Credit to Author: Buddy Tancio| Date: Wed, 06 Mar 2024 00:00:00 +0000
This blog entry will examine Trend Micro MDR team’s investigation that successfully uncovered the intrusion sets employed by Earth Kapre in a recent incident, as well as how the team leveraged threat intelligence to attribute the extracted evidence to the cyberespionage threat group.
Read moreCredit to Author: Nathaniel Morales| Date: Mon, 04 Mar 2024 00:00:00 +0000
The Trend Micro threat hunting team came across an RA World attack involving multistage components designed to ensure maximum impact.
Read moreCredit to Author: Cedric Pernet| Date: Mon, 26 Feb 2024 00:00:00 +0000
During our monitoring of Earth Lusca, we noticed a new campaign that used Chinese-Taiwanese relations as a social engineering lure to infect selected targets.
Read moreCredit to Author: Trend Micro Research| Date: Thu, 22 Feb 2024 00:00:00 +0000
This research is the result of our collaboration with the National Crime Agency in the United Kingdom, who took action against LockBit as part of Operation Cronos, an international effort resulting in the undermining of its operations.
Read moreCredit to Author: Sunny Lu| Date: Tue, 20 Feb 2024 00:00:00 +0000
In this blog entry, we focus on Earth Preta’s campaign that employed a variant of the DOPLUGS malware to target Asian countries.
Read moreCredit to Author: Trend Micro Research| Date: Tue, 13 Feb 2024 00:00:00 +0000
This entry aims to provide additional context to CVE-2024-21412, how it can be used by threat actors, and how Trend protects customers from this specific vulnerability.
Read moreCredit to Author: Peter Girnus| Date: Tue, 13 Feb 2024 00:00:00 +0000
The APT group Water Hydra has been exploiting the zero-day Microsoft Defender SmartScreen vulnerability (CVE-2024-21412) in its campaigns targeting financial market traders. This vulnerability, which has now been patched by Microsoft, was discovered and disclosed by the Trend Micro Zero Day Initiative.
Read moreCredit to Author: Jagir Shastri| Date: Wed, 07 Feb 2024 00:00:00 +0000
In this blog entry, we discuss CVE-2023-22527, a vulnerability in Atlassian Confluence that has a CVSS score of 10 and could allow threat actors to perform remote code execution.
Read more