Spot the Difference: Earth Kasha’s New LODEINFO Campaign And The Correlation Analysis With The APT10 Umbrella

Credit to Author: Hara Hiroaki| Date: Tue, 19 Nov 2024 00:00:00 +0000

LODEINFO is a malware used in attacks targeting mainly Japan since 2019. Trend Micro has been tracking the group as Earth Kasha. We have identified a new campaign connected to this group with significant updates to their strategy, tactics, and arsenals.

Read more

Trend Micro and Japanese Partners Reveal Hidden Connections Among SEO Malware Operations

Credit to Author: Makoto Shimamura| Date: Mon, 11 Nov 2024 00:00:00 +0000

Trend Micro researchers, in collaboration with Japanese authorities, analyzed links between SEO malware families used in SEO poisoning attacks that lead users to fake shopping sites.

Read more

Breaking Down Earth Estries’ Persistent TTPs in Prolonged Cyber Operations

Credit to Author: Ted Lee| Date: Fri, 08 Nov 2024 00:00:00 +0000

Discover how Earth Estries employs a diverse set of tactics, techniques, and tools, including malware such as Zingdoor and Snappybee, for its campaigns.

Read more

Fake LockBit, Real Damage: Ransomware Samples Abuse Amazon S3 to Steal Data

Credit to Author: Jaromir Horejsi| Date: Wed, 16 Oct 2024 00:00:00 +0000

This article uncovers a Golang ransomware abusing Amazon S3 for data theft, and masking as LockBit to further pressure victims. The discovery of hard-coded AWS credentials in these samples led to AWS account suspensions.

Read more

AI Pulse: Election Deepfakes, Disasters, Scams & more

Credit to Author: AI Team| Date: Thu, 31 Oct 2024 00:00:00 +0000

In the final weeks before November’s U.S. election, cybersecurity experts were calling October 2024 the “month of mischief”—a magnet for bad actors looking to disrupt the democratic process through AI-generated misinformation. This issue of AI Pulse looks at what can be done about deepfakes and other AI scams, and why defense-in-depth is the only way to go.

Read more

Attacker Abuses Victim Resources to Reap Rewards from Titan Network

Credit to Author: Ranga Duraisamy| Date: Wed, 30 Oct 2024 00:00:00 +0000

In this blog entry, we discuss how an attacker took advantage of the Atlassian Confluence vulnerability CVE-2023-22527 to connect servers to the Titan Network for cryptomining purposes.

Read more

Understanding the Initial Stages of Web Shell and VPN Threats: An MXDR Analysis

Credit to Author: Ryan Maglaque| Date: Thu, 24 Oct 2024 00:00:00 +0000

While cyberattacks that employ web shells and VPN compromise are not particularly novel, they are still prevalent. The recent incidents that Trend Micro MXDR analyzed highlight the importance of behavioral analysis and anomaly detection in security measures.

Read more

Unmasking Prometei: A Deep Dive Into Our MXDR Findings

Credit to Author: Buddy Tancio| Date: Wed, 23 Oct 2024 00:00:00 +0000

How does Prometei insidiously operate in a compromised system? This Managed Extended Detection and Response investigation conducted with the help of Trend Vision One provides a comprehensive analysis of the inner workings of this botnet so users can stop the threat in its tracks before it inflicts damage to the system.

Read more

Using gRPC and HTTP/2 for Cryptominer Deployment: An Unconventional Approach

Credit to Author: Abdelrahman Esmail| Date: Tue, 22 Oct 2024 00:00:00 +0000

In this blog entry, we discuss how malicious actors are exploiting Docker remote API servers via gRPC/h2c to deploy the cryptominer SRBMiner to facilitate their mining of XRP on Docker hosts.

Read more