports, trend micro research : endpoints, trend micro research : research

Credit to Author: Christopher So| Date: Tue, 02 Apr 2024 00:00:00 +0000

This article provides an in-depth look into two techniques used by Earth Freybug actors: dynamic-link library (DLL) hijacking and application programming interface (API) unhooking to prevent child processes from being monitored via a new malware we’ve discovered and dubbed UNAPIMON.

Security TrendMicro

Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks

March 18, 2024 admin trend micro research : apt & targeted attacks, trend micro research : articles, news, reports, trend micro research : endpoints, trend micro research : research

Credit to Author: Joseph C Chen| Date: Mon, 18 Mar 2024 00:00:00 +0000

Since early 2022, we have been monitoring an APT campaign that targets several government entities worldwide, with a strong focus in Southeast Asia, but also seen targeting Europe, America, and Africa.

← Previous