Earth Koshchei Coopts Red Team Tools in Complex RDP Attacks

Credit to Author: Feike Hacquebord| Date: Tue, 17 Dec 2024 00:00:00 +0000

APT group Earth Koshchei, suspected to be sponsored by the SVR, executed a large-scale rogue RDP campaign using spear-phishing emails, red team tools, and sophisticated anonymization techniques to target high-profile sectors.

Read more

MITRE ATT&CK 2024 Results for Enterprise Security

Credit to Author: Mike Grodzki| Date: Mon, 09 Dec 2024 00:00:00 +0000

Enterprise 2024 will incorporate multiple, smaller emulations for a more nuanced and targeted evaluation of defensive capabilities. We’re excited to offer two distinct adversary focus areas: Ransomware targeting Windows and Linux, and the Democratic People’s Republic of Korea’s targeting macOS.

Read more

MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks

Credit to Author: Joseph C Chen| Date: Thu, 05 Dec 2024 00:00:00 +0000

Trend Micro’s monitoring of the MOONSHINE exploit kit revealed how it’s used by the threat actor Earth Minotaur to exploit Android messaging app vulnerabilities and install the DarkNimbus backdoor for surveillance.

Read more

Guess Who’s Back – The Return of ANEL in the Recent Earth Kasha Spear-phishing Campaign in 2024

Credit to Author: Hara Hiroaki| Date: Tue, 26 Nov 2024 00:00:00 +0000

Trend Micro has identified a spear-phishing campaign active in Japan since June 2024. Evidence about the malware used by this campaign suggests this was part of a new operation by Earth Kasha.

Read more

Game of Emperor: Unveiling Long Term Earth Estries Cyber Intrusions

Credit to Author: Leon M Chang| Date: Mon, 25 Nov 2024 00:00:00 +0000

Since 2023, APT group Earth Estries has aggressively targeted key industries globally with sophisticated techniques and new backdoors, like GHOSTSPIDER and MASOL RAT, for prolonged espionage operations.

Read more

Spot the Difference: Earth Kasha’s New LODEINFO Campaign And The Correlation Analysis With The APT10 Umbrella

Credit to Author: Hara Hiroaki| Date: Tue, 19 Nov 2024 00:00:00 +0000

LODEINFO is a malware used in attacks targeting mainly Japan since 2019. Trend Micro has been tracking the group as Earth Kasha. We have identified a new campaign connected to this group with significant updates to their strategy, tactics, and arsenals.

Read more

Breaking Down Earth Estries’ Persistent TTPs in Prolonged Cyber Operations

Credit to Author: Ted Lee| Date: Fri, 08 Nov 2024 00:00:00 +0000

Discover how Earth Estries employs a diverse set of tactics, techniques, and tools, including malware such as Zingdoor and Snappybee, for its campaigns.

Read more

Earth Simnavaz (aka APT34) Levies Advanced Cyberattacks Against Middle East

Credit to Author: Mohamed Fahmy| Date: Fri, 11 Oct 2024 00:00:00 +0000

Trend Micro’s investigation into the recent activity of Earth Simnavaz provides new insights into the APT group’s evolving tactics and the immediate threat it poses to sectors in the Middle East.

Read more

Water Makara Uses Obfuscated JavaScript in Spear Phishing Campaign, Targets Brazil With Astaroth Malware

Credit to Author: Charles Adrian Marty| Date: Mon, 14 Oct 2024 00:00:00 +0000

Trend Micro researchers have uncovered a surge of malicious activities involving a threat actor group that we track as Water Makara. This group is targeting enterprises in Brazil, deploying banking malware using obfuscated JavaScript to slip past security defenses.

Read more

Earth Simnavaz (aka APT34) Levies Advanced Cyberattacks Against UAE and Gulf Regions

Credit to Author: Mohamed Fahmy| Date: Fri, 11 Oct 2024 00:00:00 +0000

Trend Micro’s investigation into the recent activity of Earth Simnavaz provides new insights into the APT group’s evolving tactics and the immediate threat it poses to critical sectors in the UAE.

Read more