Earth Simnavaz (aka APT34) Levies Advanced Cyberattacks Against Middle East

Credit to Author: Mohamed Fahmy| Date: Fri, 11 Oct 2024 00:00:00 +0000

Trend Micro’s investigation into the recent activity of Earth Simnavaz provides new insights into the APT group’s evolving tactics and the immediate threat it poses to sectors in the Middle East.

Read more

Water Makara Uses Obfuscated JavaScript in Spear Phishing Campaign, Targets Brazil With Astaroth Malware

Credit to Author: Charles Adrian Marty| Date: Mon, 14 Oct 2024 00:00:00 +0000

Trend Micro researchers have uncovered a surge of malicious activities involving a threat actor group that we track as Water Makara. This group is targeting enterprises in Brazil, deploying banking malware using obfuscated JavaScript to slip past security defenses.

Read more

Earth Simnavaz (aka APT34) Levies Advanced Cyberattacks Against UAE and Gulf Regions

Credit to Author: Mohamed Fahmy| Date: Fri, 11 Oct 2024 00:00:00 +0000

Trend Micro’s investigation into the recent activity of Earth Simnavaz provides new insights into the APT group’s evolving tactics and the immediate threat it poses to critical sectors in the UAE.

Read more

Earth Simnavaz Levies Advanced Cyberattacks Against UAE and Gulf Regions

Credit to Author: Mohamed Fahmy| Date: Fri, 11 Oct 2024 00:00:00 +0000

Trend Micro’s investigation into the recent activity of Earth Simnavaz provides new insights into the APT group’s evolving tactics and the immediate threat it poses to critical sectors in the UAE.

Read more

Earth Baxia Uses Spear-Phishing and GeoServer Exploit to Target APAC

Credit to Author: Ted Lee| Date: Thu, 19 Sep 2024 00:00:00 +0000

We observed Earth Baxia carrying out targeted attacks against APAC countries that involved advanced techniques like spear-phishing and customized malware, with data suggesting that the group operates from China.

Read more

TIDRONE Targets Military and Satellite Industries in Taiwan

Credit to Author: Pierre Lee| Date: Fri, 06 Sep 2024 00:00:00 +0000

Our research reveals that an unidentified threat cluster we named TIDRONE have shown significant interest in military-related industry chains, particularly in the manufacturers of drones.

Read more

Threat Actors Target the Middle East Using Fake Palo Alto GlobalProtect Tool

Credit to Author: Mohamed Fahmy| Date: Thu, 29 Aug 2024 00:00:00 +0000

Threat actors are targeting users in the Middle East by distributing sophisticated malware disguised as the Palo Alto GlobalProtect tool.

Read more

A Dive into Earth Baku’s Latest Campaign

Credit to Author: Ted Lee| Date: Fri, 09 Aug 2024 00:00:00 +0000

Since late 2022, Earth Baku has broadened its scope from the Indo-Pacific region to Europe, the Middle East, and Africa. Their latest operations demonstrate sophisticated techniques, such as exploiting public-facing applications like IIS servers for initial access and deploying the Godzilla webshell for command and control.

Read more

Behind the Great Wall: Void Arachne Targets Chinese-Speaking Users With the Winos 4.0 C&C Framework

Credit to Author: Peter Girnus| Date: Wed, 19 Jun 2024 00:00:00 +0000

We recently discovered a new threat actor group that we dubbed Void Arachne. This group targets Chinese-speaking users with malicious Windows Installer (MSI) files in a recent campaign. These MSI files contain legitimate software installer files for AI software and other popular software but are bundled with malicious Winos payloads.

Read more

Decoding Water Sigbin’s Latest Obfuscation Tricks

Credit to Author: Sunil Bharti| Date: Thu, 30 May 2024 00:00:00 +0000

Water Sigbin (aka the 8220 Gang) exploited the Oracle WebLogic vulnerabilities CVE-2017-3506 and CVE-2023-21839 to deploy a cryptocurrency miner using a PowerShell script. The threat actor also adopted new techniques to conceal its activities, making attacks harder to defend against.

Read more