Earth Preta Spear-Phishing Governments Worldwide

Credit to Author: Nick Dai| Date: Fri, 18 Nov 2022 00:00:00 +0000

We break down the cyberespionage activities of advanced persistent threat (APT) group Earth Preta, observed in large-scale attack deployments that began in March. We also show the infection routines of the malware families they use to infect multiple sectors worldwide: TONEINS, TONESHELL, and PUBLOAD.

Read more

Hack the Real Box: APT41’s New Subgroup Earth Longzhi

Credit to Author: Hara Hiroaki| Date: Wed, 09 Nov 2022 00:00:00 +0000

We looked into the campaigns deployed by a new subgroup of advanced persistent threat (APT) group APT41, Earth Longzhi. This entry breaks down the technical details of the campaigns in full as presented at HITCON PEACE 2022 in August.

Read more

LV Ransomware Exploits ProxyShell in Attack on a Jordan-based Company

Credit to Author: Mohamed Fahmy| Date: Tue, 25 Oct 2022 00:00:00 +0000

Our blog entry provides a look at an attack involving the LV ransomware on a Jordan-based company from an intrusion analysis standpoint

Read more

How Water Labbu Exploits Electron-Based Applications

Credit to Author: Joseph C Chen| Date: Wed, 05 Oct 2022 00:00:00 +0000

In the second part of our Water Labbu blog series, we explore how the threat actor exploits Electron-based applications using Cobalt Strike to deploy backdoors.

Read more

Tracking Earth Aughisky’s Malware and Changes

Credit to Author: CH Lei| Date: Tue, 04 Oct 2022 00:00:00 +0000

For over 10 years, security researchers have been observing and keeping tabs of APT group Earth Aughisky’s malware families and the connections, including previously documented malware that have yet to be attributed.

Read more

Water Labbu Abuses Malicious DApps to Steal Cryptocurrency

Credit to Author: Joseph C Chen| Date: Mon, 03 Oct 2022 00:00:00 +0000

The parasitic Water Labbu capitalizes on the social engineering schemes of other scammers, injecting malicious JavaScript code into their malicious decentralized application websites to steal cryptocurrency.

Read more

How Malicious Actors Abuse Native Linux Tools in Attacks

Credit to Author: Nitesh Surana| Date: Thu, 08 Sep 2022 00:00:00 +0000

Through our honeypots and telemetry, we were able to observe instances in which malicious actors abused native Linux tools to launch attacks on Linux environments. In this blog entry, we discuss how these utilities were used and provide recommendations on how to minimize their impact.

Read more

Iron Tiger Compromises Chat Application Mimi, Targets Windows, Mac, and Linux Users

Credit to Author: Daniel Lunghi| Date: Fri, 12 Aug 2022 00:00:00 +0000

We found APT group Iron Tiger’s malware compromising chat application Mimi’s servers in a supply chain attack.

Read more