Cyberespionage Group Earth Hundun’s Continuous Refinement of Waterbear and Deuterbear

Credit to Author: Cyris Tseng| Date: Thu, 11 Apr 2024 00:00:00 +0000

Our blog entry provides an in-depth analysis of Earth Hundun’s Waterbear and Deuterbear malware.

Read more

Unveiling the Fallout: Operation Cronos’ Impact on LockBit Following Landmark Disruption

Credit to Author: Christopher Boyton| Date: Wed, 03 Apr 2024 00:00:00 +0000

Our new article provides key highlights and takeaways from Operation Cronos’ disruption of LockBit’s operations, as well as telemetry details on how LockBit actors operated post-disruption.

Read more

Earth Freybug Uses UNAPIMON for Unhooking Critical APIs

Credit to Author: Christopher So| Date: Tue, 02 Apr 2024 00:00:00 +0000

This article provides an in-depth look into two techniques used by Earth Freybug actors: dynamic-link library (DLL) hijacking and application programming interface (API) unhooking to prevent child processes from being monitored via a new malware we’ve discovered and dubbed UNAPIMON.

Read more

Agenda Ransomware Propagates to vCenters and ESXi via Custom PowerShell Script

Credit to Author: Arianne Dela Cruz| Date: Tue, 26 Mar 2024 00:00:00 +0000

This blog entry discusses the Agenda ransomware group’s use of its latest Rust variant to propagate to VMWare vCenter and ESXi servers.

Read more

TeamCity Vulnerability Exploits Lead to Jasmin Ransomware, Other Malware Types

Credit to Author: Junestherry Dela Cruz| Date: Tue, 19 Mar 2024 00:00:00 +0000

CVE-2024-27198 and CVE-2024-27199 are vulnerabilities within the TeamCity On-Premises platform that can allow attackers to gain administrative control over affected systems.

Read more

Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks

Credit to Author: Joseph C Chen| Date: Mon, 18 Mar 2024 00:00:00 +0000

Since early 2022, we have been monitoring an APT campaign that targets several government entities worldwide, with a strong focus in Southeast Asia, but also seen targeting Europe, America, and Africa.

Read more

CVE-2024-21412: DarkGate Operators Exploit Microsoft Windows SmartScreen Bypass in Zero-Day Campaign

Credit to Author: Peter Girnus| Date: Wed, 13 Mar 2024 00:00:00 +0000

In addition to our Water Hydra APT zero day analysis, the Zero Day Initiative (ZDI) observed a DarkGate campaign which we discovered in mid-January 2024 where DarkGate operators exploited CVE-2024-21412.

Read more